Difference between revisions of "BlackBlockGoogle"
(→iptsetup.sh) |
m (→iptsetup.sh) |
||
Line 31: | Line 31: | ||
<pre> | <pre> | ||
iptables -N reject | iptables -N reject | ||
− | iptables -A OUTPUT -m mark --mark | + | iptables -A OUTPUT -m mark --mark 1 -j reject |
iptables -A reject -p tcp -j REJECT --reject-with tcp-reset | iptables -A reject -p tcp -j REJECT --reject-with tcp-reset | ||
iptables -A reject -j REJECT --reject-with icmp-port-unreachable | iptables -A reject -j REJECT --reject-with icmp-port-unreachable |
Revision as of 11:34, 27 April 2018
A list of tools, please check their descriptions inside...
https://addons.mozilla.org/en-US/firefox/addon/librejs/
https://addons.mozilla.org/en-US/firefox/addon/trackmenot/
https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/
https://www.eff.org/privacybadger
iptsetup.sh
This is a script that would run on OpenWRT:
You would do, for example:
- root@OpenWrt:~# iptsetup.sh google.com gl 1
- That would create for you add_gl.sh and del_gl.sh in the current working directory.
- Then run ./add_gl.sh and all packets destined to google will be marked with MARK 1
- So add a rule something like:
iptables -N reject iptables -A OUTPUT -m mark --mark 1 -j reject iptables -A reject -p tcp -j REJECT --reject-with tcp-reset iptables -A reject -j REJECT --reject-with icmp-port-unreachable
- You also need to feed traffic into the m_ip chain in your mangle table.
- How you might wish to do this is left as an exercise to the reader :-/
#!/bin/sh # ## setup domain.com name fwmark# # IP=`nslookup $1 | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | tail -n1 | cut -d\ -f3` AS=`wget -q -O - http://ipinfo.io/$IP/org | cut -f1 -d \ | sed -e 's/AS//'` echo '#!/bin/sh' > add_$2.sh chmod 750 add_$2.sh echo '#!/bin/sh' > del_$2.sh chmod 750 del_$2.sh NETWORKS=`wget -O - http://stat.ripe.net/data/announced-prefixes/data.yaml?resource=$AS|grep prefix\:|grep -v \:\:|awk '{print $3}'` echo "iptables -t mangle -N $2_ip" >> add_$2.sh echo "iptables -t mangle -N $2_do" >> add_$2.sh echo "iptables -t mangle -A m_ip -j $2_ip" >> add_$2.sh echo "iptables -t mangle -D m_ip -j $2_ip" >> del_$2.sh for i in $NETWORKS; do echo "iptables -t mangle -A $2_ip -d $i -j $2_do" >> add_$2.sh; done for i in $NETWORKS; do echo "iptables -t mangle -D $2_ip -d $i -j $2_do" >> del_$2.sh; done echo "iptables -t mangle -A $2_do -j MARK --set-mark $3" >> add_$2.sh echo "iptables -t mangle -D $2_do -j MARK --set-mark $3" >> del_$2.sh echo "iptables -t mangle -X $2_ip" >> del_$2.sh echo "iptables -t mangle -X $2_do" >> del_$2.sh