Difference between revisions of "BlackBlockGoogle"
(→iptsetup.sh) |
|||
| Line 24: | Line 24: | ||
You would do, for example: | You would do, for example: | ||
| − | * root@OpenWrt:~# iptsetup.sh google.com gl 1 | + | * root@OpenWrt:~# ./iptsetup.sh google.com gl 1 |
* That would create for you add_gl.sh and del_gl.sh in the current working directory. | * That would create for you add_gl.sh and del_gl.sh in the current working directory. | ||
* Then run ./add_gl.sh and all packets destined to google will be marked with MARK 1 | * Then run ./add_gl.sh and all packets destined to google will be marked with MARK 1 | ||
| Line 52: | Line 52: | ||
#!/bin/sh | #!/bin/sh | ||
# | # | ||
| − | ## | + | ## iptsetup.sh domain.com name fwmark# |
# | # | ||
IP=`nslookup $1 | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | tail -n1 | cut -d\ -f3` | IP=`nslookup $1 | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | tail -n1 | cut -d\ -f3` | ||
Revision as of 11:46, 27 April 2018
A list of tools, please check their descriptions inside...
https://addons.mozilla.org/en-US/firefox/addon/librejs/
https://addons.mozilla.org/en-US/firefox/addon/trackmenot/
https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/
https://www.eff.org/privacybadger
iptsetup.sh
This is a script that would run on OpenWRT:
You would do, for example:
- root@OpenWrt:~# ./iptsetup.sh google.com gl 1
- That would create for you add_gl.sh and del_gl.sh in the current working directory.
- Then run ./add_gl.sh and all packets destined to google will be marked with MARK 1
- So add a rule something like:
iptables -N reject iptables -A OUTPUT -m mark --mark 1 -j reject iptables -A reject -p tcp -j REJECT --reject-with tcp-reset iptables -A reject -j REJECT --reject-with icmp-port-unreachable
- You also need to feed traffic into the m_ip chain in your mangle table.
- How you might wish to do this is left as an exercise to the reader ;-) (don't just blindly "follow", Read up!!)
But for example, you could do something as simple as this, seeing as how you are running on a router:
iptables -t mangle -A PREROUTING -s lan-ip.of.user-that-not-want.google -j m_ip
#!/bin/sh
#
## iptsetup.sh domain.com name fwmark#
#
IP=`nslookup $1 | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | tail -n1 | cut -d\ -f3`
AS=`wget -q -O - http://ipinfo.io/$IP/org | cut -f1 -d \ | sed -e 's/AS//'`
echo '#!/bin/sh' > add_$2.sh
chmod 750 add_$2.sh
echo '#!/bin/sh' > del_$2.sh
chmod 750 del_$2.sh
NETWORKS=`wget -O - http://stat.ripe.net/data/announced-prefixes/data.yaml?resource=$AS|grep prefix\:|grep -v \:\:|awk '{print $3}'`
echo "iptables -t mangle -N $2_ip" >> add_$2.sh
echo "iptables -t mangle -N $2_do" >> add_$2.sh
echo "iptables -t mangle -A m_ip -j $2_ip" >> add_$2.sh
echo "iptables -t mangle -D m_ip -j $2_ip" >> del_$2.sh
for i in $NETWORKS; do echo "iptables -t mangle -A $2_ip -d $i -j $2_do" >> add_$2.sh; done
for i in $NETWORKS; do echo "iptables -t mangle -D $2_ip -d $i -j $2_do" >> del_$2.sh; done
echo "iptables -t mangle -A $2_do -j MARK --set-mark $3" >> add_$2.sh
echo "iptables -t mangle -D $2_do -j MARK --set-mark $3" >> del_$2.sh
echo "iptables -t mangle -X $2_ip" >> del_$2.sh
echo "iptables -t mangle -X $2_do" >> del_$2.sh
