SHOW:
|
|
- or go back to the newest paste.
1 | #!/bin/sh | |
2 | ||
3 | ### Custom user script | |
4 | ### Called after internal iptables reconfig (firewall update) | |
5 | ||
6 | # ICMP filter rules - для модема можно убрать | |
7 | # iptables -t raw -N icmpcheck | |
8 | # iptables -t raw -I icmpcheck -j DROP | |
9 | # iptables -t raw -I icmpcheck -p icmp -m icmp --icmp-type 12/0 -j RETURN | |
10 | # iptables -t raw -I icmpcheck -p icmp -m icmp --icmp-type 4/0 -j RETURN | |
11 | # iptables -t raw -I icmpcheck -p icmp -m icmp --icmp-type 3/4 -j RETURN | |
12 | # iptables -t raw -I icmpcheck -p icmp -m icmp --icmp-type 0 -j RETURN | |
13 | # iptables -t raw -I icmpcheck -p icmp -m icmp --icmp-type 11/0 -j RETURN | |
14 | # iptables -t raw -I icmpcheck -p icmp -m icmp --icmp-type 3/0 -j RETURN | |
15 | # iptables -t raw -I icmpcheck -p icmp -m icmp --icmp-type 3/1 -j RETURN | |
16 | # iptables -t raw -I PREROUTING ! -i br0 -p icmp -j icmpcheck | |
17 | ||
18 | # DNS redirect to router | |
19 | iptables -t nat -I PREROUTING -i br0 -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr) | |
20 | # по TCP обычно никто на запрашивает DNS | |
21 | # iptables -t nat -I PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr) | |
22 | ||
23 | # интересная и полезная строчка для модема | |
24 | - | iptables -D INPUT 5 |
24 | + | # iptables -I FORWARD 2 ! -o br0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1280 |
25 | ||
26 | - | iptables -D FORWARD 7 |
26 | + | # iptables -t mangle -I POSTROUTING -s 192.168.5.0/24 -o weth0 -j TTL --ttl-set 65 |
27 | - | iptables -D FORWARD 2 |
27 | + | |
28 | iptables -t nat -D PREROUTING 2 | |
29 | iptables -D INPUT 7 | |
30 | - | iptables -I FORWARD 2 ! -o br0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1280 |
30 | + | |
31 | sleep 20 | |
32 | - | iptables -t mangle -I POSTROUTING -s 192.168.5.0/24 -o weth0 -j TTL --ttl-set 65 |
32 | + | |
33 | URLS=" \ | |
34 | http://adaway.org/hosts.txt \ | |
35 | http://winhelp2002.mvps.org/hosts.txt \ | |
36 | http://mirror.cedia.org.ec/malwaredomains/domains.hosts \ | |
37 | https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext \ | |
38 | - | https://hosts-file.net/.%5Cad_servers.txt \ |
38 | + | |
39 | - | https://mirror.cedia.org.ec/malwaredomains/domains.hosts \ |
39 | + | |
40 | /" | |
41 | ||
42 | wget --user-agent="Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:77.0) Gecko/20100101 Firefox/77.0" -T40 -q -O- $URLS | grep -v "^#" | cut -d "#" -f 1 | sed 's/127\.0\.0\.1/0\.0\.0\.0/' | grep "^0.0.0.0" | sed 's/ */ /g' | sed 's/\t/ /g' |sed 's/\r//' | cut -d " " -f 1,2 | tr A-Z a-z | sort | uniq > /tmp/hosts | |
