1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

P2Partisan [v5.14/v6.09] mass IP blocking - peerblock/peerguardian for tomato

Discussion in 'Tomato Firmware' started by rs232, Oct 11, 2013.

  1. Salvo

    Salvo Connected Client Member


    Here it is

    Code:
    root@unknown:/tmp/mnt/usb/p2partisan# route
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    10.8.8.177      *               255.255.255.255 UH    0      0        0 tun11
            192.168.37.33   255.255.255.255 UGH   0      0        0 vlan2
    10.8.8.1        10.8.8.177      255.255.255.255 UGH   0      0        0 tun11
    192.168.37.33   *               255.255.255.255 UH    0      0        0 vlan2
    192.168.37.32   *               255.255.255.240 U     0      0        0 vlan2
    192.168.1.0     *               255.255.255.0   U     0      0        0 br0
    127.0.0.0       *               255.0.0.0       U     0      0        0 lo
    default         10.8.8.177      128.0.0.0       UG    0      0        0 tun11
    128.0.0.0       10.8.8.177      128.0.0.0       UG    0      0        0 tun11
    default         192.168.37.33   0.0.0.0         UG    0      0        0 vlan2
    root@unknown:/tmp/mnt/usb/p2partisan# ifconfig
    br0        Link encap:Ethernet  HWaddr
               inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
               UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
               RX packets:4354011 errors:0 dropped:0 overruns:0 frame:0
               TX packets:8378918 errors:0 dropped:0 overruns:0 carrier:0
               collisions:0 txqueuelen:0
               RX bytes:283405093 (270.2 MiB)  TX bytes:11011886691 (10.2 GiB)
    
    eth0       Link encap:Ethernet  HWaddr
               UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
               RX packets:12653835 errors:0 dropped:0 overruns:0 frame:0
               TX packets:12432902 errors:0 dropped:0 overruns:0 carrier:0
               collisions:0 txqueuelen:1000
               RX bytes:3536360027 (3.2 GiB)  TX bytes:2703737895 (2.5 GiB)
               Interrupt:179 Base address:0x4000
    
    eth1       Link encap:Ethernet  HWaddr
               UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
               RX packets:310396 errors:0 dropped:0 overruns:0 frame:4028
               TX packets:434485 errors:0 dropped:0 overruns:0 carrier:0
               collisions:0 txqueuelen:1000
               RX bytes:30143139 (28.7 MiB)  TX bytes:450867430 (429.9 MiB)
               Interrupt:163
    
    eth2       Link encap:Ethernet  HWaddr
               UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
               RX packets:0 errors:0 dropped:0 overruns:0 frame:0
               TX packets:523 errors:0 dropped:0 overruns:0 carrier:0
               collisions:0 txqueuelen:1000
               RX bytes:0 (0.0 B)  TX bytes:79352 (77.4 KiB)
               Interrupt:169
    
    lo         Link encap:Local Loopback
               inet addr:127.0.0.1  Mask:255.0.0.0
               inet6 addr: ::1/128 Scope:Host
               UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
               RX packets:329 errors:0 dropped:0 overruns:0 frame:0
               TX packets:329 errors:0 dropped:0 overruns:0 carrier:0
               collisions:0 txqueuelen:0
               RX bytes:50806 (49.6 KiB)  TX bytes:50806 (49.6 KiB)
    
    tun11      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
               inet addr:10.8.8.178  P-t-P:10.8.8.177  Mask:255.255.255.255
               UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
               RX packets:2968897 errors:0 dropped:0 overruns:0 frame:0
               TX packets:1643945 errors:0 dropped:52857 overruns:0 carrier:0
               collisions:0 txqueuelen:100
               RX bytes:3875513244 (3.6 GiB)  TX bytes:105664982 (100.7 MiB)
    
    vlan1      Link encap:Ethernet  HWaddr
               UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
               RX packets:4211791 errors:0 dropped:0 overruns:0 frame:0
               TX packets:8124702 errors:0 dropped:0 overruns:0 carrier:0
               collisions:0 txqueuelen:0
               RX bytes:290834790 (277.3 MiB)  TX bytes:10618670940 (9.8 GiB)
    
    vlan2      Link encap:Ethernet  HWaddr
               inet addr:192.168.37.39  Bcast:192.168.37.47  Mask:255.255.255.240
               UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
               RX packets:8412780 errors:0 dropped:0 overruns:0 frame:0
               TX packets:4280414 errors:0 dropped:0 overruns:0 carrier:0
               collisions:0 txqueuelen:0
               RX bytes:11603194509 (10.8 GiB)  TX bytes:669299669 (638.2 MiB)
    
    [/QUOTE]


    Interesting. it looks like I had better off picking up the exit interface from the route command rather than the nvram. In your case P2Partisan shouldn't work as expected and, do you see many packets dropped/rejected when you query p2partisan via the status page?
    Can you also post the output of iptables -nvL FORWARD ? Thanks[/QUOTE]

    There are no rejects, see below:

    Code:
    root@unknown:/tmp/mnt/usb/p2partisan# ./p2* status
    
    +------------------------- P2Partisan --------------------------+
    |            _______ __          __
    |           |     __|  |_.---.-.|  |_.--.--.-----.
    |           |__     |   _|  _  ||   _|  |  |__ --|
    |           |_______|____|___._||____|_____|_____|
    |
    | Release version:  v6.00 (15/07/2015)
    +---------------------------------------------------------------+
    |         Running:  Yes
    |         Autorun:  Yes
    |           Tutor:  Yes / 0 problems in the last 24h
    |        Debugger:  Off
    | Partisan uptime:  0 - 04:04:45
    |    Startup time:  1519 seconds
    |      Dropped in:  112
    |    Rejected out:  0
    +---------------------------------------------------------------+
    |       Black IPs:  0
    |       White IPs:  0
    |  TransmissionBT:  Off
    | White ports TCP:  80,443,3658,8080
    | White ports UDP:  1194:1197,53,123,1723,3658,67,68
    |    Blacklist_01:  [o] [e] [o] [o] - 4743 KB - level1
    |    Blacklist_02:  [o] [e] [o] [o] - 1358 KB - level2
    |    Blacklist_03:  [o] [e] [o] [o] -  322 KB - level3
    |    Blacklist_04:  [o] [e] [o] [o] -   49 KB - spyware
    |                    ^   ^   ^   ^
    |      maxload: 2 - pri sec cid ipt - [e]mpty [l]oading l[o]aded [p]artial [q]ueued
    |    Consumed RAM:  6507 KB
    +----------------------- Logs max(1/hour) ----------------------+
    | Jul 24 19:27:39 I=vlan2 O= S=0.0.0.0 D=224.0.0.1 2
    
    +---------------------------------------------------------------+
    root@unknown:/tmp/mnt/usb/p2partisan# iptables -nvL FORWARD
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target     prot opt in     out     source               destination
    1249K 1151M ACCEPT     all  --  tun11  *       0.0.0.0/0            0.0.0.0/0
    1045K  296M            all  --  *      *       0.0.0.0/0            0.0.0.0/0           account: network/netmask: 192.168.1.0/255.255.255.0 name: lan
        0     0 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0
      679 85518 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
    81823 4876K TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x06/0x02 TCPMSS clamp to PMTU
    920K  285M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
        0     0 wanin      all  --  vlan2  *       0.0.0.0/0            0.0.0.0/0
      259 24553 wanout     all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0
    124K   11M ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0
        0     0 upnp       all  --  vlan2  *       0.0.0.0/0            0.0.0.0/0
    root@unknown:/tmp/mnt/usb/p2partisan#
    
     
  2. rs232

    rs232 Network Guru Member

    I still believe the traffic crossing the tunnel is not filtered. Can you install peerblock on your device (given it's a windows device) and set it up exactly with the same lists as per p2partisan. You should see in the peerblock log only outbound blocked packets, that tells you P2Partisan is working. If not (you can see blocked packets also inbound) it means p2partisan doesn't work on tunnels out of the box -> I need to modify the script to support this scenario.

    Please let me know
     
  3. Bird333

    Bird333 Network Guru Member

    It did again and this is what I got.


    Code:
    Mem: 83044K used, 172364K free, 0K shrd, 8196K buff, 29868K cached
    CPU:  0% usr  0% sys  0% nic  26% idle  0% io  73% irq  0% sirq
    Load average: 1.10 0.93 0.84 3/63 9208
      PID  PPID USER  STAT  VSZ %VSZ %CPU COMMAND
    2093  1 nobody  S  3728  1%  1% dnsmasq -c 1500 --log-async
    9180  9052 root  R  1608  1%  0% top
    1707  1 root  S  11944  5%  0% transmission-daemon -g /trans
      739  1 root  S  5208  2%  0% minidlna -f /etc/minidlna.conf
      750  749 root  S N  5208  2%  0% minidlna -f /etc/minidlna.conf
      749  739 root  S  5208  2%  0% minidlna -f /etc/minidlna.conf
    9017  778 root  S N  3536  1%  0% smbd -D
      778  1 root  S N  3260  1%  0% smbd -D
    1819  1 nobody  S  3212  1%  0% /usr/sbin/openvpn --config /openvpn
    1469  1 root  S  2968  1%  0% httpd
      710  1 root  S  2412  1%  0% nmbd -D
      711  710 root  S  2364  1%  0% nmbd -D
      676  1 root  S  1632  1%  0% crond -l 9
    1488  1 root  S  1620  1%  0% udhcpc -i vlan2 -b -s dhcpc-event -H
    9052  9047 root  S  1620  1%  0% -sh
      355  354 root  S  1616  1%  0% /bin/sh
    6172  6171 root  S  1612  1%  0% {p2partisan.sh} /bin/sh /path to p2partisan
    5309  5308 root  S  1612  1%  0% {p2partisan.sh} /bin/sh /path to p2partisan
    7666  7665 root  S  1612  1%  0% {p2partisan.sh} /bin/sh /path to p2partisan
    6171  676 root  S  1612  1%  0% /bin/sh -c /path to p2partisan 
    Code:
    root@RT-N66R:/tmp/home/root# ps
      PID USER  VSZ STAT COMMAND
    5308 root  1612 S  /bin/sh -c /path to p2partisan/p2partisan.sh tuto
    5309 root  1612 S  {p2partisan.sh} /bin/sh /path to p2partisan/p2par
    6171 root  1612 S  /bin/sh -c /path to p2partisan/p2partisan.sh tuto
    6172 root  1612 S  {p2partisan.sh} /bin/sh /path to p2partisan/p2par
    7665 root  1612 S  /bin/sh -c /path to p2partisan/p2partisan.sh tuto
    7666 root  1612 S  {p2partisan.sh} /bin/sh /path to p2partisan/p2par
    9017 root  3536 S N  smbd -D
    9047 root  1176 R  dropbear -p 22 -a
    9052 root  1620 S  -sh
    9205 root  1608 S  ping -c 3 8.8.8.8
    9209 root  1608 S  ping -c 3 8.8.8.8
    9211 root  1604 S  sleep 5
    9212 root  1600 R  ps
    It looks like 'tutor' may be the cause.
     
  4. Salvo

    Salvo Connected Client Member

    Tried that, I have not noticed any difference between running and not running p2partisan (see below copy from peerblock, I stopped p2partisan at 23:15).

    Also Dropped in packets in p2partisan are kept in very stable number for long time when downloading some torrents and rejects as before 0.

