# nano und die nötigen iptable-tools installieren opkg install iptables-mod-nat-extra opkg install nano # zwingt alle lookups durch unseren DNS: nano /etc/firewall.user # hinzufügen: iptables -t nat -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 iptables -t nat -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53 # Ip-Bereiche in diesem Format blockieren: iptables -I INPUT -j DROP -s 64.4.0.0/18 iptables -I FORWARD -j REJECT -d 64.4.0.0/18 # Domains blockieren: nano /etc/dnsmasq.conf # in disesm format: address=/doubleclick.com/0.0.0.0 # router neustarten der erste Verbindungs-Versuch könnt etwas länger dauern (2min) #---------- firewall.user ----------# # MS unknown iptables -I INPUT -j DROP -s 8.254.200.14 iptables -I FORWARD -j REJECT -d 8.254.200.14 iptables -I INPUT -j DROP -s 8.254.208.254 iptables -I FORWARD -j REJECT -d 8.254.208.254 # MS Spynet iptables -I INPUT -j DROP -s 23.96.0.0/13 iptables -I FORWARD -j REJECT -d 23.96.0.0/13 iptables -I INPUT -j DROP -s 191.236.0.0/14 iptables -I FORWARD -j REJECT -d 191.236.0.0/14 # MS Telemetry Command iptables -I INPUT -j DROP -s 65.52.0.0/14 iptables -I FORWARD -j REJECT -d 65.52.0.0/14 # Comodo CA iptables -I INPUT -j DROP -s 178.255.83.0/26 iptables -I FORWARD -j REJECT -d 178.255.83.0/26 #MS SearchUI.exe iptables -I INPUT -j DROP -s 204.79.195.0/24 iptables -I FORWARD -j REJECT -d 204.79.195.0/24 iptables -I INPUT -j DROP -s 204.79.196.0/23 iptables -I FORWARD -j REJECT -d 204.79.196.0/23 # MS OneDrive iptables -I INPUT -j DROP -s 207.46.0.0/16 iptables -I FORWARD -j REJECT -d 207.46.0.0/16 #---------- dnsmasq.conf ----------# # Analytics and Tracker address=/addthis.com/0.0.0.0 address=/google-analytics.com/0.0.0.0 address=/google-analytics.l.google.com/0.0.0.0 address=/ssl.google-analytics.com/0.0.0.0 address=/www.google-analytics.com/0.0.0.0 # Microsoft Telemetry address=/a-0001.a-msedge.net/0.0.0.0 address=/a-0002.a-msedge.net/0.0.0.0 address=/a-0003.a-msedge.net/0.0.0.0 address=/a-0004.a-msedge.net/0.0.0.0 address=/a-0005.a-msedge.net/0.0.0.0 address=/a-0006.a-msedge.net/0.0.0.0 address=/a-0007.a-msedge.net/0.0.0.0 address=/a-0008.a-msedge.net/0.0.0.0 address=/a-0009.a-msedge.net/0.0.0.0 address=/a-msedge.net/0.0.0.0 address=/a.ads1.msn.com/0.0.0.0 address=/a.ads2.msads.net/0.0.0.0 address=/a.ads2.msn.com/0.0.0.0 address=/a.rad.msn.com/0.0.0.0 address=/ac3.msn.com/0.0.0.0 address=/act-3-blu.mesh.com/0.0.0.0 address=/activesync.glbdns2.microsoft.com/0.0.0.0 address=/ad.doubleclick.net/0.0.0.0 address=/adnexus.net/0.0.0.0 address=/adnxs.com/0.0.0.0 address=/ads.msn.com/0.0.0.0 address=/ads.msn.com.nsatc.net/0.0.0.0 address=/ads1.msads.net/0.0.0.0 address=/ads1.msn.com/0.0.0.0 address=/ads2.msn.com.c.footprint.net/0.0.0.0 address=/aidps.atdmt.com/0.0.0.0 address=/aidps.msn.com.nsatc.net/0.0.0.0 address=/aka-cdn-ns.adtech.de/0.0.0.0 address=/americas2.notify.windows.com.akadns.net/0.0.0.0 address=/any.edge.bing.com/0.0.0.0 address=/apps.skype.com/0.0.0.0 address=/atlas.c10r.facebook.com/0.0.0.0 address=/az361816.vo.msecnd.net/0.0.0.0 address=/az512334.vo.msecnd.net/0.0.0.0 address=/b.ads1.msn.com/0.0.0.0 address=/b.ads2.msads.net/0.0.0.0 address=/b.rad.msn.com/0.0.0.0 address=/bing.com/0.0.0.0 address=/bl3302.storage.live.com/0.0.0.0 address=/bl3302.storage.skyprod.akadns.net/0.0.0.0 address=/bl3302geo.storage.dkyprod.akadns.net/0.0.0.0 address=/bn1-2cd.wns.windows.com/0.0.0.0 