43 | - | https://zeustracker.abuse.ch/blocklist.php?download=hostfile \ |
43 | + | |
44 | sed -i '/0.0.0.0 localhost.localdomain/d' /tmp/hosts | |
45 | - | https://pastebin.com/raw/020v8jsu \ |
45 | + | |
46 | - | # https://1hos.cf \ |
46 | + | |
47 | sed -i '/0.0.0.0 s-ec.bstatic.com/d' /tmp/hosts | |
48 | sed -i '/0.0.0.0 t-ec.bstatic.com/d' /tmp/hosts | |
49 | - | wget --user-agent="Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0" -T40 -q -O- $URLS | grep -v "^#" | cut -d "#" -f 1 | sed 's/127\.0\.0\.1/0\.0\.0\.0/' | grep "^0.0.0.0" | sed 's/ */ /g' | sed 's/\t/ /g' |sed 's/\r//' | cut -d " " -f 1,2 | tr A-Z a-z | sort | uniq > /tmp/hosts |
49 | + | |
50 | sed -i '/0.0.0.0 cs716.wac.edgecastcdn.net/d' /tmp/hosts | |
51 | sed -i '/0.0.0.0 tags.tiqcdn.com/d' /tmp/hosts | |
52 | sed -i '/0.0.0.0 ad.admitad.com/d' /tmp/hosts | |
53 | sed -i '/0.0.0.0 api.cc.skype.com/d' /tmp/hosts | |
54 | sed -i '/0.0.0.0 api.mcr.skype.com/d' /tmp/hosts | |
55 | sed -i '/0.0.0.0 api.skype.com/d' /tmp/hosts | |
56 | sed -i '/0.0.0.0 avatar.skype.com/d' /tmp/hosts | |
57 | sed -i '/0.0.0.0 b.config.skype.com/d' /tmp/hosts | |
58 | sed -i '/0.0.0.0 client-s.gateway.messenger.live.com/d' /tmp/hosts | |
59 | sed -i '/0.0.0.0 contacts.skype.com/d' /tmp/hosts | |
60 | sed -i '/0.0.0.0 dev.microsofttranslator.com/d' /tmp/hosts | |
61 | sed -i '/0.0.0.0 diagnostics.support.microsoft.akadns.net/d' /tmp/hosts | |
62 | sed -i '/0.0.0.0 diagnostics.support.microsoft.com/d' /tmp/hosts | |
63 | sed -i '/0.0.0.0 edge.skype.com/d' /tmp/hosts | |
64 | sed -i '/0.0.0.0 m.hotmail.com/d' /tmp/hosts | |
65 | sed -i '/0.0.0.0 mobile.pipe.aria.microsoft.com/d' /tmp/hosts | |
66 | sed -i '/0.0.0.0 msftncsi.com/d' /tmp/hosts | |
67 | sed -i '/0.0.0.0 msg.skype.com/d' /tmp/hosts | |
68 | sed -i '/0.0.0.0 next-services.apps.microsoft.com/d' /tmp/hosts | |
69 | sed -i '/0.0.0.0 nexus.officeapps.live.com/d' /tmp/hosts | |
70 | sed -i '/0.0.0.0 profile.skype.com/d' /tmp/hosts | |
71 | sed -i '/0.0.0.0 s.gateway.messenger.live.com/d' /tmp/hosts | |
72 | sed -i '/0.0.0.0 skype.net/d' /tmp/hosts | |
73 | sed -i '/0.0.0.0 ui.skype.com/d' /tmp/hosts | |
74 | sed -i '/0.0.0.0 www.msftncsi.com/d' /tmp/hosts | |
75 | sed -i '/0.0.0.0 stat.online.sberbank.ru/d' /tmp/hosts | |
76 | sed -i '/0.0.0.0 s.click.aliexpress.com/d' /tmp/hosts | |
77 | sed -i '/0.0.0.0 star-mini.c10r.facebook.com/d' /tmp/hosts | |