    [​IMG]
     
  5. Salvo

    Salvo Connected Client Member

    I also restarted the p2partisan while running lot of torrents to see again the drops / rejects, no drops / rejects after 40mins

    Code:
    root@unknown:/tmp/mnt/usb/p2partisan# ./p2* status
    
    +------------------------- P2Partisan --------------------------+
    |            _______ __          __
    |           |     __|  |_.---.-.|  |_.--.--.-----.
    |           |__     |   _|  _  ||   _|  |  |__ --|
    |           |_______|____|___._||____|_____|_____|
    |
    | Release version:  v6.00 (15/07/2015)
    +---------------------------------------------------------------+
    |         Running:  Yes
    |         Autorun:  Yes
    |           Tutor:  Yes / 0 problems in the last 24h
    |        Debugger:  Off
    | Partisan uptime:  0 - 00:41:26
    |    Startup time:  35 seconds
    |      Dropped in:  0
    |    Rejected out:  0
    +---------------------------------------------------------------+
    |       Black IPs:  0
    |       White IPs:  0
    |  TransmissionBT:  Off
    | White ports TCP:  80,443,3658,8080
    | White ports UDP:  1194:1197,53,123,1723,3658,67,68
    |    Blacklist_01:  [o] [e] [o] [o] - 4744 KB - level1
    |    Blacklist_02:  [o] [e] [o] [o] - 1358 KB - level2
    |    Blacklist_03:  [o] [e] [o] [o] -  323 KB - level3
    |    Blacklist_04:  [o] [e] [o] [o] -   70 KB - spyware
    |    Blacklist_05:  [o] [e] [o] [o] -   46 KB - advertisement
    |    Blacklist_06:  [o] [e] [o] [o] -   46 KB - ads
    |                    ^   ^   ^   ^
    |      maxload: 2 - pri sec cid ipt - [e]mpty [l]oading l[o]aded [p]artial [q]ueued
    |    Consumed RAM:  6640 KB
    +----------------------- Logs max(1/hour) ----------------------+
    
    
    +---------------------------------------------------------------+
    root@unknown:/tmp/mnt/usb/p2partisan#
    
     
  6. rs232

    rs232 Network Guru Member

    Thanks for this I'll have a look as son as I can, in the meantime can you find anything relevant in the log? e.g.

    tail -8000 /var/log/messages | grep artisan | grep -v IN | grep -v OUT

    P.S. I don't know how large your logfile is so you might have to tweak the 8000 in the command...
     
  7. rs232

    rs232 Network Guru Member

    Ok let's go in order. The fact that you see only outbound packets blocked it means you're not receiving blacked IP calls. This is good and means that P2Partisan is working. However this behaviour should change (see blocked packets in in peerblock on the client) when p2partisan is stopped.

    Can you also post the output of the following commands (while connected to the VPN and P2Partisan running):

    iptables -nvL INPUT
    iptables -nvL OUTPUT


    Thanks
     
  8. Salvo

    Salvo Connected Client Member

    Code:
    root@unknown:/tmp/mnt/usb/p2partisan# iptables -nvL INPUT
    Chain INPUT (policy DROP 0 packets, 0 bytes)
    pkts bytes target     prot opt in     out     source               destination
        0     0 P2PARTISAN-IN  all  --  vlan2  *       0.0.0.0/0            0.0.0.0/0            state NEW
    5559 1755K ACCEPT     all  --  tun11  *       0.0.0.0/0            0.0.0.0/0
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
    3780K 3924M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
        1    52 shlimit    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state NEW
      154 26054 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    13775 1790K ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0
    root@unknown:/tmp/mnt/usb/p2partisan# iptables -nvL OUTPUT
    Chain OUTPUT (policy ACCEPT 1091K packets, 152M bytes)
    pkts bytes target     prot opt in     out     source               destination
        0     0 P2PARTISAN-OUT  all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0            state NEW
    root@unknown:/tmp/mnt/usb/p2partisan#
    
     
  9. rs232

    rs232 Network Guru Member


    Ok thanks I think I have all the info. Wait for the next P2Partian release. I'll publish in beta first so that you can test.
     
  10. rs232

    rs232 Network Guru Member

    Ok, try this:
    ./p2partisan.sh upgrade-beta

    after a bit of usage please post here the output of the following commands:
    route | grep -E '^default.*.tun..$|ppp.$' | awk '{print $8}'
    iptables -nvL INPUT
    iptables -nvL FORWARD
    cat ./iptables-add
    cat ./iptables-del


    Thanks
    rs232
     
  11. Salvo

    Salvo Connected Client Member

    See the error message

    Code:
    | P2PARTISAN:  P2Partisan stopped.
    +---------------------------------------------------------------+
    | 2/6) Migrating the configuration
    | 3/6) Copying p2partisan.sh into p2partisan.sh.old
    | 4/6) Installing new script into p2partisan.sh
    | 5/6) Setting up permissions
    | 6/6) all done, Please run the script manually!
    | NOTE: autorun setting is left as it was found
    +---------------------------------------------------------------+
    
    root@unknown:/tmp/mnt/usb/p2partisan# ./p2* status
    ./p2partisan.sh: line 866: syntax error: unexpected "|"
    root@unknown:/tmp/mnt/usb/p2partisan# ./p2* start
    ./p2partisan.sh: line 866: syntax error: unexpected "|"
    root@unknown:/tmp/mnt/usb/p2partisan#
    root@unknown:/tmp/mnt/usb/p2partisan#
    
     
  12. rs232

    rs232 Network Guru Member

    re-upgrade to beta and try again please
     
  13. Salvo

    Salvo Connected Client Member

    Same error:

    Code:
    root@unknown:/tmp/mnt/usb/p2partisan# ./p2partisan.sh upgrade-beta
    | Do you want to install the latest testing beta (not suggested)?
    |
    | y/n
    y
    | Upgrading, please wait:
    | 1/6) Stopping the script
    
    +------------------------- P2Partisan --------------------------+
    |                   _______ __
    |                  |     __|  |_.-----.-----.
    |                  |__     |   _|  _  |  _  |
    |            Hard  |_______|____|_____|   __|
    |                                     |__|
    |
    +---------------------------------------------------------------+
    ipset v6.24: Kernel error received: Invalid argument
    | P2PARTISAN:  Unloading ipset modules
    | P2PARTISAN:  Removing the list files
    | Removing Blacklist_01 --> ***level1***
    | Removing Blacklist_02 --> ***level2***
    | Removing Blacklist_03 --> ***level3***
    | Removing Blacklist_04 --> ***spyware***
    | Removing Blacklist_05 --> ***advertisement***
    | Removing Blacklist_06 --> ***ads***
    
    +------------------------- P2Partisan --------------------------+
    |                _______         __
    |               |_     _|.--.--.|  |_.-----.----.
    |                 |   |  |  |  ||   _|  _  |   _|
    |                 |___|  |_____||____|_____|__|
    |
    +-------------------------- Scheduler --------------------------+
    | P2PARTISAN: P2Partisan tutor is OFF
    +---------------------------------------------------------------+
    | P2PARTISAN:  P2Partisan stopped.
    +---------------------------------------------------------------+
    | 2/6) Migrating the configuration
    | 3/6) Copying p2partisan.sh into p2partisan.sh.old
    | 4/6) Installing new script into p2partisan.sh
    | 5/6) Setting up permissions
    | 6/6) all done, Please run the script manually!
    | NOTE: autorun setting is left as it was found
    +---------------------------------------------------------------+
    
    root@unknown:/tmp/mnt/usb/p2partisan# ./p2* status
    ./p2partisan.sh: line 866: syntax error: unexpected "|"
    root@unknown:/tmp/mnt/usb/p2partisan# ./p2*
    ./p2partisan.sh: line 866: syntax error: unexpected "|"
    root@unknown:/tmp/mnt/usb/p2partisan#
    
     
  14. rs232

    rs232 Network Guru Member

    There's something strange here...
    - line 866 does not have any "|"
    - it does on my router here although I don't have a VPN handling the default gateway
    - you can try to add " -x" after #!/bin/sh on the very first line and see where it stops and why
    - Regardless, try a:
    tr -d "\r"< ./p2partisan.sh > ./.temp ; mv ./.temp ./p2partisan.sh
    - Regardless, can you run this command for me and let me know the output?
    route | grep -E '^default.*.tun..$|ppp.$' | awk '{print $8}'

    Thanks
     
  15. Salvo

    Salvo Connected Client Member

    See the output from the above commands:

    Code:
    root@unknown:/tmp/mnt/usb/p2partisan# tr -d "\r"< ./p2partisan.sh > ./.temp ; mv ./.temp ./p2partisan.sh
    root@unknown:/tmp/mnt/usb/p2partisan#
    root@unknown:/tmp/mnt/usb/p2partisan#
    root@unknown:/tmp/mnt/usb/p2partisan# ./p2* status
    -sh: ./p2partisan.sh: Permission denied
    root@unknown:/tmp/mnt/usb/p2partisan# ./p2* start
    -sh: ./p2partisan.sh: Permission denied
    root@unknown:/tmp/mnt/usb/p2partisan# ls -l -a
    drwxrwxrwx    2 root     root          1024 Jul 27 23:04 .
    drwxr-xr-x    4 root     root          1024 Jul 23 23:40 ..
    -rwxrwxrwx    1 root     root         76630 Jul 27 19:47 ads.cidr
    -rwxrwxrwx    1 root     root        110010 Jul 27 19:47 advertisement.cidr
    -rwxrwxrwx    1 root     root           283 Jul 23 23:40 blacklist-custom
    -rwxrwxrwx    1 root     root          1606 Jul 24 20:14 blacklists
    -rw-r--r--    1 root     root            38 Jul 27 19:48 latest
    -rwxrwxrwx    1 root     root       7063048 Jul 27 19:47 level1.cidr
    -rwxrwxrwx    1 root     root       2460874 Jul 27 19:47 level2.cidr
    -rwxrwxrwx    1 root     root        547141 Jul 27 19:47 level3.cidr
    -rw-r--r--    1 root     root         81584 Jul 27 23:04 p2partisan.sh
    -rwxr-xr-x    1 root     root         81096 Jul 27 19:48 p2partisan_old
    -rwxrwxrwx    1 root     root         96389 Jul 27 19:47 spyware.cidr
    -rwxrwxrwx    1 root     root           378 Jul 23 23:40 whitelist
    root@unknown:/tmp/mnt/usb/p2partisan# chmod 777 p2p*sh
    root@unknown:/tmp/mnt/usb/p2partisan# ./p2* start
    ./p2partisan.sh: line 866: syntax error: unexpected "|"
    root@unknown:/tmp/mnt/usb/p2partisan# route | grep -E '^default.*.tun..$|ppp.$' | awk '{print $8}'
    tun11
    root@unknown:/tmp/mnt/usb/p2partisan#
    
    This is what I see in 866:

    [​IMG]
     
  16. rs232

    rs232 Network Guru Member

    It looks like my 866 is not 866. My 866 points to the fi 4 lines above. Which tells me there are 4 lines missing somewhere above that.
    Also it doesn't make any sense that it complains about a character within an echo which is just meant to printing out rather than execute. Did you edit the script by any chance? Asking because if not it could be the upgrade-beta routine that messed up things, hopefully not!
    Can you compare line by line the pastebin version and yours?

    Thanks
     
  17. Salvo

    Salvo Connected Client Member

    What is the paste link to beta ?

    Thanks
     
  18. Salvo

    Salvo Connected Client Member

    I have used link http://pastebin.com/raw.php?i=Lt1axJ9a from the *.sh script and made comparism between the link and the current one in a router. Below are the differences, in router script there are different values however even the 866 line point to the same character "|"

    Paste values:
    Code:
    P2Partisandir=/cifs1/p2partisan
    whiteports_tcp=43,80,443
    whiteports_udp=53,67,68,123,1194:1196
    testip=8.8.8.8
                    sed '1,/scheduleupdates/{s@scheduleupdates=.*@'"scheduleupdates=\"$scheduleupdates\""'@'} -i ./p2partisan_new.sh
    
    Router script values:
    Code:
    P2Partisandir=/mnt/usb/p2partisan
    whiteports_tcp=80,443,3658,8080
    whiteports_udp=53,123,1194:1197,1723,3658,67,68
    testip=216.58.211.4
                    sed '1,/scheduleupdates/{s@scheduleupdates="1,6"
     
  19. rs232

    rs232 Network Guru Member

    Ok there is actually new variable which I forgot to copy over. it's called "scheduleupdates".
    If you re-run the upgrade-beta it should add it automatically; do verify the variable is present after the upgrade within the configuration part of the script.

    Hopefully this will resolve
     
  20. Salvo

    Salvo Connected Client Member

    It is working now after upgrade, will provide a feedback...
     
  21. Bird333

    Bird333 Network Guru Member

    I'm not so sure now that P2Partisan is causing my problems.
     
