View difference between Paste ID: <a href="/x4uFHZby">x4uFHZby</a> and <a href="/1uu572sN">1uu572sN</a>

#!/bin/sh
1		#!/bin/sh
2
3		### Custom user script
4		### Called after internal iptables reconfig (firewall update)
5
6		# ICMP filter rules - для модема можно убрать
7		# iptables -t raw -N icmpcheck
8		# iptables -t raw -I icmpcheck -j DROP
9		# iptables -t raw -I icmpcheck -p icmp -m icmp --icmp-type 12/0 -j RETURN
10		# iptables -t raw -I icmpcheck -p icmp -m icmp --icmp-type 4/0 -j RETURN
11		# iptables -t raw -I icmpcheck -p icmp -m icmp --icmp-type 3/4 -j RETURN
12		# iptables -t raw -I icmpcheck -p icmp -m icmp --icmp-type 0 -j RETURN
13		# iptables -t raw -I icmpcheck -p icmp -m icmp --icmp-type 11/0 -j RETURN
14		# iptables -t raw -I icmpcheck -p icmp -m icmp --icmp-type 3/0 -j RETURN
15		# iptables -t raw -I icmpcheck -p icmp -m icmp --icmp-type 3/1 -j RETURN
16		# iptables -t raw -I PREROUTING ! -i br0 -p icmp -j icmpcheck
17
18		# DNS redirect to router
19		iptables -t nat -I PREROUTING -i br0 -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
20		# по TCP обычно никто на запрашивает DNS
21		# iptables -t nat -I PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
22
23		# интересная и полезная строчка для модема
24	-	iptables -D INPUT 5
24	+	# iptables -I FORWARD 2 ! -o br0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1280
25
26	-	iptables -D FORWARD 7
26	+	# iptables -t mangle -I POSTROUTING -s 192.168.5.0/24 -o weth0 -j TTL --ttl-set 65
27	-	iptables -D FORWARD 2
27	+
28		iptables -t nat -D PREROUTING 2
29		iptables -D INPUT 7
30	-	iptables -I FORWARD 2 ! -o br0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1280
30	+
31		sleep 20
32	-	iptables -t mangle -I POSTROUTING -s 192.168.5.0/24 -o weth0 -j TTL --ttl-set 65
32	+
33		URLS=" \
34		http://adaway.org/hosts.txt \
35		http://winhelp2002.mvps.org/hosts.txt \
36		http://mirror.cedia.org.ec/malwaredomains/domains.hosts \
37		https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext \
38	-	https://hosts-file.net/.%5Cad_servers.txt \
38	+
39	-	https://mirror.cedia.org.ec/malwaredomains/domains.hosts \
39	+
40		/"
41
42		wget --user-agent="Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:77.0) Gecko/20100101 Firefox/77.0" -T40 -q -O- $URLS \| grep -v "^#" \| cut -d "#" -f 1 \| sed 's/127\.0\.0\.1/0\.0\.0\.0/' \| grep "^0.0.0.0" \| sed 's/ */ /g' \| sed 's/\t/ /g' \|sed 's/\r//' \| cut -d " " -f 1,2 \| tr A-Z a-z \| sort \| uniq > /tmp/hosts
43	-	https://zeustracker.abuse.ch/blocklist.php?download=hostfile \
43	+
44		sed -i '/0.0.0.0 localhost.localdomain/d' /tmp/hosts
45	-	https://pastebin.com/raw/020v8jsu \
45	+
46	-	# https://1hos.cf \
46	+
47		sed -i '/0.0.0.0 s-ec.bstatic.com/d' /tmp/hosts
48		sed -i '/0.0.0.0 t-ec.bstatic.com/d' /tmp/hosts
