ddwrt script to drop all Chinese IPv4 ranges

2 files changed, 186 insertions, 0 deletions

diff --git a/ddwrt/ipblock.sh b/ddwrt/ipblock.sh
new file mode 100644
index 0000000..1bd2198
--- /dev/null
+++ b/ddwrt/ipblock.sh
@@ -0,0 +1,89 @@
+#!/bin/sh
+
+
+### USAGE
+#
+# Append below to 'Commands' as save to 'Save Firewall' and place this script to /opt/ipblock/ipblock.sh
+#
+#iptables -N countrydropin
+#iptables -N countrydropout
+#iptables -I INPUT 2 -i vlan2 -j countrydropin
+#iptables -I FORWARD 2 -i vlan2 -j countrydropin
+#iptables -I FORWARD 3 -o vlan2 -j countrydropout
+#sh /opt/ipblock/ipblock.sh & 
+
+#set -x
+
+### Block all traffic from listed. Use ISO code ###
+ISO="cn-aggregated"
+CLOCAL="custom"
+
+### Set PATH ###
+IPT=/usr/sbin/iptables
+WGET=/usr/bin/wget
+EGREP=/bin/egrep
+LOCKFILE=/tmp/ipblock.lock
+
+### No editing below ###
+inSPAMLIST="countrydropin"
+outSPAMLIST="countrydropout"
+ZONEROOT="/opt/ipblock/zones"
+DLROOT="http://www.ipdeny.com/ipblocks/data/aggregated"
+iBL="${ZONEROOT}/ipblockin.rules"
+oBL="${ZONEROOT}/ipblockout.rules"
+
+if [ -e ${LOCKFILE} ] && kill -0 `cat ${LOCKFILE}`; then
+    echo "Lock file exist.. exiting"
+    exit
+fi
+
+# make sure the lockfile is removed when we exit and then claim it
+trap "rm -f ${LOCKFILE}; exit" INT TERM EXIT
+echo $$ > ${LOCKFILE}
+
+cleanOldRules(){
+  $IPT -F countrydropin
+  $IPT -F countrydropout
+}
+
+# create a dir
+[ ! -d $ZONEROOT ] && /bin/mkdir -p $ZONEROOT
+
+# clean old rules
+cleanOldRules
+rm -f $iBL
+rm -f $oBL
+
+echo '*filter' > $iBL
+echo '*filter' > $oBL
+
+for c in $ISO
+do
+        # local zone file
+        tDB=$ZONEROOT/$c.zone
+
+        # get fresh zone file
+        $WGET -T 30 -O $tDB $DLROOT/$c.zone
+
+        awk -v inSPAMLIST=$inSPAMLIST '{print "-A "inSPAMLIST" -s "$1" -j DROP"}' $tDB >> $iBL
+        awk -v outSPAMLIST=$outSPAMLIST '{print "-A "outSPAMLIST" -d "$1" -j REJECT"}' $tDB >> $oBL
+done
+
+for c in $CLOCAL
+do
+        # local custom zone file
+        if [ -e $ZONEROOT/$c.zone ]; then
+            tDB=$ZONEROOT/$c.zone
+
+            awk -v inSPAMLIST=$inSPAMLIST '{print "-A "inSPAMLIST" -s "$1" -j DROP"}' $tDB >> $iBL
+            awk -v outSPAMLIST=$outSPAMLIST '{print "-A "outSPAMLIST" -d "$1" -j REJECT"}' $tDB >> $oBL
+        fi
+done
+
+echo 'COMMIT' >> $iBL
+echo 'COMMIT' >> $oBL
+
+iptables-restore -n < $iBL
+iptables-restore -n < $oBL
+
+rm -f ${LOCKFILE}
diff --git a/hostfile-block.sh b/hostfile-block.sh
new file mode 100755
index 0000000..6833168
--- /dev/null
+++ b/hostfile-block.sh
@@ -0,0 +1,97 @@
+#!/bin/sh
+
+destination_ip="0.0.0.0"
+base_host_file="/etc/hosts.base"
+blocklist_tmp="/tmp/blocklist"
+
+
+if ping -q -c 1 -W 1 cs.uic.edu >/dev/null; then
+
+	echo "[my local] Generating the hosts file blocklist..."