  22. Salvo

    Salvo Connected Client Member

    See the output below

    Code:
    root@unknown:/tmp/mnt/usb/p2partisan# ./p2*sh status
    
    +------------------------- P2Partisan --------------------------+
    |            _______ __          __
    |           |     __|  |_.---.-.|  |_.--.--.-----.
    |           |__     |   _|  _  ||   _|  |  |__ --|
    |           |_______|____|___._||____|_____|_____|
    |
    | Release version:  v6.01 BETA (27/07/2015)
    +---------------------------------------------------------------+
    |         Running:  Yes
    |         Autorun:  Yes
    |           Tutor:  Yes / 0 problems in the last 24h
    |        Debugger:  Off
    | Partisan uptime:  0 - 06:10:03
    |    Startup time:  28 seconds
    |      Dropped in:  0
    |    Rejected out:  0
    +---------------------------------------------------------------+
    |       Black IPs:  0
    |       White IPs:  0
    |  TransmissionBT:  Off
    | White ports TCP:  80,443,3658,8080
    | White ports UDP:  1194:1197,53,123,1723,3658,67,68
    |    Blacklist_01:  [o] [e] [o] [o] - 4747 KB - level1
    |    Blacklist_02:  [o] [e] [o] [o] - 1357 KB - level2
    |    Blacklist_03:  [o] [e] [o] [o] -  322 KB - level3
    |    Blacklist_04:  [o] [e] [o] [o] -   49 KB - spyware
    |    Blacklist_05:  [o] [e] [o] [o] -   46 KB - advertisement
    |    Blacklist_06:  [o] [e] [o] [o] -   46 KB - ads
    |                    ^   ^   ^   ^
    |      maxload: 2 - pri sec cid ipt - [e]mpty [l]oading l[o]aded [p]artial [q]ueued
    |    Consumed RAM:  6619 KB
    +----------------------- Logs max(1/hour) ----------------------+
    
    
    +---------------------------------------------------------------+
    root@unknown:/tmp/mnt/usb/p2partisan# route | grep -E '^default.*.tun..$|ppp.$' | awk '{print $8}'
    tun11
    root@unknown:/tmp/mnt/usb/p2partisan# iptables -nvL INPUT
    Chain INPUT (policy DROP 0 packets, 0 bytes)
    pkts bytes target     prot opt in     out     source               destination
        2   166 P2PARTISAN-IN  all  --  tun11  *       0.0.0.0/0            0.0.0.0/0            state NEW
    2224  697K ACCEPT     all  --  tun11  *       0.0.0.0/0            0.0.0.0/0
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
    1398K 1626M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
        1    52 shlimit    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state NEW
      103 10689 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    5893  822K ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0
    root@unknown:/tmp/mnt/usb/p2partisan# iptables -nvL FORWARD
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target     prot opt in     out     source               destination
        0     0 P2PARTISAN-IN  all  --  tun11  *       0.0.0.0/0            0.0.0.0/0            state NEW
    1389K 1509M ACCEPT     all  --  tun11  *       0.0.0.0/0            0.0.0.0/0
    1009K  259M            all  --  *      *       0.0.0.0/0            0.0.0.0/0           account: network/netmask: 192.168.1.0/255.255.255.0 name: lan
        0     0 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0
    1286 66702 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
    14261  854K TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x06/0x02 TCPMSS clamp to PMTU
    939K  251M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
        0     0 wanin      all  --  vlan2  *       0.0.0.0/0            0.0.0.0/0
      192 22155 wanout     all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0
    69351 7504K ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0
        0     0 upnp       all  --  vlan2  *       0.0.0.0/0            0.0.0.0/0
    root@unknown:/tmp/mnt/usb/p2partisan# cat ./iptables-add
    # 1438177606
    iptables -N P2PARTISAN-IN
    iptables -N P2PARTISAN-OUT
    iptables -N P2PARTISAN-LISTS-IN
    iptables -N P2PARTISAN-LISTS-OUT
    iptables -N P2PARTISAN-DROP-IN
    iptables -N P2PARTISAN-DROP-OUT
    iptables -F P2PARTISAN-IN
    iptables -F P2PARTISAN-OUT
    iptables -F P2PARTISAN-LISTS-IN
    iptables -F P2PARTISAN-LISTS-OUT
    iptables -F P2PARTISAN-DROP-IN
    iptables -F P2PARTISAN-DROP-OUT
    iptables -A P2PARTISAN-IN -m set  --match-set blacklist-custom src -j P2PARTISAN-DROP-IN
    iptables -A P2PARTISAN-OUT -m set  --match-set blacklist-custom dst -j P2PARTISAN-DROP-OUT
    iptables -A P2PARTISAN-IN -m set  --match-set whitelist src -j RETURN
    iptables -A P2PARTISAN-IN -m set  --match-set whitelist dst -j RETURN
    iptables -A P2PARTISAN-OUT -m set  --match-set whitelist src -j RETURN
    iptables -A P2PARTISAN-OUT -m set  --match-set whitelist dst -j RETURN
    iptables -A P2PARTISAN-IN -i vlan2 -p tcp --match multiport --sports 80,443,3658,8080 -j RETURN
    iptables -A P2PARTISAN-IN -i vlan2 -p tcp --match multiport --dports 80,443,3658,8080 -j RETURN
    iptables -A P2PARTISAN-OUT -o vlan2 -p tcp --match multiport --sports 80,443,3658,8080 -j RETURN
    iptables -A P2PARTISAN-OUT -o vlan2 -p tcp --match multiport --dports 80,443,3658,8080 -j RETURN
    iptables -A P2PARTISAN-IN -i vlan2 -p udp --match multiport --sports 1194:1197,53,123,1723,3658,67,68 -j RETURN
    iptables -A P2PARTISAN-IN -i vlan2 -p udp --match multiport --dports 1194:1197,53,123,1723,3658,67,68 -j RETURN
    iptables -A P2PARTISAN-OUT -o vlan2 -p udp --match multiport --sports 1194:1197,53,123,1723,3658,67,68 -j RETURN
    iptables -A P2PARTISAN-OUT -o vlan2 -p udp --match multiport --dports 1194:1197,53,123,1723,3658,67,68 -j RETURN
    iptables -A P2PARTISAN-IN -j P2PARTISAN-LISTS-IN
    iptables -A P2PARTISAN-OUT -j P2PARTISAN-LISTS-OUT
    iptables -A P2PARTISAN-DROP-IN -m limit --limit 1/hour --limit-burst 1 -j LOG --log-prefix 'P2Partisan Dropped IN - ' --log-level 1
    iptables -A P2PARTISAN-DROP-OUT -m limit --limit 1/hour  --limit-burst 1 -j LOG --log-prefix 'P2Partisan Rejected OUT - ' --log-level 1
    iptables -A P2PARTISAN-DROP-IN -j DROP
    iptables -A P2PARTISAN-DROP-OUT -j REJECT --reject-with icmp-admin-prohibited
    iptables -A P2PARTISAN-LISTS-IN -m set  --match-set level1 src -j P2PARTISAN-DROP-IN
    iptables -A P2PARTISAN-LISTS-OUT -m set  --match-set level1 dst -j P2PARTISAN-DROP-OUT
    iptables -A P2PARTISAN-LISTS-IN -m set  --match-set level2 src -j P2PARTISAN-DROP-IN
    iptables -A P2PARTISAN-LISTS-OUT -m set  --match-set level2 dst -j P2PARTISAN-DROP-OUT
    iptables -A P2PARTISAN-LISTS-IN -m set  --match-set level3 src -j P2PARTISAN-DROP-IN
    iptables -A P2PARTISAN-LISTS-OUT -m set  --match-set level3 dst -j P2PARTISAN-DROP-OUT
    iptables -A P2PARTISAN-LISTS-IN -m set  --match-set spyware src -j P2PARTISAN-DROP-IN
    iptables -A P2PARTISAN-LISTS-OUT -m set  --match-set spyware dst -j P2PARTISAN-DROP-OUT
    iptables -A P2PARTISAN-LISTS-IN -m set  --match-set advertisement src -j P2PARTISAN-DROP-IN
    iptables -A P2PARTISAN-LISTS-OUT -m set  --match-set advertisement dst -j P2PARTISAN-DROP-OUT
    iptables -A P2PARTISAN-LISTS-IN -m set  --match-set ads src -j P2PARTISAN-DROP-IN
    iptables -A P2PARTISAN-LISTS-OUT -m set  --match-set ads dst -j P2PARTISAN-DROP-OUT
    iptables -I INPUT 1 -i vlan2 -m state --state NEW -j P2PARTISAN-IN
    iptables -I OUTPUT 1 -o vlan2 -m state --state NEW -j P2PARTISAN-OUT
    iptables -I wanin 1 -i vlan2 -m state --state NEW -j P2PARTISAN-IN
    iptables -I wanout 1 -o vlan2 -m state --state NEW -j P2PARTISAN-OUT
    iptables -I INPUT 1 -i tun11 -m state --state NEW -j P2PARTISAN-IN
    iptables -I FORWARD 1 -i tun11 -m state --state NEW -j P2PARTISAN-IN
    root@unknown:/tmp/mnt/usb/p2partisan# cat ./iptables-del
    # 1438177606
    iptables -D INPUT -i tun11 -m state --state NEW -j P2PARTISAN-IN
    iptables -D FORWARD -i tun11 -m state --state NEW -j P2PARTISAN-IN
    iptables -D wanin -i vlan2 -m state --state NEW -j P2PARTISAN-IN
    iptables -D wanout -o vlan2 -m state --state NEW -j P2PARTISAN-OUT
    iptables -D INPUT -i vlan2 -m state --state NEW -j P2PARTISAN-IN
    iptables -D OUTPUT -o vlan2 -m state --state NEW -j P2PARTISAN-OUT
    iptables -F P2PARTISAN-DROP-IN
    iptables -F P2PARTISAN-DROP-OUT
    iptables -F P2PARTISAN-LISTS-IN
    iptables -F P2PARTISAN-LISTS-OUT
    iptables -F P2PARTISAN-IN
    iptables -F P2PARTISAN-OUT
    iptables -X P2PARTISAN-IN
    iptables -X P2PARTISAN-OUT
    iptables -X P2PARTISAN-LISTS-IN
    iptables -X P2PARTISAN-LISTS-OUT
    iptables -X P2PARTISAN-DROP-IN
    iptables -X P2PARTISAN-DROP-OUT
    root@unknown:/tmp/mnt/usb/p2partisan#
    
     
  23. rs232

    rs232 Network Guru Member

    Yes that makes sense it was a silly of me trying to resolve the way I tried, tunnels don't see the new sessions and I need to filter before things are encapsulated. Let me have a think on what's the best way to tackle this and I'll get back to you.
     
  24. Salvo

    Salvo Connected Client Member

    Thanks a lot for a feedback, take your time...
     
  25. rs232

    rs232 Network Guru Member

    I had a blind attempt at this and released 6.01 BETA2. I'm not expecting thsi to work out of the box but at least to give additional clue and perhaps capture some packet on the tunnel. Try upgrade-beta and let me know the output of the usual commands please.

    Thanks!
     
    Last edited: Jul 31, 2015
  26. Salvo

    Salvo Connected Client Member

    Hi, I was trying to perform upgrade but can't due to procedure fail. Procedure can't stop the p2partisan which is very strange to me, I waited for few minutes but didn't help...