78 | sed -i '/0.0.0.0 connect.facebook.net/d' /tmp/hosts | |
79 | sed -i '/0.0.0.0 graph.facebook.com/d' /tmp/hosts | |
80 | sed -i '/0.0.0.0 cdn.siftscience.com/d' /tmp/hosts | |
81 | sed -i '/0.0.0.0 ct.pinterest.com/d' /tmp/hosts | |
82 | sed -i '/0.0.0.0 api.pinterest.com/d' /tmp/hosts | |
83 | sed -i '/0.0.0.0 log.pinterest.com/d' /tmp/hosts | |
84 | sed -i '/0.0.0.0 widgets.pinterest.com/d' /tmp/hosts | |
85 | sed -i '/0.0.0.0 clck.yandex.ru/d' /tmp/hosts | |
86 | sed -i '/0.0.0.0 mc.yandex.ru/d' /tmp/hosts | |
87 | sed -i '/0.0.0.0 cdn.yandex.net/d' /tmp/hosts | |
88 | sed -i '/0.0.0.0 yandex.ru/d' /tmp/hosts | |
89 | sed -i '/0.0.0.0 money.yandex.ru/d' /tmp/hosts | |
90 | sed -i '/0.0.0.0 yastatic.net/d' /tmp/hosts | |
91 | sed -i '/0.0.0.0 analytics.mobile.yandex.net/d' /tmp/hosts | |
92 | sed -i '/0.0.0.0 informer.yandex.ru/d' /tmp/hosts | |
93 | sed -i '/0.0.0.0 r.mail.ru/d' /tmp/hosts | |
94 | sed -i '/0.0.0.0 c.fa.jd.com/d' /tmp/hosts | |
95 | sed -i '/0.0.0.0 whale.jd.com/d' /tmp/hosts | |
96 | sed -i '/0.0.0.0 saturn.jd.com/d' /tmp/hosts | |
97 | sed -i '/0.0.0.0 static.360buyimg.com/d' /tmp/hosts | |
98 | sed -i '/0.0.0.0 static.criteo.net/d' /tmp/hosts | |
99 | sed -i '/0.0.0.0 s.go-mpulse.net/d' /tmp/hosts | |
100 | sed -i '/0.0.0.0 ciuvo.com/d' /tmp/hosts | |
101 | sed -i '/0.0.0.0 gia.jd.com/d' /tmp/hosts | |
102 | sed -i '/0.0.0.0 t.paypal.com/d' /tmp/hosts | |
103 | sed -i '/0.0.0.0 b.stats.paypal.com/d' /tmp/hosts | |
104 | sed -i '/0.0.0.0 l.deals.ebay.com/d' /tmp/hosts | |
105 | sed -i '/0.0.0.0 stats.ebay.com/d' /tmp/hosts | |
106 | sed -i '/0.0.0.0 rover.ebay.com/d' /tmp/hosts | |
107 | sed -i '/0.0.0.0 us1111.alicdn.com.edgekey.net/d' /tmp/hosts | |
108 | sed -i '/0.0.0.0 gj.mmstat.com/d' /tmp/hosts | |
109 | sed -i '/0.0.0.0 gm.mmstat.com/d' /tmp/hosts | |
110 | sed -i '/0.0.0.0 gm.gds.mmstat.com/d' /tmp/hosts | |
111 | sed -i '/0.0.0.0 ws.mmstat.com/d' /tmp/hosts | |
112 | sed -i '/0.0.0.0 gj.gds.mmstat.com/d' /tmp/hosts | |
113 | sed -i '/0.0.0.0 ynuf.alipay.com/d' /tmp/hosts | |
114 | sed -i '/0.0.0.0 ynuf.aliapp.com/d' /tmp/hosts | |
115 | sed -i '/0.0.0.0 log.gds.mmstat.com/d' /tmp/hosts | |
116 | sed -i '/0.0.0.0 perf.gds.mmstat.com/d' /tmp/hosts | |
117 | sed -i '/0.0.0.0 c.go-mpulse.net/d' /tmp/hosts | |
118 | sed -i '/0.0.0.0 oneid.mmstat.com/d' /tmp/hosts | |
119 | - | sed -i '/0.0.0.0 aligtr001.mmstat.com/d' /tmp/hosts |
119 | + | |
120 | - | sed -i '/0.0.0.0 aligtr002.mmstat.com/d' /tmp/hosts |
120 | + | |
121 | - | sed -i '/0.0.0.0 aligtr003.mmstat.com/d' /tmp/hosts |
121 | + | |