49	-	wget --user-agent="Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0" -T40 -q -O- $URLS \| grep -v "^#" \| cut -d "#" -f 1 \| sed 's/127\.0\.0\.1/0\.0\.0\.0/' \| grep "^0.0.0.0" \| sed 's/ */ /g' \| sed 's/\t/ /g' \|sed 's/\r//' \| cut -d " " -f 1,2 \| tr A-Z a-z \| sort \| uniq > /tmp/hosts
49	+
50		sed -i '/0.0.0.0 cs716.wac.edgecastcdn.net/d' /tmp/hosts
51		sed -i '/0.0.0.0 tags.tiqcdn.com/d' /tmp/hosts
52		sed -i '/0.0.0.0 ad.admitad.com/d' /tmp/hosts
53		sed -i '/0.0.0.0 api.cc.skype.com/d' /tmp/hosts
54		sed -i '/0.0.0.0 api.mcr.skype.com/d' /tmp/hosts
55		sed -i '/0.0.0.0 api.skype.com/d' /tmp/hosts
56		sed -i '/0.0.0.0 avatar.skype.com/d' /tmp/hosts
57		sed -i '/0.0.0.0 b.config.skype.com/d' /tmp/hosts
58		sed -i '/0.0.0.0 client-s.gateway.messenger.live.com/d' /tmp/hosts
59		sed -i '/0.0.0.0 contacts.skype.com/d' /tmp/hosts
60		sed -i '/0.0.0.0 dev.microsofttranslator.com/d' /tmp/hosts
61		sed -i '/0.0.0.0 diagnostics.support.microsoft.akadns.net/d' /tmp/hosts
62		sed -i '/0.0.0.0 diagnostics.support.microsoft.com/d' /tmp/hosts
63		sed -i '/0.0.0.0 edge.skype.com/d' /tmp/hosts
64		sed -i '/0.0.0.0 m.hotmail.com/d' /tmp/hosts
65		sed -i '/0.0.0.0 mobile.pipe.aria.microsoft.com/d' /tmp/hosts
66		sed -i '/0.0.0.0 msftncsi.com/d' /tmp/hosts
67		sed -i '/0.0.0.0 msg.skype.com/d' /tmp/hosts
68		sed -i '/0.0.0.0 next-services.apps.microsoft.com/d' /tmp/hosts
69		sed -i '/0.0.0.0 nexus.officeapps.live.com/d' /tmp/hosts
70		sed -i '/0.0.0.0 profile.skype.com/d' /tmp/hosts
71		sed -i '/0.0.0.0 s.gateway.messenger.live.com/d' /tmp/hosts
72		sed -i '/0.0.0.0 skype.net/d' /tmp/hosts
73		sed -i '/0.0.0.0 ui.skype.com/d' /tmp/hosts
74		sed -i '/0.0.0.0 www.msftncsi.com/d' /tmp/hosts
75		sed -i '/0.0.0.0 stat.online.sberbank.ru/d' /tmp/hosts
76		sed -i '/0.0.0.0 s.click.aliexpress.com/d' /tmp/hosts
77		sed -i '/0.0.0.0 star-mini.c10r.facebook.com/d' /tmp/hosts
78		sed -i '/0.0.0.0 connect.facebook.net/d' /tmp/hosts
79		sed -i '/0.0.0.0 graph.facebook.com/d' /tmp/hosts
80		sed -i '/0.0.0.0 cdn.siftscience.com/d' /tmp/hosts
81		sed -i '/0.0.0.0 ct.pinterest.com/d' /tmp/hosts
82		sed -i '/0.0.0.0 api.pinterest.com/d' /tmp/hosts
83		sed -i '/0.0.0.0 log.pinterest.com/d' /tmp/hosts
84		sed -i '/0.0.0.0 widgets.pinterest.com/d' /tmp/hosts
85		sed -i '/0.0.0.0 clck.yandex.ru/d' /tmp/hosts
86		sed -i '/0.0.0.0 mc.yandex.ru/d' /tmp/hosts
87		sed -i '/0.0.0.0 cdn.yandex.net/d' /tmp/hosts
88		sed -i '/0.0.0.0 yandex.ru/d' /tmp/hosts
89		sed -i '/0.0.0.0 money.yandex.ru/d' /tmp/hosts
90		sed -i '/0.0.0.0 yastatic.net/d' /tmp/hosts
91		sed -i '/0.0.0.0 analytics.mobile.yandex.net/d' /tmp/hosts
92		sed -i '/0.0.0.0 informer.yandex.ru/d' /tmp/hosts
93		sed -i '/0.0.0.0 r.mail.ru/d' /tmp/hosts
94		sed -i '/0.0.0.0 c.fa.jd.com/d' /tmp/hosts
95		sed -i '/0.0.0.0 whale.jd.com/d' /tmp/hosts
96		sed -i '/0.0.0.0 saturn.jd.com/d' /tmp/hosts
97		sed -i '/0.0.0.0 static.360buyimg.com/d' /tmp/hosts
98		sed -i '/0.0.0.0 static.criteo.net/d' /tmp/hosts