    Code:
    root@unknown:/tmp/mnt/usb/p2partisan# ./p2partisan.sh status
    
    +------------------------- P2Partisan --------------------------+
    |            _______ __          __
    |           |     __|  |_.---.-.|  |_.--.--.-----.
    |           |__     |   _|  _  ||   _|  |  |__ --|
    |           |_______|____|___._||____|_____|_____|
    |
    | Release version:  v6.01 BETA (27/07/2015)
    +---------------------------------------------------------------+
    |         Running:  Yes
    |         Autorun:  Yes
    |           Tutor:  Yes / 0 problems in the last 24h
    |        Debugger:  Off
    | Partisan uptime:  3 - 21:25:55
    |    Startup time:  28 seconds
    |      Dropped in:  106
    |    Rejected out:  0
    +---------------------------------------------------------------+
    |       Black IPs:  0
    |       White IPs:  0
    |  TransmissionBT:  Off
    | White ports TCP:  80,443,3658,8080
    | White ports UDP:  1194:1197,53,123,1723,3658,67,68
    |    Blacklist_01:  [o] [e] [o] [o] - 4741 KB - level1
    |    Blacklist_02:  [o] [e] [o] [o] - 2063 KB - level2
    |    Blacklist_03:  [o] [e] [o] [o] -  323 KB - level3
    |    Blacklist_04:  [o] [e] [o] [o] -   48 KB - spyware
    |    Blacklist_05:  [o] [e] [o] [o] -   46 KB - advertisement
    |    Blacklist_06:  [o] [e] [o] [o] -   46 KB - ads
    |                    ^   ^   ^   ^
    |      maxload: 2 - pri sec cid ipt - [e]mpty [l]oading l[o]aded [p]artial [q]ueued
    |    Consumed RAM:  7320 KB
    +----------------------- Logs max(1/hour) ----------------------+
    
    
    +---------------------------------------------------------------+
    root@unknown:/tmp/mnt/usb/p2partisan# ./p2partisan.sh stop
    
    +------------------------- P2Partisan --------------------------+
    |                   _______ __
    |                  |     __|  |_.-----.-----.
    |                  |__     |   _|  _  |  _  |
    |            Hard  |_______|____|_____|   __|
    |                                     |__|
    |
    +---------------------------------------------------------------+
    ^C
    root@unknown:/tmp/mnt/usb/p2partisan# ./p2partisan.sh upgrade-beta
    | Do you want to install the latest testing beta (not suggested)?
    |
    | y/n
    y
    | Upgrading, please wait:
    | 1/6) Stopping the script
    
    +------------------------- P2Partisan --------------------------+
    |                   _______ __
    |                  |     __|  |_.-----.-----.
    |                  |__     |   _|  _  |  _  |
    |            Hard  |_______|____|_____|   __|
    |                                     |__|
    |
    +---------------------------------------------------------------+
    
    
     
  27. rs232

    rs232 Network Guru Member

    Never seen this before, does a reboot help?
     
  28. rs232

    rs232 Network Guru Member

    Is it possible that the google ping is interfering again here? Try to set
    autorun_availability_check to 0
     
  29. Salvo

    Salvo Connected Client Member

    Here you go

    Code:
    root@unknown:/tmp/mnt/usb/p2partisan# ./p2partisan.sh status
    
    +------------------------- P2Partisan --------------------------+
    |            _______ __          __
    |           |     __|  |_.---.-.|  |_.--.--.-----.
    |           |__     |   _|  _  ||   _|  |  |__ --|
    |           |_______|____|___._||____|_____|_____|
    |
    | Release version:  v6.01 BETA2 (31/07/2015)
    +---------------------------------------------------------------+
    |         Running:  Yes
    |         Autorun:  No
    |           Tutor:  Yes / 0 problems in the last 24h
    |        Debugger:  Off
    | Partisan uptime:  0 - 00:14:16
    |    Startup time:  43 seconds
    |      Dropped in:  0
    |    Rejected out:  0
    +---------------------------------------------------------------+
    |       Black IPs:  0
    |       White IPs:  0
    |  TransmissionBT:  Off
    | White ports TCP:  80,443,3658,8080
    | White ports UDP:  1194:1197,53,123,1723,3658,67,68
    |    Blacklist_01:  [o] [e] [o] [o] - 4743 KB - level1
    |    Blacklist_02:  [o] [e] [o] [o] - 1359 KB - level2
    |    Blacklist_03:  [o] [e] [o] [o] -  322 KB - level3
    |    Blacklist_04:  [o] [e] [o] [o] -   48 KB - spyware
    |    Blacklist_05:  [o] [e] [o] [o] -   46 KB - advertisement
    |    Blacklist_06:  [o] [e] [o] [o] -   46 KB - ads
    |                    ^   ^   ^   ^
    |      maxload: 2 - pri sec cid ipt - [e]mpty [l]oading l[o]aded [p]artial [q]ueued
    |    Consumed RAM:  6617 KB
    +----------------------- Logs max(1/hour) ----------------------+
    
    
    +---------------------------------------------------------------+
    root@unknown:/tmp/mnt/usb/p2partisan# route | grep -E '^default.*.tun..$|ppp.$' | awk '{print $8}'
    tun11
    root@unknown:/tmp/mnt/usb/p2partisan# iptables -nvL INPUT
    Chain INPUT (policy DROP 0 packets, 0 bytes)
    pkts bytes target     prot opt in     out     source               destination
        0     0 P2PARTISAN-IN  all  --  vlan2  *       0.0.0.0/0            0.0.0.0/0            state NEW
    1165  472K ACCEPT     all  --  tun11  *       0.0.0.0/0            0.0.0.0/0
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
    297K  354M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
        2   144 shlimit    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state NEW
       51  4356 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    4266  425K ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0
    root@unknown:/tmp/mnt/usb/p2partisan#  iptables -nvL FORWARD
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target     prot opt in     out     source               destination
    19465 1479K P2PARTISAN-IN  all  --  *      tun11   0.0.0.0/0            0.0.0.0/0            state NEW
    287K  329M ACCEPT     all  --  tun11  *       0.0.0.0/0            0.0.0.0/0
    237K   21M            all  --  *      *       0.0.0.0/0            0.0.0.0/0           account: network/netmask: 192.168.1.0/255.255.255.0 name: lan
        0     0 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0
      221 12776 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
    12653  747K TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x06/0x02 TCPMSS clamp to PMTU
    212K   19M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
        0     0 wanin      all  --  vlan2  *       0.0.0.0/0            0.0.0.0/0
       39  3010 wanout     all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0
    24521 2182K ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0
        0     0 upnp       all  --  vlan2  *       0.0.0.0/0            0.0.0.0/0
    root@unknown:/tmp/mnt/usb/p2partisan#  cat ./iptables-add
    # 1438802186
    iptables -N P2PARTISAN-IN
    iptables -N P2PARTISAN-OUT
    iptables -N P2PARTISAN-LISTS-IN
    iptables -N P2PARTISAN-LISTS-OUT
    iptables -N P2PARTISAN-DROP-IN
    iptables -N P2PARTISAN-DROP-OUT
    iptables -F P2PARTISAN-IN
    iptables -F P2PARTISAN-OUT
    iptables -F P2PARTISAN-LISTS-IN
    iptables -F P2PARTISAN-LISTS-OUT
    iptables -F P2PARTISAN-DROP-IN
    iptables -F P2PARTISAN-DROP-OUT
    iptables -A P2PARTISAN-IN -m set  --match-set blacklist-custom src -j P2PARTISAN-DROP-IN
    iptables -A P2PARTISAN-OUT -m set  --match-set blacklist-custom dst -j P2PARTISAN-DROP-OUT
    iptables -D OUTPUT -i tun11 -m state --state NEW -j P2PARTISAN-IN
    iptables -A P2PARTISAN-IN -m set  --match-set whitelist src -j RETURN
    iptables -A P2PARTISAN-IN -m set  --match-set whitelist dst -j RETURN
    iptables -A P2PARTISAN-OUT -m set  --match-set whitelist src -j RETURN
    iptables -A P2PARTISAN-OUT -m set  --match-set whitelist dst -j RETURN
    iptables -A P2PARTISAN-IN -i vlan2 -p tcp --match multiport --sports 80,443,3658,8080 -j RETURN
    iptables -A P2PARTISAN-IN -i vlan2 -p tcp --match multiport --dports 80,443,3658,8080 -j RETURN
    iptables -A P2PARTISAN-OUT -o vlan2 -p tcp --match multiport --sports 80,443,3658,8080 -j RETURN
    iptables -A P2PARTISAN-OUT -o vlan2 -p tcp --match multiport --dports 80,443,3658,8080 -j RETURN
    iptables -A P2PARTISAN-IN -i vlan2 -p udp --match multiport --sports 1194:1197,53,123,1723,3658,67,68 -j RETURN
    iptables -A P2PARTISAN-IN -i vlan2 -p udp --match multiport --dports 1194:1197,53,123,1723,3658,67,68 -j RETURN
    iptables -A P2PARTISAN-OUT -o vlan2 -p udp --match multiport --sports 1194:1197,53,123,1723,3658,67,68 -j RETURN
    iptables -A P2PARTISAN-OUT -o vlan2 -p udp --match multiport --dports 1194:1197,53,123,1723,3658,67,68 -j RETURN
    iptables -A P2PARTISAN-IN -j P2PARTISAN-LISTS-IN
    iptables -A P2PARTISAN-OUT -j P2PARTISAN-LISTS-OUT
    iptables -A P2PARTISAN-DROP-IN -m limit --limit 1/hour --limit-burst 1 -j LOG --log-prefix 'P2Partisan Dropped IN - ' --log-level 1
    iptables -A P2PARTISAN-DROP-OUT -m limit --limit 1/hour  --limit-burst 1 -j LOG --log-prefix 'P2Partisan Rejected OUT - ' --log-level 1
    iptables -A P2PARTISAN-DROP-IN -j DROP
    iptables -A P2PARTISAN-DROP-OUT -j REJECT --reject-with icmp-admin-prohibited
    iptables -A P2PARTISAN-LISTS-IN -m set  --match-set level1 src -j P2PARTISAN-DROP-IN
    iptables -A P2PARTISAN-LISTS-OUT -m set  --match-set level1 dst -j P2PARTISAN-DROP-OUT
    iptables -A P2PARTISAN-LISTS-IN -m set  --match-set level2 src -j P2PARTISAN-DROP-IN
    iptables -A P2PARTISAN-LISTS-OUT -m set  --match-set level2 dst -j P2PARTISAN-DROP-OUT
    iptables -A P2PARTISAN-LISTS-IN -m set  --match-set level3 src -j P2PARTISAN-DROP-IN
    iptables -A P2PARTISAN-LISTS-OUT -m set  --match-set level3 dst -j P2PARTISAN-DROP-OUT
    iptables -A P2PARTISAN-LISTS-IN -m set  --match-set spyware src -j P2PARTISAN-DROP-IN
    iptables -A P2PARTISAN-LISTS-OUT -m set  --match-set spyware dst -j P2PARTISAN-DROP-OUT
    iptables -A P2PARTISAN-LISTS-IN -m set  --match-set advertisement src -j P2PARTISAN-DROP-IN
    iptables -A P2PARTISAN-LISTS-OUT -m set  --match-set advertisement dst -j P2PARTISAN-DROP-OUT
    iptables -A P2PARTISAN-LISTS-IN -m set  --match-set ads src -j P2PARTISAN-DROP-IN
    iptables -A P2PARTISAN-LISTS-OUT -m set  --match-set ads dst -j P2PARTISAN-DROP-OUT
    iptables -I INPUT 1 -i vlan2 -m state --state NEW -j P2PARTISAN-IN
    iptables -I OUTPUT 1 -o vlan2 -m state --state NEW -j P2PARTISAN-OUT
    iptables -I wanin 1 -i vlan2 -m state --state NEW -j P2PARTISAN-IN
    iptables -I wanout 1 -o vlan2 -m state --state NEW -j P2PARTISAN-OUT
    iptables -I INPUT 1 -o tun11 -m state --state NEW -j P2PARTISAN-IN
    iptables -I OUTPUT 1 -i tun11 -m state --state NEW -j P2PARTISAN-IN
    iptables -I FORWARD 1 -o tun11 -m state --state NEW -j P2PARTISAN-IN
    root@unknown:/tmp/mnt/usb/p2partisan#  cat ./iptables-del
    # 1438802186
    iptables -D INPUT -o tun11 -m state --state NEW -j P2PARTISAN-IN
    iptables -D FORWARD -o tun11 -m state --state NEW -j P2PARTISAN-IN
    iptables -D wanin -i vlan2 -m state --state NEW -j P2PARTISAN-IN
    iptables -D wanout -o vlan2 -m state --state NEW -j P2PARTISAN-OUT
    iptables -D INPUT -i vlan2 -m state --state NEW -j P2PARTISAN-IN
    iptables -D OUTPUT -o vlan2 -m state --state NEW -j P2PARTISAN-OUT
    iptables -F P2PARTISAN-DROP-IN
    iptables -F P2PARTISAN-DROP-OUT
    iptables -F P2PARTISAN-LISTS-IN
    iptables -F P2PARTISAN-LISTS-OUT
    iptables -F P2PARTISAN-IN
    iptables -F P2PARTISAN-OUT
    iptables -X P2PARTISAN-IN
    iptables -X P2PARTISAN-OUT
    iptables -X P2PARTISAN-LISTS-IN
    iptables -X P2PARTISAN-LISTS-OUT
    iptables -X P2PARTISAN-DROP-IN
    iptables -X P2PARTISAN-DROP-OUT
    root@unknown:/tmp/mnt/usb/p2partisan#
    
     
  30. rs232

    rs232 Network Guru Member

    Ok, still not working. Let's do this way: I'll set up a tunnel here at mine and see if I can come up with a solution. The only thing is that it's a terrible period at work so I guess it will be sometime in September. I can confirm though that I'm interested in covering this scenario, so leave it with me!
     