122 | - | sed -i '/0.0.0.0 aligtr004.mmstat.com/d' /tmp/hosts |
122 | + | |
123 | - | sed -i '/0.0.0.0 aligtr005.mmstat.com/d' /tmp/hosts |
123 | + | |
124 | - | sed -i '/0.0.0.0 aligtr006.mmstat.com/d' /tmp/hosts |
124 | + | |
125 | - | sed -i '/0.0.0.0 aligtr007.mmstat.com/d' /tmp/hosts |
125 | + | |
126 | - | sed -i '/0.0.0.0 aligtr008.mmstat.com/d' /tmp/hosts |
126 | + | |
127 | - | sed -i '/0.0.0.0 aligtr009.mmstat.com/d' /tmp/hosts |
127 | + | |
128 | - | sed -i '/0.0.0.0 aligtr010.mmstat.com/d' /tmp/hosts |
128 | + | |
129 | - | sed -i '/0.0.0.0 aligtr011.mmstat.com/d' /tmp/hosts |
129 | + | |
130 | - | sed -i '/0.0.0.0 aligtr012.mmstat.com/d' /tmp/hosts |
130 | + | |
131 | - | sed -i '/0.0.0.0 aligtr013.mmstat.com/d' /tmp/hosts |
131 | + | |
132 | - | sed -i '/0.0.0.0 aligtr014.mmstat.com/d' /tmp/hosts |
132 | + | |
133 | sed -i '/0.0.0.0 a652.dscb.akamai.net/d' /tmp/hosts | |
134 | sed -i '/0.0.0.0 report-uri.cloudflare.com/d' /tmp/hosts | |
135 | sed -i '/0.0.0.0 www.ojrq.net/d' /tmp/hosts | |
136 | sed -i '/0.0.0.0 letyshops.com/d' /tmp/hosts | |
137 | sed -i '/0.0.0.0 pochta.ru/d' /tmp/hosts | |
138 | sed -i '/0.0.0.0 www.pochta.ru/d' /tmp/hosts | |
139 | sed -i '/0.0.0.0 youtube.com/d' /tmp/hosts | |
140 | sed -i '/0.0.0.0 www.youtube.com/d' /tmp/hosts | |
141 | sed -i '/0.0.0.0 youtube-ui.l.google.com/d' /tmp/hosts | |
142 | sed -i '/0.0.0.0 www.google-analytics.com/d' /tmp/hosts | |
143 | sed -i '/0.0.0.0 www-google-analytics.l.google.com/d' /tmp/hosts | |
144 | sed -i '/0.0.0.0 ytstatic.l.google.com/d' /tmp/hosts | |
145 | sed -i '/0.0.0.0 google-analytics.com/d' /tmp/hosts | |
146 | sed -i '/0.0.0.0 ssl.google-analytics.com/d' /tmp/hosts | |
147 | sed -i '/0.0.0.0 ssl-google-analytics.l.google.com/d' /tmp/hosts | |
148 | sed -i '/0.0.0.0 analytics.google.com/d' /tmp/hosts | |
149 | sed -i '/0.0.0.0 id.google.com/d' /tmp/hosts | |
150 | sed -i '/0.0.0.0 connectivitycheck.gstatic.com/d' /tmp/hosts | |
151 | sed -i '/0.0.0.0 accounts.google.com/d' /tmp/hosts | |
152 | sed -i '/0.0.0.0 myaccount.google.com/d' /tmp/hosts | |
153 | sed -i '/0.0.0.0 hangouts.google.com/d' /tmp/hosts | |
154 | sed -i '/0.0.0.0 www3.l.google.com/d' /tmp/hosts | |
155 | sed -i '/0.0.0.0 plus.l.google.com/d' /tmp/hosts | |
156 | sed -i '/0.0.0.0 fonts.gstatic.com/d' /tmp/hosts | |
157 | sed -i '/0.0.0.0 fonts.googleapis.com/d' /tmp/hosts | |
158 | - | sed -i '/0.0.0.0 rutracker.org/d' /tmp/hosts |
158 | + | |
159 | - | sed -i '/0.0.0.0 static.t-ru.org/d' /tmp/hosts |
159 | + | |
160 | - | sed -i '/0.0.0.0 rutrk.org/d' /tmp/hosts |