address=/bn1.skype.msnmessenger.msn.com.akadns.net/0.0.0.0 address=/bn1cd.wns.windows.com/0.0.0.0 address=/BN1WNS2011508.wns.windows.com/0.0.0.0 address=/bn2wns1.wns.windows.com/0.0.0.0 address=/bn2wns1b.wns.windows.com/0.0.0.0 address=/bs.eyeblaster.akadns.net/0.0.0.0 address=/bs.serving-sys.com/0.0.0.0 address=/c.atdmt.com/0.0.0.0 address=/c.atdmt.com.nsatc.net/0.0.0.0 address=/c.msn.com/0.0.0.0 address=/c.msn.com.nsatc.net/0.0.0.0 address=/cdn.atdmt.com/0.0.0.0 address=/cdp1.public-trust.com/0.0.0.0 address=/cds26.ams9.msecn.net/0.0.0.0 address=/choice.microsoft.com/0.0.0.0 address=/choice.microsoft.com.nsatc.net/0.0.0.0 address=/client.wns.windows.com/0.0.0.0 address=/compatexchange.cloudapp.net/0.0.0.0 address=/corp.sts.microsoft.com/0.0.0.0 address=/corpext.msitadfs.glbdns2.microsoft.com/0.0.0.0 address=/cs1.wpc.v0cdn.net/0.0.0.0 address=/dart.l.doubleclick.net/0.0.0.0 address=/db3aqu.atdmt.com/0.0.0.0 address=/df.telemetry.microsoft.com/0.0.0.0 address=/diagnostics.support.microsoft.akadns.net/0.0.0.0 address=/diagnostics.support.microsoft.com/0.0.0.0 address=/directory.services.live.com/0.0.0.0 address=/directory.services.live.com.akadns.net/0.0.0.0 address=/dns.msftncsi.com/0.0.0.0 address=/download-ssl.msgamestudios.com/0.0.0.0 address=/dt.adsafeprotected.com/0.0.0.0 address=/ec.atdmt.com/0.0.0.0 address=/en-us.appex-rf.msn.com/0.0.0.0 address=/fe2.update.microsoft.com.akadns.net/0.0.0.0 address=/fe2.ws.microsoft.com.nsatc.net/0.0.0.0 address=/fe3.delivery.dsp.mp.microsoft.com.nsatc.net/0.0.0.0 address=/feedback.microsoft-hohm.com/0.0.0.0 address=/feedback.search.microsoft.com/0.0.0.0 address=/feedback.windows.com/0.0.0.0 address=/fesweb1.ch1d.binginternal.com/0.0.0.0 address=/flex.msn.com/0.0.0.0 address=/flex.msn.com.nsatc.net/0.0.0.0 address=/fw.adsafeprotected.com/0.0.0.0 address=/g.msn.com/0.0.0.0 address=/g.msn.com.nsatc.net/0.0.0.0 address=/global.msads.net.c.footprint.net/0.0.0.0 address=/googleads4.g.doubleclick.net/0.0.0.0 address=/h1.msn.com/0.0.0.0 address=/i1.services.social.microsoft.com/0.0.0.0 address=/i1.services.social.microsoft.com.nsatc.net/0.0.0.0 address=/ipv6.msftncsi.com/0.0.0.0 address=/ipv6.msftncsi.com.edgesuite.net/0.0.0.0 address=/lb1.www.ms.akadns.net/0.0.0.0 address=/legacy-redirection-eastus-prod-hp.cloudapp.net/0.0.0.0 address=/legacy-redirection-westus-prod-hp.cloudapp.net/0.0.0.0 address=/li581-132.members.linode.com/0.0.0.0 address=/licensing.md.mp.microsoft.com/0.0.0.0 address=/live.rads.msn.com/0.0.0.0 address=/login.live.com.nsatc.net/0.0.0.0 address=/m.adnxs.com/0.0.0.0 address=/m.anycast.adnxs.com/0.0.0.0 address=/m.hotmail.com/0.0.0.0 address=/microsoft-hohm.com/0.0.0.0 address=/mobileads.msn.com/0.0.0.0 address=/mpd.mxptint.net/0.0.0.0 address=/mscrl.microsoft.com/0.0.0.0 address=/msedge.net/0.0.0.0 address=/msftncsi.com/0.0.0.0 address=/msnbot-65-55-108-23.search.msn.com/0.0.0.0 address=/msntest.serving-sys.com/0.0.0.0 address=/oca.telemetry.microsoft.com/0.0.0.0 address=/oca.telemetry.microsoft.com.nsatc.net/0.0.0.0 address=/onesettings-bn2.metron.live.com.nsatc.net/0.0.0.0 address=/onesettings-cy2.metron.live.com.nsatc.net/0.0.0.0 address=/onesettings-db5.metron.live.com.nsatc.net/0.0.0.0 address=/onesettings-hk2.metron.live.com.nsatc.net/0.0.0.0 address=/pre.footprintpredict.com/0.0.0.0 address=/preview.msn.com/0.0.0.0 address=/pricelist.skype.com/0.0.0.0 address=/rad.live.com/0.0.0.0 