  31. Salvo

    Salvo Connected Client Member

    Ok, no problem, will wait for your response...

    Thanks
     
  32. shadowro

    shadowro Serious Server Member

    root@unknown:/tmp/mnt/optware/p2partisan# wget http://pastebin.com/raw.php?i=mUeS6jP2 -O p2partisan.sh
    wget: bad address 'pastebin.com'

    tomato shibby 131 arm

    any idea why?
    thank you.

    trying a new install on arm router
    mips works fine
     
  33. rs232

    rs232 Network Guru Member

    It should work out of the box. If it gives you problems try with quotation:
    Code:
    wget "http://pastebin.com/raw.php?i=mUeS6jP2" -O p2partisan.sh
     
  34. shadowro

    shadowro Serious Server Member

    no luck with quotations
    thanks @rs232
     
  35. rs232

    rs232 Network Guru Member

    That's odd. Can you resolve e.g. browse pastebin manually from your client browser?
    How do you run the scrip? Paste into SSH client? Run from Tomato GUI system commands?
     
  36. shadowro

    shadowro Serious Server Member

    yes I can see it in the browser
    paste command in ssh/putty
    thx
     
  37. shadowro

    shadowro Serious Server Member

    router acts like a repeater
    dhcp is off, but it shouldn't matter
     
  38. rs232

    rs232 Network Guru Member

    The url must work, it worked for everybody else, so it makes me think that there's something else you should look into. If it really doesn't copy and paste within nano and save as p2partisan.sh.

    What do you mean by this?
    P2Partisan is meant to run on the gateway device and it is expected to have a wanin & wanout interface (route packet at layer 3 and not bridge at layer 2)
     
  39. AndreDVJ

    AndreDVJ Addicted to LI Member

    It just works...
    Code:
    root@WNR3500Lv2:/tmp/home/root# wget "http://pastebin.com/raw.php?i=mUeS6jP2" -O
    p2partisan.sh
    --2015-08-15 10:50:58--  http://pastebin.com/raw.php?i=mUeS6jP2
    Resolving pastebin.com... 190.93.241.15, 141.101.112.16, 190.93.242.15, ...
    Connecting to pastebin.com|190.93.241.15|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: unspecified [text/plain]
    Saving to: 'p2partisan.sh'
    
    p2partisan.sh           [  <=>                 ]  80.82K   228KB/s   in 0.4s
    
    2015-08-15 10:50:58 (228 KB/s) - 'p2partisan.sh' saved [82757]
    
    Please paste the output of the following command:
    Code:
    nslookup pastebin.com
     
  40. xman0980

    xman0980 New Member Member

    Release version: v5.13 (03/07/2015)
    +---------------------------------------------------------------+
    | Running: Loading...
    | Autorun: No
    | Scheduled: No / 0 since device boot
    | Tutor: Yes / 3 in the last 24h
    | Debugger: Off
    +---------------------------------------------------------------+
    | Partisan uptime: 0 - 00:25:33
    | Startup time: 85 seconds
    | Dropped in:
    | Rejected out:
    +---------------------------------------------------------------+
    | Black IPs: 0
    | White IPs: 3 / 1 LAN IP ref defined
    | TransmissionBT: Off
    | White ports TCP: 2544,80,443,3658,8080
    | White ports UDP: 1194:1197,53,123,1723,3658,67,68
    | Black lists: 1
    +----------------------- Logs max(1/hour) ----------------------+
    | Aug 21 13:39:31 I=vlan2 O= S=194.181.139.7 D=67.182.18.54 UDP S=4087 D=49765


    as u can see ive been running it for about 25 minutes and now it says loading. It was running earlier and I had numbers in the dropped and rejected lines. Did something happen? I just left the putty window open wince i started it.

    so i paused it and then started it again and now I have this
    Release version: v5.13 (03/07/2015)
    +---------------------------------------------------------------+
    | Running: Yes
    | Autorun: No
    | Scheduled: No / 0 since device boot
    | Tutor: Yes / 5 in the last 24h
    | Debugger: Off
    +---------------------------------------------------------------+
    | Partisan uptime: 0 - 00:02:24
    | Startup time: 94 seconds
    | Dropped in: 0
    | Rejected out: 0
    +---------------------------------------------------------------+
    | Black IPs: 0
    | White IPs: 1 / 1 LAN IP ref defined
    | TransmissionBT: Off
    | White ports TCP: 2544,80,443,3658,8080
    | White ports UDP: 1194:1197,53,123,1723,3658,67,68
    | Black lists: 1
    +----------------------- Logs max(1/hour) ----------------------+
    | Aug 21 13:39:31 I=vlan2 O= S=194.181.139.7 D=67.182.18.54 UDP S=4087 D=49765


    i dont understand why the white ips went from 3 to 1

    had to restart it, and its back to 3 on the white ips
     
    Last edited: Aug 22, 2015
  41. rs232

    rs232 Network Guru Member

    The whiteIp does count the number of lines in the whitelist file unless you changed it manually it shouldn't chente by itself.

    I suggest you run a fresh install btw the tutor calls (5 in the last 24 h) make me thing there might me something unusual your installation... what do you see in the logs? Where have you installed the script?
     
  42. xman0980

    xman0980 New Member Member

    yesterday was the first time I've installed the script

    here is my current status
    Release version: v5.13 (03/07/2015)
    +---------------------------------------------------------------+
    | Running: Yes
    | Autorun: Yes
    | Scheduled: No / 0 since device boot
    | Tutor: Yes / in the last 24h
    | Debugger: Off
    +---------------------------------------------------------------+
    | Partisan uptime: 16669 - 14:17:11
    | Startup time: 88 seconds
    | Dropped in: 70
    | Rejected out: 0
    +---------------------------------------------------------------+
    | Black IPs: 0
    | White IPs: 1 / 1 LAN IP ref defined
    | TransmissionBT: Off
    | White ports TCP: 2544,80,443,3658,8080
    | White ports UDP: 1194:1197,53,123,1723,3658,67,68
    | Black lists: 1
    +----------------------- Logs max(1/hour) ----------------------+
    | Aug 22 06:37:44 I=vlan2 O= S=74.208.205.112 D=67.182.18.54 UDP S=5093 D=5060

    +---------------------------------------------------------------+
    root@unknown:/tmp/mnt/sda/p2partisan#


    i have it installed on a thumbdrive on my RT-N16.

    I cant post what i have in my whitelist or blacklist since im still too new.

    Basically in the whitelist I have the list of Steam IPS from iblocklist and my local range of 192.168.1.1-192.168.1.254

    Blacklist has a peerblock that has over 2 million entries

    where do i find logs?
     
  43. rs232

    rs232 Network Guru Member

    Do you understand the meaning of whitelisting 192.168.1.1-192.168.1.254?
    You're pretty much saying: disable P2Partisan for these IPs so nothing will be filtered from/to any of the IP in range.

    The logs are stored in the system Log so find them via the tomato GUI or (given you have not modified the default location) under /var/log/messages

    Apart from that I don't see many problems in what you posted...
     
  44. Bird333

    Bird333 Network Guru Member

    Do you think you can work on finding good lists to block Windows 10 spying? I found a list here https://gist.github.com/TheZ3ro/fba31411e7706f074466 but I read that Windows 10 has some ip addresses hardcoded in the OS so that list might not work. In my opinion this needs to be blocked. The lack of privacy is getting out of hand.
     
  45. Runey

    Runey New Member Member

    Sorry for being a noob but I need some help with this :( I think I have everything installed correctly. P2Partisan starts ok and seems to load the custom blacklist. P2Partisan does see the IP address when I test it. I can still go to the site even though it is in my blacklist. I'm obviously doing something wrong or not understanding at all how this is meant to work. I'm assuming that I should not be able to go to any of the IP's that are in the custom blacklist. However that does not seem to be the case. Any help would be greatly appreciated.

    Code:
    root@ROUTER:/jffs/apps/p2partisan# p2partisan.sh
    
    +------------------------- P2Partisan --------------------------+
    |                 _______ __               __
    |                |     __|  |_.---.-.----.|  |_
    |                |__     |   _|  _  |   _||   _|
    |                |_______|____|___._|__|  |____|
    |
    +---------------------------------------------------------------+
    +--------- PREPARATION --------
    | Loading the ipset modules
    +---- CUSTOM IP BLACKLIST -----
    | preparing blacklist-custom ...
    | Loading Blacklist_00 data ---> ***Custom IP blacklist***
    +--------- GREYPORTs ----------
    |  TransmissionBT:  Off
    +--------- WHITEPORTs ---------
    | Loading white TCP ports 80,443,3658,8080
    | Loading white UDP ports 1194:1197,53,123,1723,3658,67,68
    +--------- WHITE IPs ---------
    | preparing IP whitelist ...
    | Loading IP whitelist data ---> ***IP Whitelist***
    +------- IP BLACKLISTs -------
    | Async loading [cached] Blacklist_01 --> ***pornography***
    | P2PARTISAN: ... P2Partisan started
    +------------------------- Controls ----------------------------+
    | P2PARTISAN: log-async found under dnsmasq -> OK
    +---------------------------------------------------------------+
    
    +------------------------- P2Partisan --------------------------+
    |                _______         __
    |               |_     _|.--.--.|  |_.-----.----.
    |                 |   |  |  |  ||   _|  _  |   _|
    |                 |___|  |_____||____|_____|__|
    |
    +-------------------------- Scheduler --------------------------+
    | P2PARTISAN: P2Partisan tutor is ON
    +---------------------------------------------------------------+
    
    root@ROUTER:/jffs/apps/p2partisan# p2partisan.sh status
    
    +------------------------- P2Partisan --------------------------+
    |            _______ __          __
    |           |     __|  |_.---.-.|  |_.--.--.-----.
    |           |__     |   _|  _  ||   _|  |  |__ --|
    |           |_______|____|___._||____|_____|_____|
    |
    | Release version:  v6.00 (15/07/2015)
    +---------------------------------------------------------------+
    |         Running:  Yes
    |         Autorun:  Yes
    |           Tutor:  Yes / 0 problems in the last 24h
    |        Debugger:  Off
    | Partisan uptime:  0 - 00:22:19
    |    Startup time:  735 seconds
    |      Dropped in:  53
    |    Rejected out:  0
    +---------------------------------------------------------------+
    |       Black IPs:  1
    |       White IPs:  0
    |  TransmissionBT:  Off
    | White ports TCP:  80,443,3658,8080
    | White ports UDP:  1194:1197,53,123,1723,3658,67,68
    |    Blacklist_01:  [o] [e] [o] [o] -  661 KB - pornography
    |                    ^   ^   ^   ^
    |      maxload: 2 - pri sec cid ipt - [e]mpty [l]oading l[o]aded [p]artial [q]ueued
    |    Consumed RAM:  669 KB
    +----------------------- Logs max(1/hour) ----------------------+
    | Aug 24 17:50:07 I=vlan2 O= S=10.0.0.1 D=224.0.0.1 2
    
    +---------------------------------------------------------------+
    
    root@ROUTER:/jffs/apps/p2partisan# p2partisan.sh test 82.98.134.46
    
    +------------------------- P2Partisan --------------------------+
    |                  _______               __
    |                 |_     _|.-----.-----.|  |_
    |                   |   |  |  -__|__ --||   _|
    |                   |___|  |_____|_____||____|
    |
    +----------- Lists are sorted in order of precedence -----------+
    | 82.98.134.46 not found in    blacklist-custom
    | 82.98.134.46 not found in    whitelist
    | 82.98.134.46 found in        pornography
    +---------------------------------------------------------------+
    |        in case of multiple match the first prevails
    +---------------------------------------------------------------+
    root@ROUTER:/jffs/apps/p2partisan#
     
    Last edited: Aug 24, 2015
  46. rs232

    rs232 Network Guru Member

    "Going to the site" I guess you're talking about browsing? If that's the case the behaviour is wanted! ports 80 and 443 are whitelisted by default. Remember P2Partisan is for P2P traffic.
    Might I suggest to read the original post top to bottom. I admit it could have been written in a better way but all the questions you're asking are answered there.