99		sed -i '/0.0.0.0 s.go-mpulse.net/d' /tmp/hosts
100		sed -i '/0.0.0.0 ciuvo.com/d' /tmp/hosts
101		sed -i '/0.0.0.0 gia.jd.com/d' /tmp/hosts
102		sed -i '/0.0.0.0 t.paypal.com/d' /tmp/hosts
103		sed -i '/0.0.0.0 b.stats.paypal.com/d' /tmp/hosts
104		sed -i '/0.0.0.0 l.deals.ebay.com/d' /tmp/hosts
105		sed -i '/0.0.0.0 stats.ebay.com/d' /tmp/hosts
106		sed -i '/0.0.0.0 rover.ebay.com/d' /tmp/hosts
107		sed -i '/0.0.0.0 us1111.alicdn.com.edgekey.net/d' /tmp/hosts
108		sed -i '/0.0.0.0 gj.mmstat.com/d' /tmp/hosts
109		sed -i '/0.0.0.0 gm.mmstat.com/d' /tmp/hosts
110		sed -i '/0.0.0.0 gm.gds.mmstat.com/d' /tmp/hosts
111		sed -i '/0.0.0.0 ws.mmstat.com/d' /tmp/hosts
112		sed -i '/0.0.0.0 gj.gds.mmstat.com/d' /tmp/hosts
113		sed -i '/0.0.0.0 ynuf.alipay.com/d' /tmp/hosts
114		sed -i '/0.0.0.0 ynuf.aliapp.com/d' /tmp/hosts
115		sed -i '/0.0.0.0 log.gds.mmstat.com/d' /tmp/hosts
116		sed -i '/0.0.0.0 perf.gds.mmstat.com/d' /tmp/hosts
117		sed -i '/0.0.0.0 c.go-mpulse.net/d' /tmp/hosts
118		sed -i '/0.0.0.0 oneid.mmstat.com/d' /tmp/hosts
119	-	sed -i '/0.0.0.0 aligtr001.mmstat.com/d' /tmp/hosts
119	+
120	-	sed -i '/0.0.0.0 aligtr002.mmstat.com/d' /tmp/hosts
120	+
121	-	sed -i '/0.0.0.0 aligtr003.mmstat.com/d' /tmp/hosts
121	+
122	-	sed -i '/0.0.0.0 aligtr004.mmstat.com/d' /tmp/hosts
122	+
123	-	sed -i '/0.0.0.0 aligtr005.mmstat.com/d' /tmp/hosts
123	+
124	-	sed -i '/0.0.0.0 aligtr006.mmstat.com/d' /tmp/hosts
124	+
125	-	sed -i '/0.0.0.0 aligtr007.mmstat.com/d' /tmp/hosts
125	+
126	-	sed -i '/0.0.0.0 aligtr008.mmstat.com/d' /tmp/hosts
126	+
127	-	sed -i '/0.0.0.0 aligtr009.mmstat.com/d' /tmp/hosts
127	+
128	-	sed -i '/0.0.0.0 aligtr010.mmstat.com/d' /tmp/hosts
128	+
129	-	sed -i '/0.0.0.0 aligtr011.mmstat.com/d' /tmp/hosts
129	+
130	-	sed -i '/0.0.0.0 aligtr012.mmstat.com/d' /tmp/hosts
130	+
131	-	sed -i '/0.0.0.0 aligtr013.mmstat.com/d' /tmp/hosts
131	+
132	-	sed -i '/0.0.0.0 aligtr014.mmstat.com/d' /tmp/hosts
132	+
133		sed -i '/0.0.0.0 a652.dscb.akamai.net/d' /tmp/hosts
134		sed -i '/0.0.0.0 report-uri.cloudflare.com/d' /tmp/hosts
135		sed -i '/0.0.0.0 www.ojrq.net/d' /tmp/hosts
136		sed -i '/0.0.0.0 letyshops.com/d' /tmp/hosts
137		sed -i '/0.0.0.0 pochta.ru/d' /tmp/hosts
138		sed -i '/0.0.0.0 www.pochta.ru/d' /tmp/hosts
139		sed -i '/0.0.0.0 youtube.com/d' /tmp/hosts
140		sed -i '/0.0.0.0 www.youtube.com/d' /tmp/hosts
141		sed -i '/0.0.0.0 youtube-ui.l.google.com/d' /tmp/hosts
142		sed -i '/0.0.0.0 www.google-analytics.com/d' /tmp/hosts
143		sed -i '/0.0.0.0 www-google-analytics.l.google.com/d' /tmp/hosts
144		sed -i '/0.0.0.0 ytstatic.l.google.com/d' /tmp/hosts
145		sed -i '/0.0.0.0 google-analytics.com/d' /tmp/hosts
146		sed -i '/0.0.0.0 ssl.google-analytics.com/d' /tmp/hosts
147		sed -i '/0.0.0.0 ssl-google-analytics.l.google.com/d' /tmp/hosts
148		sed -i '/0.0.0.0 analytics.google.com/d' /tmp/hosts
149		sed -i '/0.0.0.0 id.google.com/d' /tmp/hosts