address=/rad.msn.com/0.0.0.0 address=/rad.msn.com.nsatc.net/0.0.0.0 address=/redir.metaservices.microsoft.com/0.0.0.0 address=/register.mesh.com/0.0.0.0 address=/reports.wes.df.telemetry.microsoft.com/0.0.0.0 address=/s.gateway.messenger.live.com/0.0.0.0 address=/sc.iasds01.com/0.0.0.0 address=/schemas.microsoft.akadns.net/0.0.0.0 address=/secure.adnxs.com/0.0.0.0 address=/secure.anycast.adnxs.com/0.0.0.0 address=/secure.flashtalking.com/0.0.0.0 address=/services.wes.df.telemetry.microsoft.com/0.0.0.0 address=/settings-sandbox.data.glbdns2.microsoft.com/0.0.0.0 address=/settings-sandbox.data.microsoft.com/0.0.0.0 address=/settings-win.data.microsoft.com/0.0.0.0 address=/settings.data.glbdns2.microsoft.com/0.0.0.0 address=/siweb.microsoft.akadns.net/0.0.0.0 address=/skyapi.live.net/0.0.0.0 address=/skyapi.skyprod.akadns.net/0.0.0.0 address=/skydrive.wns.windows.com/0.0.0.0 address=/sls.update.microsoft.com.akadns.net/0.0.0.0 address=/sm.mcafee.com/0.0.0.0 address=/sO.2mdn.net/0.0.0.0 address=/solitaireprod.maelstrom.xboxlive.com/0.0.0.0 address=/sqm.df.telemetry.microsoft.com/0.0.0.0 address=/sqm.telemetry.microsoft.com/0.0.0.0 address=/sqm.telemetry.microsoft.com.nsatc.net/0.0.0.0 address=/ssw.live.com.nsatc.net/0.0.0.0 address=/static-2mdn-net.l.google.com/0.0.0.0 address=/static.2mdn.net/0.0.0.0 address=/statsfe1.ws.microsoft.com/0.0.0.0 address=/statsfe1.ws.microsoft.com.nsatc.net/0.0.0.0 address=/statsfe2.update.microsoft.com.akadns.net/0.0.0.0 address=/statsfe2.ws.microsoft.com/0.0.0.0 address=/statsfe2.ws.microsoft.com.nsatc.net/0.0.0.0 address=/storeedgefd.dsx.mp.microsoft.com/0.0.0.0 address=/su3.mcafee.com/0.0.0.0 address=/support.msn.microsoft.akadns.net/0.0.0.0 address=/survey.watson.microsoft.com/0.0.0.0 address=/t.urs.microsoft.com.nsatc.net/0.0.0.0 address=/telecommand.telemetry.microsoft.com/0.0.0.0 address=/telecommand.telemetry.microsoft.com.nsatc.net/0.0.0.0 address=/telemetry.appex.bing.net/0.0.0.0 address=/telemetry.appex.search.prod.ms.akadns.net/0.0.0.0 address=/telemetry.microsoft.com/0.0.0.0 address=/telemetry.urs.microsoft.com/0.0.0.0 address=/travel.tile.appex.bing.com/0.0.0.0 address=/ui.skype.akadns.net/0.0.0.0 address=/ui.skype.com/0.0.0.0 address=/updatekeepalive.mcafee.com/0.0.0.0 address=/v10.vortex-win.data.metron.life.com.nsatc.net/0.0.0.0 address=/v10.vortex-win.data.microsoft.com/0.0.0.0 address=/view.atdmt.com/0.0.0.0 address=/vortex-bn2.metron.live.com.nsatc.net/0.0.0.0 address=/vortex-cy2.metron.live.com.nsatc.net/0.0.0.0 address=/vortex-hk2.metron.live.com.nsatc.net/0.0.0.0 address=/vortex-sandbox.data.glbdns2.microsoft.com/0.0.0.0 address=/vortex-sandbox.data.microsoft.com/0.0.0.0 address=/vortex-win.data.microsoft.com/0.0.0.0 address=/vortex.data.microsoft.com/0.0.0.0 address=/w3.b.cap-mii.net/0.0.0.0 address=/watson.live.com/0.0.0.0 address=/watson.microsoft.com/0.0.0.0 address=/watson.microsoft.com.nsatc.net/0.0.0.0 address=/watson.ppe.telemetry.microsoft.com/0.0.0.0 address=/watson.telemetry.microsoft.com/0.0.0.0 address=/watson.telemetry.microsoft.com.nsatc.net/0.0.0.0 address=/wes.df.telemetry.microsoft.com/0.0.0.0 address=/wildcard.appex-rf.msn.com.edgesuite.net/0.0.0.0 address=/win10.ipv6.microsoft.com/0.0.0.0 address=/win10.ipv6.microsoft.com.nsatc.net/0.0.0.0 address=/wns.notify.windows.com.akadns.net/0.0.0.0 address=/www.go.microsoft.akadns.net/0.0.0.0 address=/www.msftncsi.com/0.0.0.0