    Give it a go and if you still have problems then ask again

    Thanks
     
  47. rs232

    rs232 Network Guru Member

    Interesting...
    I'm not creating/maintaining any list myself, but if you want to block what you can find at that page you could add the FQDNs into the blacklist-custom and restart P2Partisan
     
  48. Runey

    Runey New Member Member

    Thanks for the response. I guess I read mass IP blocking and equivalent of PeerBlock and jumped to the conclusion I could block browser traffic. The P2P really should have been a give away. I realised after I posted that the port whitelist may be the issue. In PeerBlock I have to de-select ports 80 and 443 in order to block unwanted website in the browser. I tried stopping P2Partisan, removing 80 and 443 from the port whitelist, and restarting but no joy.

    Is it at all possible to block unwanted websites in browsers using P2Partisan or am I just totally off track? If it isn't possible any suggestions on achieving this in my router would be appreciated (Netgear R7000 using Tomato firmware).
     
  49. rs232

    rs232 Network Guru Member

    P2Partisan is the equivalent of peerblock for tomato but it does even more so that might create confusion.
    P2Partisan talks IP and allows ports (regardless of the IP) to bypass the filtering rules e.g. whipteports_tcp/whiteports_udp.
    Please refer to the flowchart as per original post to follow the filtering logic.
    http://www.linksysinfo.org/index.php?attachments/screenshot012-png.3630/
    If the IP you're trying to reach via web is blacklisted AND port 80/443 is not present into whiteports_tcp the communication will be blocked ... unless you have whitelisted the IP!

    Not having said that I can see from your example that you're using a specific list which is not common and fro ma different provider. So let's do some troubleshooting...

    - Can you please confirm what it's the format of the file as downloaded by the list provider?
    - Is it provided in .gz format?
    - If you extract it manually, what does a random line look like?
    - Try:
    ./p2partisan.sh status <listname>
    do you see elements loaded into the lists?

    Finally... I can see you've installed P2Partisan under jffs... I've never tried this before but I'd say this is not suggested as lists are updated periodically and there could be some intense read/write operation going on that it's not healthy for the router without using a sort of external media... can you confirm how much space you have available? In general I suggest to get a cheap usb pen drive (and not only for P2Partisan...)

    HTH
    rs232
     
  50. Runey

    Runey New Member Member

    Sorry to be such a hassle. As you can tell I'm new to all this and appreciate your help. My blacklist-custom is emtpy. blacklist only contains one entry. whitelist is empty. In p2partisan.sh my whitelisted ports are:

    Code:
    whiteports_tcp=3658,8080
    whiteports_udp=53,123,1194:1197,1723,3658
    So if I'm following the flowchart correctly then all traffic on port 80 and 443 should be getting checked against my blacklist and matching IP's should be getting dropped. I have also tried entering a few IP's into blacklist-custom which I believe should be blocked regardless of what is in the whitelist, whitelist_tcp, or whitelist_udp (again assuming I am reading the flowchart correctly). Those IPs are not being blocked in the browser. Is it possible I've stuffed up the installation somehow?

    The list is from iblocklist.com. File format is P2P. Archive format is gz. Random line looks like this:

    Code:
    desiredtube.com:78.140.173.251-78.140.173.251
    Output from p2partisan.sh status <listname> is:

    Code:
    root@ROUTER:/jffs/apps/p2partisan# p2partisan.sh status pornography
    
    +------------------------- P2Partisan --------------------------+
    |  _____   __         __          _______ __          __
    | |     |_|__|.-----.|  |_ ______|     __|  |_.---.-.|  |_.--.--.-----.
    | |       |  ||__ --||   _|______|__     |   _|  _  ||   _|  |  |__ --|
    | |_______|__||_____||____|      |_______|____|___._||____|_____|_____|        
    |
    +---------------------------------------------------------------+
    |                    list name: pornography
    +---------------------------------------------------------------+
    | Primary lists and iptables are used for filtering, they are both
    | expected to be Fully Loaded while P2Partisan operates.
    | Secondary lists are used for updates only, so empty when unused
    | cidr file are created after a list update and allow quick startup
    +---------------------------------------------------------------+
    |           Name: pornography
    |            URL: http://list.iblocklist.com/?list=nndhjdnpxvydcupzaann&fileformat=p2p&archiveformat=gz&username=runey71&pin=xxxxxx
    +---------------------------------------------------------------+
    |  ipset primary: Fully loaded
    |          items: 41683
    |    size in RAM: 656 KB
    +---------------------------------------------------------------+
    | ipset seconday: Empty
    |          items: 0
    |    size in RAM: 8 KB
    +---------------------------------------------------------------+
    |      cidr file: Fully loaded
    |          items: 41682
    |   size on disk: 1.2M
    |   Last updated: 19:47:06 24/Aug/15 | 0 - 22:10:51 ago
    +---------------------------------------------------------------+
    |       iptables: Fully loaded
    iptables -A P2PARTISAN-LISTS-IN -m set  --match-set pornography src -j P2PARTISAN-DROP-IN
    iptables -A P2PARTISAN-LISTS-OUT -m set  --match-set pornography dst -j P2PARTISAN-DROP-OUT
    P2PARTISAN-DROP-IN  all  --  anywhere             anywhere             match-set pornography src
    P2PARTISAN-DROP-OUT  all  --  anywhere             anywhere             match-set pornography dst
    +---------------------------------------------------------------+
    jffs is set to 64M and is currently have 96% free. I'll definitely take your advice and switch over to external media.
     
  51. rs232

    rs232 Network Guru Member

    Right the list is loaded. Are you saying that visiting e.g. desiredtube.com the communication happens and it's not blocked by P2Partisan?
    What's the output of
    ./p2partisan.sh test 78.140.173.251
    ?
     
  52. Runey

    Runey New Member Member

    That's correct. I'm still able to navigate that site in a browser. Results of the test are:

    Code:
    root@ROUTER:/jffs/apps/p2partisan# p2partisan.sh test 78.140.173.251
    
    +------------------------- P2Partisan --------------------------+
    |                  _______               __
    |                 |_     _|.-----.-----.|  |_
    |                   |   |  |  -__|__ --||   _|
    |                   |___|  |_____|_____||____|
    |
    +----------- Lists are sorted in order of precedence -----------+
    | 78.140.173.251 not found in    blacklist-custom
    | 78.140.173.251 not found in    whitelist
    | 78.140.173.251 found in        pornography
    +---------------------------------------------------------------+
    |        in case of multiple match the first prevails
    +---------------------------------------------------------------+
     
  53. rs232

    rs232 Network Guru Member

    Humm... The only think I can think about is the list not being updated. Can you verify with an nslookup the domain does actually resolve into an IP as per list?
    For testing purpose only, if you add
    78.140.173.251-78.140.173.251
    into the blacklist-custom and restart P2Partisan does the result change?
     
  54. Runey

    Runey New Member Member

    Results of nslookup:

    Code:
    root@ROUTER:/jffs/apps/p2partisan# nslookup desiredtube.com
    Server:    127.0.0.1
    Address 1: 127.0.0.1 localhost
    
    Name:      desiredtube.com
    Address 1: 78.140.173.251
    I stopped p2partisan and added 78.140.173.251-78.140.173.251 to blacklist-custom. Then restarted and tried navigating to that site but it still is not blocked.

    EDIT: Just noticed that when I check the status it had a 0 next to blacklist IPs. I may have done something wrong. Checking now. Tried blacklist-custom using 78.140.173.251, 78.140.173.251-78.140.173.251, desiredtube.com with no effect.
     
  55. rs232

    rs232 Network Guru Member


    I need to look into this because it is supposed to work... you might or might not have run into a bug, not sure at this stage.
    I'm currently abroad... I'll have a look next week if it's ok
    In the meantime (not sure this will affect anything but...) can you try a clean install on e.g. usb?

    P.S. an output of the iptables -nvL command while the list loaded, would also help
     
  56. Bird333

    Bird333 Network Guru Member

    I understand. I just thought you might come across some lists while you maintain P2Partisan.
     
  57. Runey

    Runey New Member Member

    No rush. Appreciate your help. The bug is most likely me and something I have done :) I'll try a clean install of p2partisan and default settings on my router just in case something else I have done is causing issues.
     
  58. rs232

    rs232 Network Guru Member

    I have just tested this on my router. P2Partisan seems to be working perfectly just adding desiredtube.com into the blacklist-custom (you'll have to wait 1 hour or run ./partisan.sh tutor to have this effective). I have tested this with the internal P2Partisan debug. Here's the output and note I did not remove the ports 80/443 from whiteports_tcp/udp as blacklist-custom filtering is applied before any whitelist.

    Code:
    Aug 31 18:50:37 I=br0 O=vlan2 S=10.10.10.8 D=78.140.173.251 TCP S=54290 D=80
    Aug 31 18:50:38 I=br0 O=vlan2 S=10.10.10.8 D=78.140.173.251 TCP S=54293 D=80
    Aug 31 18:50:38 I=br0 O=vlan2 S=10.10.10.8 D=78.140.173.251 TCP S=54294 D=80
    Aug 31 18:50:39 I=br0 O=vlan2 S=10.10.10.8 D=78.140.173.251 TCP S=54296 D=80
    Aug 31 18:50:39 I=br0 O=vlan2 S=10.10.10.8 D=78.140.173.251 TCP S=54297 D=80
    Aug 31 18:50:42 I=br0 O=vlan2 S=10.10.10.8 D=78.140.173.251 TCP S=54296 D=80
    At this point I have to say it could be your particular installation.
    Can you send over the output of iptables -nvL ?

    P.S. only thing you should be aware is the 6.00 has a little bug with the tutor. I have resolved and pushed 6.01. Better if you upgrade before re-test ./p2partisan.sh upgrade
     
    Last edited: Aug 31, 2015
  59. Bird333

    Bird333 Network Guru Member

    There is a "Microsoft" list at iblocklist.com. I don't know if it has all the ip's or not. One problem is that Windows 10 somehow can detect DNS poisoning and will use hardcoded ip addresses in the OS. So I'm thinking the standard P2Partisan is not the way to handle this?
     
  60. rs232

    rs232 Network Guru Member


    If the IPs are hardcoded then P2Partisan is the way to block as long as you feed it with IPs and not FQDN. The best way to test this is to load the Microsoft list, do some manual lookup on the Windows10 tracking list of hosts and see is the resolved IPs are caught or not (using the p2partisan.sh test function). I believe the Win10 tracking list of FQDN not to be complete but with all the million of Windows users out there it just a matter of time...
     