150		sed -i '/0.0.0.0 connectivitycheck.gstatic.com/d' /tmp/hosts
151		sed -i '/0.0.0.0 accounts.google.com/d' /tmp/hosts
152		sed -i '/0.0.0.0 myaccount.google.com/d' /tmp/hosts
153		sed -i '/0.0.0.0 hangouts.google.com/d' /tmp/hosts
154		sed -i '/0.0.0.0 www3.l.google.com/d' /tmp/hosts
155		sed -i '/0.0.0.0 plus.l.google.com/d' /tmp/hosts
156		sed -i '/0.0.0.0 fonts.gstatic.com/d' /tmp/hosts
157		sed -i '/0.0.0.0 fonts.googleapis.com/d' /tmp/hosts
158	-	sed -i '/0.0.0.0 rutracker.org/d' /tmp/hosts
158	+
159	-	sed -i '/0.0.0.0 static.t-ru.org/d' /tmp/hosts
159	+
160	-	sed -i '/0.0.0.0 rutrk.org/d' /tmp/hosts
160	+
161	-	sed -i '/0.0.0.0 hdreactor.org/d' /tmp/hosts
161	+
162	-	sed -i '/0.0.0.0 nnm-club.me/d' /tmp/hosts
162	+
163	-	sed -i '/0.0.0.0 nnm-club.ws/d' /tmp/hosts
163	+
164	-	sed -i '/0.0.0.0 nnmclub.to/d' /tmp/hosts
164	+
165	-	sed -i '/0.0.0.0 nnm-club.lib/d' /tmp/hosts
165	+
166		sed -i '/0.0.0.0 badges.instagram.com/d' /tmp/hosts
167		sed -i '/0.0.0.0 graph.instagram.com/d' /tmp/hosts
168		sed -i '/0.0.0.0 ocsp.apple.com/d' /tmp/hosts
169		sed -i '/0.0.0.0 world-gen.g.aaplimg.com/d' /tmp/hosts
170		sed -i '/0.0.0.0 www.lightinthebox.com/d' /tmp/hosts
171		sed -i '/0.0.0.0 c.media-amazon.com/d' /tmp/hosts
172		sed -i '/0.0.0.0 m.media-amazon.com/d' /tmp/hosts
173		sed -i '/0.0.0.0 autolinkmaker.itunes.apple.com/d' /tmp/hosts
174		sed -i '/0.0.0.0 littlebuddy.apple.com/d' /tmp/hosts
175		sed -i '/0.0.0.0 images-na.ssl-images-amazon.com/d' /tmp/hosts
176		sed -i '/0.0.0.0 a.lmcdn.ru/d' /tmp/hosts
177		sed -i '/0.0.0.0 d.gcdn.co/d' /tmp/hosts
178		sed -i '/0.0.0.0 iam.gcdn.co/d' /tmp/hosts
179		sed -i '/0.0.0.0 js-agent.newrelic.com/d' /tmp/hosts
180		sed -i '/0.0.0.0 cdn.livechatinc.com/d' /tmp/hosts
181		sed -i '/0.0.0.0 lu.api.mega.co.nz/d' /tmp/hosts
182		sed -i '/0.0.0.0 www.ant.com/d' /tmp/hosts
183		sed -i '/0.0.0.0 fresnel.vimeocdn.com/d' /tmp/hosts
184		sed -i '/0.0.0.0 ocsp.digicert.com/d' /tmp/hosts
185		sed -i '/0.0.0.0 cs9.wac.phicdn.net/d' /tmp/hosts
186		sed -i '/0.0.0.0 secure.livechatinc.com/d' /tmp/hosts
187		sed -i '/0.0.0.0 bitpay.com/d' /tmp/hosts
188		sed -i '/0.0.0.0 cds.j3z9t3p6.hwcdn.net/d' /tmp/hosts
189		sed -i '/0.0.0.0 app.getresponse.com/d' /tmp/hosts
190		sed -i '/0.0.0.0 kssm.kuaipandata.com/d' /tmp/hosts
191		sed -i '/0.0.0.0 www.turkishạirlines.com/d' /tmp/hosts
192		sed -i '/0.0.0.0 ɢoogle.com/d' /tmp/hosts
193		sed -i '/0.0.0.0 secret.ɢoogle.com/d' /tmp/hosts
194		sed -i '/0.0.0.0 myètherwället.com/d' /tmp/hosts
195		sed -i '/0.0.0.0 mÿethèrwallét.com/d' /tmp/hosts
196		sed -i '/0.0.0.0 a.radikal.ru/d' /tmp/hosts
197		sed -i '/0.0.0.0 cstatic.weborama.fr/d' /tmp/hosts
198		sed -i '/0.0.0.0 displaycatalog.mp.microsoft.com/d' /tmp/hosts
199		sed -i '/0.0.0.0 mediation.adnxs.com/d' /tmp/hosts
200		sed -i '/0.0.0.0 pagead2.googlesyndication.com/d' /tmp/hosts
201
202		killall -SIGHUP dnsmasq