160 | + | |
161 | - | sed -i '/0.0.0.0 hdreactor.org/d' /tmp/hosts |
161 | + | |
162 | - | sed -i '/0.0.0.0 nnm-club.me/d' /tmp/hosts |
162 | + | |
163 | - | sed -i '/0.0.0.0 nnm-club.ws/d' /tmp/hosts |
163 | + | |
164 | - | sed -i '/0.0.0.0 nnmclub.to/d' /tmp/hosts |
164 | + | |
165 | - | sed -i '/0.0.0.0 nnm-club.lib/d' /tmp/hosts |
165 | + | |
166 | sed -i '/0.0.0.0 badges.instagram.com/d' /tmp/hosts | |
167 | sed -i '/0.0.0.0 graph.instagram.com/d' /tmp/hosts | |
168 | sed -i '/0.0.0.0 ocsp.apple.com/d' /tmp/hosts | |
169 | sed -i '/0.0.0.0 world-gen.g.aaplimg.com/d' /tmp/hosts | |
170 | sed -i '/0.0.0.0 www.lightinthebox.com/d' /tmp/hosts | |
171 | sed -i '/0.0.0.0 c.media-amazon.com/d' /tmp/hosts | |
172 | sed -i '/0.0.0.0 m.media-amazon.com/d' /tmp/hosts | |
173 | sed -i '/0.0.0.0 autolinkmaker.itunes.apple.com/d' /tmp/hosts | |
174 | sed -i '/0.0.0.0 littlebuddy.apple.com/d' /tmp/hosts | |
175 | sed -i '/0.0.0.0 images-na.ssl-images-amazon.com/d' /tmp/hosts | |
176 | sed -i '/0.0.0.0 a.lmcdn.ru/d' /tmp/hosts | |
177 | sed -i '/0.0.0.0 d.gcdn.co/d' /tmp/hosts | |
178 | sed -i '/0.0.0.0 iam.gcdn.co/d' /tmp/hosts | |
179 | sed -i '/0.0.0.0 js-agent.newrelic.com/d' /tmp/hosts | |
180 | sed -i '/0.0.0.0 cdn.livechatinc.com/d' /tmp/hosts | |
181 | sed -i '/0.0.0.0 lu.api.mega.co.nz/d' /tmp/hosts | |
182 | sed -i '/0.0.0.0 www.ant.com/d' /tmp/hosts | |
183 | sed -i '/0.0.0.0 fresnel.vimeocdn.com/d' /tmp/hosts | |
184 | sed -i '/0.0.0.0 ocsp.digicert.com/d' /tmp/hosts | |
185 | sed -i '/0.0.0.0 cs9.wac.phicdn.net/d' /tmp/hosts | |
186 | sed -i '/0.0.0.0 secure.livechatinc.com/d' /tmp/hosts | |
187 | sed -i '/0.0.0.0 bitpay.com/d' /tmp/hosts | |
188 | sed -i '/0.0.0.0 cds.j3z9t3p6.hwcdn.net/d' /tmp/hosts | |
189 | sed -i '/0.0.0.0 app.getresponse.com/d' /tmp/hosts | |
190 | sed -i '/0.0.0.0 kssm.kuaipandata.com/d' /tmp/hosts | |
191 | sed -i '/0.0.0.0 www.turkishạirlines.com/d' /tmp/hosts | |
192 | sed -i '/0.0.0.0 ɢoogle.com/d' /tmp/hosts | |
193 | sed -i '/0.0.0.0 secret.ɢoogle.com/d' /tmp/hosts | |
194 | sed -i '/0.0.0.0 myètherwället.com/d' /tmp/hosts | |
195 | sed -i '/0.0.0.0 mÿethèrwallét.com/d' /tmp/hosts | |
196 | sed -i '/0.0.0.0 a.radikal.ru/d' /tmp/hosts | |
197 | sed -i '/0.0.0.0 cstatic.weborama.fr/d' /tmp/hosts | |
198 | sed -i '/0.0.0.0 displaycatalog.mp.microsoft.com/d' /tmp/hosts | |
199 | sed -i '/0.0.0.0 mediation.adnxs.com/d' /tmp/hosts | |
200 | sed -i '/0.0.0.0 pagead2.googlesyndication.com/d' /tmp/hosts | |
201 | ||
202 | killall -SIGHUP dnsmasq |