Difference between revisions of "BlackBlockGoogle"
m (→iptsetup.sh) |
|||
Line 38: | Line 38: | ||
* You also need to feed traffic into the m_ip chain in your mangle table. | * You also need to feed traffic into the m_ip chain in your mangle table. | ||
− | * How you might wish to do this is left as an exercise to the reader :- | + | * How you might wish to do this is left as an exercise to the reader ;-) (don't just blindly "follow", Read up!!) |
+ | |||
+ | But for example, you could do something as simple as this, seeing as how you are running on a router: | ||
+ | |||
+ | <code> | ||
+ | |||
+ | iptables -t mangle -A PREROUTING -s lan-ip.of.user-that-not-want.google -j m_ip | ||
+ | |||
+ | <code> | ||
Revision as of 11:39, 27 April 2018
A list of tools, please check their descriptions inside...
https://addons.mozilla.org/en-US/firefox/addon/librejs/
https://addons.mozilla.org/en-US/firefox/addon/trackmenot/
https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/
https://www.eff.org/privacybadger
iptsetup.sh
This is a script that would run on OpenWRT:
You would do, for example:
- root@OpenWrt:~# iptsetup.sh google.com gl 1
- That would create for you add_gl.sh and del_gl.sh in the current working directory.
- Then run ./add_gl.sh and all packets destined to google will be marked with MARK 1
- So add a rule something like:
iptables -N reject iptables -A OUTPUT -m mark --mark 1 -j reject iptables -A reject -p tcp -j REJECT --reject-with tcp-reset iptables -A reject -j REJECT --reject-with icmp-port-unreachable
- You also need to feed traffic into the m_ip chain in your mangle table.
- How you might wish to do this is left as an exercise to the reader ;-) (don't just blindly "follow", Read up!!)
But for example, you could do something as simple as this, seeing as how you are running on a router:
iptables -t mangle -A PREROUTING -s lan-ip.of.user-that-not-want.google -j m_ip
#!/bin/sh
#
## setup domain.com name fwmark#
#
IP=`nslookup $1 | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | tail -n1 | cut -d\ -f3`
AS=`wget -q -O - http://ipinfo.io/$IP/org | cut -f1 -d \ | sed -e 's/AS//'`
echo '#!/bin/sh' > add_$2.sh
chmod 750 add_$2.sh
echo '#!/bin/sh' > del_$2.sh
chmod 750 del_$2.sh
NETWORKS=`wget -O - http://stat.ripe.net/data/announced-prefixes/data.yaml?resource=$AS|grep prefix\:|grep -v \:\:|awk '{print $3}'`
echo "iptables -t mangle -N $2_ip" >> add_$2.sh
echo "iptables -t mangle -N $2_do" >> add_$2.sh
echo "iptables -t mangle -A m_ip -j $2_ip" >> add_$2.sh
echo "iptables -t mangle -D m_ip -j $2_ip" >> del_$2.sh
for i in $NETWORKS; do echo "iptables -t mangle -A $2_ip -d $i -j $2_do" >> add_$2.sh; done
for i in $NETWORKS; do echo "iptables -t mangle -D $2_ip -d $i -j $2_do" >> del_$2.sh; done
echo "iptables -t mangle -A $2_do -j MARK --set-mark $3" >> add_$2.sh
echo "iptables -t mangle -D $2_do -j MARK --set-mark $3" >> del_$2.sh
echo "iptables -t mangle -X $2_ip" >> del_$2.sh
echo "iptables -t mangle -X $2_do" >> del_$2.sh