  61. Bird333

    Bird333 Network Guru Member

    I just read they are updating Windows 7 and 8 with this tracking too. :(
     
  62. xxxmitar

    xxxmitar New Member Member

    There is a working solution for Windows 10 tracking, user ryzhov_al posted it on Merlin firmware subforum on smbforums:
    http://www.snbforums.com/threads/how-to-disable-windows-10-tracking-using-ipset-entware.26615/

    Feature request? :)

    Thanks for the great work :)
     
  63. jerrm

    jerrm Network Guru Member

    I'm VERY skeptical the approach is ultimately effective. First, it is a static list with no explanation of why the hosts are listed, where they came from, etc. Second, even if the list is currently complete, and IPs are truly hardcoded, the next monthly update could change that. Third, the list and "hardcoded" IPs are not likely truly hardcoded, and an update list of hosts/IPs could be placed on innumerable hosts that can't readily be blocked - Bing/Microsoft.com/Hundreds of MS subsidiaries and partners. Fourth, the tracking services themselves could be hosted on the same infinite list. Fifth, it assumes Win10 falls back to hardcoded IPs only if dns poisoning is detected. Sixth, it assumes the current methods will remain static, again the next update could change the behavior, and on and on and on.

    If MS really wants to track, pretty much any programmer capable of "Hello World" could foresee the possibilities and work around the level of blocking the script provides.
     
    Last edited: Sep 2, 2015
  64. Bird333

    Bird333 Network Guru Member

    I can see it's a game of 'cat and mouse', but don't you think people should try? What do you think the best approach would be?
     
  65. jerrm

    jerrm Network Guru Member

    Trying is fine, but the statement "there is a working solution" implies a level of confidence that I would disagree with.

    Honestly, the best course is to disable everything they let you disable at the OS and App levels. There are tools to do that (including the source of ryzhov_al's host list). If MS wants to track no matter what, there's not much to do about it while running Windows on anything close to an open network.
     
    Last edited: Sep 2, 2015
    Monk E. Boy likes this.
  66. maggad

    maggad New Member Member

    if anyone wants I made a commented out list of all of the iBlocklist lists and the country code lists. I just added them to the original list.

    this is my first post so I can't post url's
    it's on pastebin x dot x com / n6f4wjGj


    edit- removed dups and paid
     
    Last edited: Sep 15, 2015
  67. AenAllAin

    AenAllAin Network Newbie Member

    Ummm ...hey guys! So how are things going?

    Sorry! I really did disappear; quite literally in fact ...I was out of the country for a while. Lots of RL stuff going on; mainly, I'm in the process of getting married ...so that basically means I am going to disappear for a while again soon.

    I have been looking in on things once in a while to try and stay up-to-date, but I just didn't have any time to contribute. Mostly I'm just sorry that I had to step away so abruptly and left everything dangling without any closure. I have to say, I am impressed with rs232 for wrapping it up into something useful. I thought I had just left you with a hash that you were going to have to throw away.

    @rs232
    Is there anything I can do to help? (I have about 2 weeks available to do stuff, FYI) Anything, I broke or messed up that I should fix? ...also, if you are still open to me helping then I should probably send you my personal eMail in private so that I don't just disappear like that and leave you guys wondering when I might post next.
     
  68. rs232

    rs232 Network Guru Member

    Hi! Welcome back :)

    You don't have to justify yourself I am the same sometime I disappear for literally months. Life has higher priority!

    If there' is one thing P2Partisan needs desperately that's a web interface integration. I looked into the adblock and they way they do things, it seems a pretty good starting point... but I haven't written anything as yet.

    So this would be a good call as it's pretty much independent from the script itself and a good piece of work to run on the side.

    Thanks!
    rs23
     
  69. Jach Lei

    Jach Lei New Member Member

    Can this script redirect specific URL to another?
     
  70. jerrm

    jerrm Network Guru Member

    No.
     
  71. AenAllAin

    AenAllAin Network Newbie Member

    Awesome! Thanks for being understanding.

    ...it just so happens I used to be a web-developer for a while; so I did look into the Web UI, and had some thought on it. So the first issue that came up was how to integrate P2Partisan. P2Partisan is trying to support multiple routers each with their own unique Web Interface look & feel. So if we try to match/integrate with a different Web UI for each of the different routers running P2Partisan ...well you see my point; it turns complex pretty fast and makes the whole P2Partisan application bulky and un-whieldy.

    I was thinking the most realistic way forward, at least at first, would be a simple kind of standalone Web UI for P2Partisan running along side the native Web UI.

    Thoughts?
     
  72. rs232

    rs232 Network Guru Member

    The Adblock web interface is pretty much a wrapper as I understand and it presents itself as a standalone page. I suggest you look into it first, they also have an option to add the link to the "adblock status page" into the standard tomato menu. Currentl they open a brand new page rather than update the right frame of the tomato web interface. Not a big deal, though it would be nice...

    I'm not suggesting we should do the same but we could try to replicate first and improve from there? perhaps trying to use the .css as per Administration page?

    On the homework side worth looking at the technicality of Jakye444 solution:
    http://www.linksysinfo.org/index.php?threads/advancedtomato-v2-gui-based-on-shibbys-mod.70254/
    You might want to send him a PM or post on his thread if any questions

    I would focus on 6.x only for the time being (backporting to 5.x later on only), one possible option would be to create a pweb function within P2Partisan to retun values to be used on the web...
     
  73. jerrm

    jerrm Network Guru Member

    There is no true frame in the tomato ui, it's a single page using tables.

    It is possible to copy/emulate the tomato ui. It requires (at minimum) more fixups to tomato.js to address relative path issues. I had it about 99% there pretty quickly in testing.

    I decided against it for three main reasons - I wanted the screen real estate for page-at-a-glance simplicity, it would break functionality on AT, more fixups means it's more likely to break between tomato versions.
     
  74. rs232

    rs232 Network Guru Member

    Just a minor update

    P2Partisan v6.02
    - minor modification to deaggregate.sh function to better handle list updates

    ./p2partisan.sh upgrade to get to the latest 6.x release
     
    The Master likes this.
  75. The Master

    The Master Network Guru Member

  76. Thomas Begley

    Thomas Begley Serious Server Member

    Hi guys,

    Sorry if this has already been asked.

    I have two interfaces being used on my router, vlan2(WAN) and tun11(VPN).

    I use openvpn with route-noexec anabled so certain devices use vlan2 and others use tun11.

    Looking at the iptables dump p2partisan only seems to setup rules on the vlan2 interface.

    Is there a way to get the data coming through tun11 intercepted by p2partisan aswell?

    Thanks guys.
     
  77. rs232

    rs232 Network Guru Member

    Hi! It's definitely in the plan, I just didn't get any time to work on this on the public release.
    it shouldn't be too difficult as all it takes is to apply the P2PARTISAN-IN/P2PARTISAN-OUT in the FORWARD chain from/to the tun interface.

    Having said that... the approach I was looking into was to pick up the interface used as a default gateway... but this might not be good enough in case of policy routing, and apply to both might not be a great idea... in your case it appears like both interfaces are needed, but this might not be flexible enough for everybody else. I need to have a think about this.
     
  78. Thomas Begley

    Thomas Begley Serious Server Member

    Ok thank you very much.

    May it just be as easy as an option in the config file i.e

    Turn on user gateway i.e usergway = 1 for on 0 for off

    then gateway array to specify interfaces so

    1 = vlan2
    2 = tun11

    then when the ipset gets added it would have the rules with garray so it would add the rules for vlan2 and for tun11.

    So this would only happen if the user specifies to turn on the user gateway option and adds the interfaces to the array?

    This may not work at all, but just a suggestion.
     
  79. rs232

    rs232 Network Guru Member

    The current ARM release (v6.02) has the basis to capture a tunnel interface used as a default gateway without any other user option needed.
    Can you try to upgrade to v6.02 (./p2partisan.sh upgrade) and post here the content of:

    route

    iptables -nvL


    while you're connected to the VPN and have already generated some traffic for e.g. 10 min?

    Thanks
    rs232
     
  80. Thomas Begley

    Thomas Begley Serious Server Member

    Code:
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    150.221.81.1    *               255.255.255.255 UH    0      0        0 vlan2
    181.71.91.91    *               255.255.255.224 U     0      0        0 tun11
    10.8.2.0        *               255.255.255.0   U     0      0        0 br1
    10.8.1.0        *               255.255.255.0   U     0      0        0 br0
    150.221.81.0    *               255.255.252.0   U     0      0        0 vlan2
    10.0.0.0        *               255.0.0.0       U     0      0        0 br0
    127.0.0.0       *               255.0.0.0       U     0      0        0 lo
    default         97e45801.skybro 0.0.0.0         UG    0      0        0 vlan2
    
    Code:
    Chain INPUT (policy DROP 260 packets, 14389 bytes)
    pkts bytes target     prot opt in     out     source               destination
      854 46446 P2PARTISAN-IN  all  --  vlan2  *       0.0.0.0/0            0.0.0.0/0            state NEW
    11342 1923K adblk.fw   all  --  *      *       0.0.0.0/0            10.8.1.254
    52866 3676K ACCEPT     all  --  tun11  *       0.0.0.0/0            0.0.0.0/0 
    2662 2527K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
    180M  245G ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
       11   572 shlimit    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:9734 state NEW
    1443  122K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0 
    36343 2469K ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0 
      881 31257 ACCEPT     all  --  br1    *       0.0.0.0/0            0.0.0.0/0 
        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:9736
    41637 2292K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:51515
    
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target     prot opt in     out     source               destination
      10M   14G ACCEPT     all  --  tun11  *       0.0.0.0/0            0.0.0.0/0 
    5425K  374M            all  --  *      *       0.0.0.0/0            0.0.0.0/0           account: network/netmask: 10.8.1.0/255.255.255.0 name: lan
    495K  150M            all  --  *      *       0.0.0.0/0            0.0.0.0/0           account: network/netmask: 10.8.2.0/255.255.255.0 name: lan1
        0     0 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0 
        0     0 ACCEPT     all  --  br1    br1     0.0.0.0/0            0.0.0.0/0 
    6981  357K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
    30061 1750K TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x06/0x02 TCPMSS clamp to PMTU
    5880K  521M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
        0     0 DROP       all  --  br0    br1     0.0.0.0/0            0.0.0.0/0 
        0     0 DROP       all  --  br1    br0     0.0.0.0/0            0.0.0.0/0 
       19  1638 wanin      all  --  vlan2  *       0.0.0.0/0            0.0.0.0/0 
    3196  178K wanout     all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0 
    30053 2773K ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0 
    3196  178K ACCEPT     all  --  br1    *       0.0.0.0/0            0.0.0.0/0 
    
    Chain OUTPUT (policy ACCEPT 986K packets, 266M bytes)
    pkts bytes target     prot opt in     out     source               destination
    1110 68755 P2PARTISAN-OUT  all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0            state NEW
    
    Chain P2PARTISAN-DROP-IN (7 references)
    pkts bytes target     prot opt in     out     source               destination
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 1/hour burst 1 LOG flags 0 level 1 prefix "P2Partisan Dropped IN - "
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0 
    
    Chain P2PARTISAN-DROP-OUT (7 references)
    pkts bytes target     prot opt in     out     source               destination
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 1/hour burst 1 LOG flags 0 level 1 prefix "P2Partisan Rejected OUT - "
        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-admin-prohibited
    
    Chain P2PARTISAN-IN (2 references)
    pkts bytes target     prot opt in     out     source               destination
        0     0 P2PARTISAN-DROP-IN  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set blacklist-custom src
        0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set whitelist src
        0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set whitelist dst
      594 32057 P2PARTISAN-LISTS-IN  tcp  --  vlan2  *       0.0.0.0/0            0.0.0.0/0           [goto]  multiport dports 51515
      250 13876 P2PARTISAN-LISTS-IN  udp  --  vlan2  *       0.0.0.0/0            0.0.0.0/0           [goto]  multiport dports 51515
        0     0 P2PARTISAN-LISTS-IN  tcp  --  vlan2  *       0.0.0.0/0            150.221.81.14       [goto]  tcp dpt:51515
        0     0 P2PARTISAN-LISTS-IN  udp  --  vlan2  *       0.0.0.0/0            150.221.81.14       [goto]  udp dpt:51515
        0     0 RETURN     tcp  --  vlan2  *       0.0.0.0/0            0.0.0.0/0            multiport sports 80,443,3658,8080,3074
        0     0 RETURN     tcp  --  vlan2  *       0.0.0.0/0            0.0.0.0/0            multiport dports 80,443,3658,8080,3074
        0     0 RETURN     udp  --  vlan2  *       0.0.0.0/0            0.0.0.0/0            multiport sports 1194:1197,53,123,1723,3658,88,3074,500,3544,4500,67,68
        1    37 RETURN     udp  --  vlan2  *       0.0.0.0/0            0.0.0.0/0            multiport dports 1194:1197,53,123,1723,3658,88,3074,500,3544,4500,67,68
        9   476 P2PARTISAN-LISTS-IN  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    
    Chain P2PARTISAN-LISTS-IN (5 references)
    pkts bytes target     prot opt in     out     source               destination
        0     0 P2PARTISAN-DROP-IN  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set level1 src
        0     0 P2PARTISAN-DROP-IN  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set level2 src
        0     0 P2PARTISAN-DROP-IN  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set level3 src
        0     0 P2PARTISAN-DROP-IN  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set spyware src
        0     0 P2PARTISAN-DROP-IN  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set advertisement src
        0     0 P2PARTISAN-DROP-IN  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set ads src
    
