Difference between revisions of "BlackBlockGoogle"
Line 24: | Line 24: | ||
You would do, for example: | You would do, for example: | ||
− | * root@OpenWrt:~# iptsetup.sh google.com gl 1 | + | * root@OpenWrt:~# iptsetup.sh google.com gl 1 |
* That would create for you add_gl.sh and del_gl.sh in the current working directory. | * That would create for you add_gl.sh and del_gl.sh in the current working directory. | ||
* Then run ./add_gl.sh and all packets destined to google will be marked with MARK 1 | * Then run ./add_gl.sh and all packets destined to google will be marked with MARK 1 | ||
* So add a rule something like: | * So add a rule something like: | ||
+ | |||
<code> | <code> | ||
− | + | iptables -N reject | |
iptables -A OUTPUT -m mark --mark 4 -j reject | iptables -A OUTPUT -m mark --mark 4 -j reject | ||
iptables -A reject -p tcp -j REJECT --reject-with tcp-reset | iptables -A reject -p tcp -j REJECT --reject-with tcp-reset | ||
iptables -A reject -j REJECT --reject-with icmp-port-unreachable | iptables -A reject -j REJECT --reject-with icmp-port-unreachable | ||
− | </code | + | </code> |
+ | * You also need to feed traffic into the m_ip chain in your mangle table. | ||
+ | * How you might wish to do this is left as an exercise to the reader :-/ | ||
Revision as of 11:31, 27 April 2018
A list of tools, please check their descriptions inside...
https://addons.mozilla.org/en-US/firefox/addon/librejs/
https://addons.mozilla.org/en-US/firefox/addon/trackmenot/
https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/
https://www.eff.org/privacybadger
iptsetup.sh
This is a script that would run on OpenWRT:
You would do, for example:
- root@OpenWrt:~# iptsetup.sh google.com gl 1
- That would create for you add_gl.sh and del_gl.sh in the current working directory.
- Then run ./add_gl.sh and all packets destined to google will be marked with MARK 1
- So add a rule something like:
iptables -N reject
iptables -A OUTPUT -m mark --mark 4 -j reject
iptables -A reject -p tcp -j REJECT --reject-with tcp-reset
iptables -A reject -j REJECT --reject-with icmp-port-unreachable
- You also need to feed traffic into the m_ip chain in your mangle table.
- How you might wish to do this is left as an exercise to the reader :-/
#!/bin/sh # ## setup domain.com name fwmark# # IP=`nslookup $1 | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | tail -n1 | cut -d\ -f3` AS=`wget -q -O - http://ipinfo.io/$IP/org | cut -f1 -d \ | sed -e 's/AS//'` echo '#!/bin/sh' > add_$2.sh chmod 750 add_$2.sh echo '#!/bin/sh' > del_$2.sh chmod 750 del_$2.sh NETWORKS=`wget -O - http://stat.ripe.net/data/announced-prefixes/data.yaml?resource=$AS|grep prefix\:|grep -v \:\:|awk '{print $3}'` echo "iptables -t mangle -N $2_ip" >> add_$2.sh echo "iptables -t mangle -N $2_do" >> add_$2.sh echo "iptables -t mangle -A m_ip -j $2_ip" >> add_$2.sh echo "iptables -t mangle -D m_ip -j $2_ip" >> del_$2.sh for i in $NETWORKS; do echo "iptables -t mangle -A $2_ip -d $i -j $2_do" >> add_$2.sh; done for i in $NETWORKS; do echo "iptables -t mangle -D $2_ip -d $i -j $2_do" >> del_$2.sh; done echo "iptables -t mangle -A $2_do -j MARK --set-mark $3" >> add_$2.sh echo "iptables -t mangle -D $2_do -j MARK --set-mark $3" >> del_$2.sh echo "iptables -t mangle -X $2_ip" >> del_$2.sh echo "iptables -t mangle -X $2_do" >> del_$2.sh