    Chain P2PARTISAN-LISTS-OUT (7 references)
    pkts bytes target     prot opt in     out     source               destination
        0     0 P2PARTISAN-DROP-OUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set level1 dst
        0     0 P2PARTISAN-DROP-OUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set level2 dst
        0     0 P2PARTISAN-DROP-OUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set level3 dst
        0     0 P2PARTISAN-DROP-OUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set spyware dst
        0     0 P2PARTISAN-DROP-OUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set advertisement dst
        0     0 P2PARTISAN-DROP-OUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set ads dst
    
    Chain P2PARTISAN-OUT (2 references)
    pkts bytes target     prot opt in     out     source               destination
        0     0 P2PARTISAN-DROP-OUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set blacklist-custom dst
        0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set whitelist src
        0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set whitelist dst
        0     0 P2PARTISAN-LISTS-OUT  tcp  --  *      vlan2   0.0.0.0/0            0.0.0.0/0           [goto]  multiport sports 51515
        0     0 P2PARTISAN-LISTS-OUT  udp  --  *      vlan2   0.0.0.0/0            0.0.0.0/0           [goto]  multiport sports 51515
        0     0 P2PARTISAN-LISTS-OUT  tcp  --  *      vlan2   150.221.81.14        0.0.0.0/0           [goto]  tcp spt:51515
      196 11744 P2PARTISAN-LISTS-OUT  tcp  --  *      vlan2   150.221.81.14        0.0.0.0/0           [goto]  tcp spts:49152:65535
        0     0 P2PARTISAN-LISTS-OUT  udp  --  *      vlan2   150.221.81.14        0.0.0.0/0           [goto]  udp spt:51515
       57  3722 P2PARTISAN-LISTS-OUT  udp  --  *      vlan2   150.221.81.14        0.0.0.0/0           [goto]  udp spts:49152:65535
        0     0 RETURN     tcp  --  *      vlan2   0.0.0.0/0            0.0.0.0/0            multiport sports 80,443,3658,8080,3074
        9   584 RETURN     tcp  --  *      vlan2   0.0.0.0/0            0.0.0.0/0            multiport dports 80,443,3658,8080,3074
        1   334 RETURN     udp  --  *      vlan2   0.0.0.0/0            0.0.0.0/0            multiport sports 1194:1197,53,123,1723,3658,88,3074,500,3544,4500,67,68
      272 17847 RETURN     udp  --  *      vlan2   0.0.0.0/0            0.0.0.0/0            multiport dports 1194:1197,53,123,1723,3658,88,3074,500,3544,4500,67,68
      575 34524 P2PARTISAN-LISTS-OUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    
    Chain adblk.fw (1 references)
    pkts bytes target     prot opt in     out     source               destination
       81  4212 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
    9139 1748K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    2086  122K ACCEPT     tcp  --  br+    *       0.0.0.0/0            0.0.0.0/0            multiport dports 443,80
        0     0 ACCEPT     icmp --  br+    *       0.0.0.0/0            0.0.0.0/0            icmptype 8
        0     0 REJECT     tcp  --  br+    *       0.0.0.0/0            0.0.0.0/0            reject-with tcp-reset
       36 49608 REJECT     all  --  br+    *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited
        0     0 ACCEPT     tcp  --  lo     *       0.0.0.0/0            0.0.0.0/0            multiport dports 443,80
        0     0 ACCEPT     icmp --  lo     *       0.0.0.0/0            0.0.0.0/0            icmptype 8
        0     0 REJECT     tcp  --  lo     *       0.0.0.0/0            0.0.0.0/0            reject-with tcp-reset
        0     0 REJECT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0 
    
    Chain shlimit (1 references)
    pkts bytes target     prot opt in     out     source               destination
       11   572            all  --  *      *       0.0.0.0/0            0.0.0.0/0            recent: SET name: shlimit side: source
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            recent: UPDATE seconds: 60 hit_count: 4 name: shlimit side: source
    
    Chain wanin (1 references)
    pkts bytes target     prot opt in     out     source               destination
        0     0 P2PARTISAN-IN  all  --  vlan2  *       0.0.0.0/0            0.0.0.0/0            state NEW
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.8.2.2             tcp multiport dports 88,500,3074
       19  1638 ACCEPT     udp  --  *      *       0.0.0.0/0            10.8.2.2             udp multiport dports 88,500,3074
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.8.2.2             tcp multiport dports 3544,4500
        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            10.8.2.2             udp multiport dports 3544,4500
    
    Chain wanout (1 references)
    pkts bytes target     prot opt in     out     source               destination
        0     0 P2PARTISAN-OUT  all  --  *      vlan2   0.0.0.0/0            0.0.0.0/0            state NEW
     
  81. rs232

    rs232 Network Guru Member


    From what I can see the tunnel is not the default gateway but routes to a /27 only. Do you want to filter packets from/to the /27 ?
     
  82. Thomas Begley

    Thomas Begley Serious Server Member

    Hi, yes the default gateway is the WAN port (ISP) which my router 10.8.1.1 and my Xbox 10.8.2.2 go through.

    The VPN then uses routing policy to make every other device (10.8.1.2 - 10.8.1.20) pass through the tun gateway.

    Preferably I would like both interfaces to be filtered, but if only one is possible then the way it is now with the the VLAN2 interface is better as transmission passes through that port.
     
  83. rs232

    rs232 Network Guru Member

    Ok I haven't used the VPN policy routing yet so unable to comment. One precious input would be to go and find out how policy routing is applied on a device basis...
    Regardless, perhaps a concept of greylisted IP (where a LAN device can be a candidate) would be a potential work around: e.g. everything from/to 192.168.0.5 -> filter
     
    Thomas Begley likes this.
  84. rs232

    rs232 Network Guru Member

    Ok I'll put this in my todo list, but leave me sometime to have a good think about this one (e.g. weeks)
     
  85. rs232

    rs232 Network Guru Member

    Minor but important update!
    if you have P2Partisan v6.01 or v6.02 running for sometime you might have some primary lists not loaded (pri reported with an [e] ). Upgrade and reboot (strictly in order) to resolve.

    Code:
    ./p2partisan.sh upgrade
    reboot
    P2Partisan v6.03
    - additional bugfix on the tutor list update
    - bugfix to pick up correctly the scheduleupdates variable
    - status page to report cidr status [o] in yellow when list are 7 days old and red from the 8th day and above. Yellow might be spottet but red should never happen as the tutor updates the lists weekly
     
    Last edited: Oct 10, 2015
  86. Link2User

    Link2User Networkin' Nut Member

    Great Script Thanks :)

    I am getting this error when checking status on my RT-N16

    wc: /tmp/tutor.temp: No such file or directory

    what does this mean?
     
    Last edited: Oct 21, 2015
  87. farfromovin

    farfromovin Serious Server Member

    Just wanted to say thanks rs232! I've been using this script on my N66u for a while now and it's doing everything I need it to.
     
    dkirk and rs232 like this.
  88. rs232

    rs232 Network Guru Member

    not on my laptop so unable to verify right now. But I have to say I have never seen it before.
    rt-n 16 I suppose you're running the latest v5 right?
    is this error a one off?
    was it working before and started out of the blue?
    Does this perhaps happen only within the first hour of usage since you've installed it?
    does a fresh install perhaps resolve?
     
  89. rs232

    rs232 Network Guru Member

    Good to know! Thanks for the feedback.
     
  90. rs232

    rs232 Network Guru Member

    I think I've found it. It happens only in rare cases (e.g. first time you run the script).
    I'll resolve it regardless and include the modified code in the next release.

    Thanks for this!
    rs232
     
  91. rs232

    rs232 Network Guru Member

    Give it a go with IP greylisting on v6.05 and let me know.
     
  92. rs232

    rs232 Network Guru Member

    P2Partisan v6.05
    - correction on the logic of the deaggregate procedure
    - removed warning when tutor doesn't find P2Partisan log entries (thanks Link2User)
    - new debug reverse function. Requires greyports to be set. It logs all the LAN IPs but excludes greyports from the logs
    - debug-display minor correction
    - IP greylist (hot!) greylisted IP will be filtered after whiteports and before whitelist.
    Get the default greylist here:
    Code:
    wget http://pastebin.com/raw.php?i=Q9NrpXYu -O greylist
    tr -d "\r"< ./greylist > ./.temp ; mv ./.temp ./greylist
    The correct process flow is as folow:
    1. Blacklist-custom
    2. Greyports
    3. Whiteports
    4. Greylist
    5. Whitelist
    6. Blacklists
    ScreenShot033.png


    As usual let me know if any problem
     
    Last edited: Nov 8, 2015
    Goggy and The Master like this.
  93. Link2User

    Link2User Networkin' Nut Member

    Thanks for this :)
     
  94. Spektrat

    Spektrat Reformed Router Member

    Hi all,

    I use this script on my router and need to know what to to to upgrade to latest:
    "cru a P2Partisan-update "30 4 * * 1 /cifs1/blacklist/p2partisan/p2partisan.sh paranoia-update"
    while true; do [ -f /cifs1/blacklist/p2partisan/p2partisan.sh ] && break || sleep 5; done ;/cifs1/blacklist/p2partisan/p2partisan.sh"

    The script is about 1 year oldd and I guess very outdated.

    Also:
    1. I'd like to remove the "paranoia update" from script. Simply remove that text?
    2. Is it now possible to add blocklist on file (cifs share on server)?

    Cheers

    Martin
     
    Last edited: Nov 7, 2015
  95. rs232

    rs232 Network Guru Member

    Can you confirm:
    -what router do you have
    -what version of P2Partisan are you running (./p2partisan.sh status will tell you)

    Regardless a ./p2partisan.sh upgrade is all you need.

    1. Why remove the paranoia update? I strongly advice you do not touch the content of the firewall script unless you want to uninstall the script.
    2. Not sure what the question is sorry
     
  96. farfromovin

    farfromovin Serious Server Member

    Any chance this will be able to run on dd-wrt someday? I'm pretty sure I know the answer to that but can't hurt to ask. The dd-wrt guys would love this!
     
  97. Spektrat

    Spektrat Reformed Router Member

    It kills my uplink during upgrade.
    My router is:
    Netgear WNR3500L v2

    Not possible to logon via Telnet. Something is not working ok. I guess "./p2partisan.sh upgrade" is to be run a Telnet CLI?
    ROUTER TELNET.png
    Martin
     
  98. rs232

    rs232 Network Guru Member

    Unlikely but never say never
     
  99. rs232

    rs232 Network Guru Member

    Forget about telnet and use ssh.

    It kills your router? You still haven't answer the question asked before.
    - What tomato release are you running?
    - What is the current p2partisan release you're running?

    If you're really experiencing problems better if you remove the scrip completely using the uninstall procedure as per original post and reinstall from scratch.

    You need the latest v5 btw (5.13)
     
    Last edited: Nov 11, 2015
  100. Spektrat

    Spektrat Reformed Router Member

    Hello,

    I kills my internet connection (uplink) whilst upgrading, not my router..
    I use Tomato by Shibby v130
    I really would like to install from scratch and have the latest.

    Where to find?
    Any guides?

    Martin
     

Share This Page