+
+	echo "01. Mother of All Ad Blocks list"
+	curl -s -A 'Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0' -e http://forum.xda-developers.com/ http://adblock.mahakala.is/ | grep -v "#" | awk '{print $2}' | sort > $blocklist_tmp
+
+	echo "02. winhelp2002 ad list"
+	curl -s http://winhelp2002.mvps.org/hosts.txt | grep -v "#" | grep -v "127.0.0.1" | sed '/^$/d' | sed 's/\ /\\ /g' | awk '{print $2}' | sort >> $blocklist_tmp
+
+	echo "03. adaway ad list"
+	curl -s -k https://adaway.org/hosts.txt | grep -v "#" | grep -v "::1" | sed '/^$/d' | sed 's/\ /\\ /g' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> $blocklist_tmp
+
+	echo "04. Yoyo ad list"
+	curl -s -d mimetype=plaintext -d hostformat=unixhosts http://pgl.yoyo.org/adservers/serverlist.php? | sort >> $blocklist_tmp
+
+	echo "05. malwaredomains.lehigh.edu list"
+	curl -s http://malwaredomains.lehigh.edu/files/justdomains >> $blocklist_tmp
+	curl -s http://malwaredomains.lehigh.edu/files/immortal_domains.txt | grep -v "#" >> $blocklist_tmp
+
+	echo "06. Disconnect.me list"
+	curl -s -k https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt | grep -v "#" >> $blocklist_tmp
+	curl -s -k https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt | grep -v "#" >> $blocklist_tmp
+	curl -s -k https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt | grep -v "#" >> $blocklist_tmp
+	curl -s -k https://s3.amazonaws.com/lists.disconnect.me/simple_malware.txt | grep -v "#" >> $blocklist_tmp
+
+	echo "07. malwaredomainlist ad list"
+	curl -s http://www.malwaredomainlist.com/hostslist/hosts.txt | grep -v "#" | sed '/^$/d' | sed 's/\ /\\ /g' | awk '{print $3}' | grep -v '^\\' | grep -v '\\$' | sort >> $blocklist_tmp
+
+	echo "08. StevenBlack ad list"
+	curl -s -k https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | grep -v "#" | sed '/^$/d' | sed 's/\ /\\ /g' | grep -v '^\\' | grep -v '\\$' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> $blocklist_tmp
+
+	echo "09. abuse.ch ZeuS domain blocklist"
+	curl -s -k https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist | grep -v "#" >> $blocklist_tmp
+
+	echo "10.1 hosts-file ad/tracking list"
+	curl -s -k https://hosts-file.net/ad_servers.txt | grep -v "#" | grep -v "::1" | sed '/^$/d' | sed 's/\ /\\ /g' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> $blocklist_tmp
+	#echo "10.2 hosts-file malware list"
+	#curl -s -k https://hosts-file.net/emd.txt | grep -v "#" | grep -v "::1" | sed '/^$/d' | sed 's/\ /\\ /g' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> $blocklist_tmp
+	#echo "10.3 hosts-file exploit list"
+	#curl -s -k https://hosts-file.net/exp.txt | grep -v "#" | grep -v "::1" | sed '/^$/d' | sed 's/\ /\\ /g' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> $blocklist_tmp
+	#echo "10.4 hosts-file fraud list"
+	#curl -s -k https://hosts-file.net/fsa.txt | grep -v "#" | grep -v "::1" | sed '/^$/d' | sed 's/\ /\\ /g' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> $blocklist_tmp
+	#echo "10.5 hosts-file spam list"
+	#curl -s -k https://hosts-file.net/grm.txt | grep -v "#" | grep -v "::1" | sed '/^$/d' | sed 's/\ /\\ /g' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> $blocklist_tmp
+	#echo "10.6 hosts-file hijack list"
+	#curl -s -k https://hosts-file.net/hjk.txt | grep -v "#" | grep -v "::1" | sed '/^$/d' | sed 's/\ /\\ /g' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> $blocklist_tmp
+	#echo "10.7 hosts-file phishing list"
+	#curl -s -k https://hosts-file.net/psh.txt | grep -v "#" | grep -v "::1" | sed '/^$/d' | sed 's/\ /\\ /g' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> $blocklist_tmp
+	#echo "10.8 hosts-file misleading marketing list"
+	#curl -s -k https://hosts-file.net/mmt.txt | grep -v "#" | grep -v "::1" | sed '/^$/d' | sed 's/\ /\\ /g' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> $blocklist_tmp
+	#echo "10.9 hosts-file latest partial list"
+	#curl -s -k https://hosts-file.net/hphosts-partial.txt | grep -v "#" | grep -v "::1" | sed '/^$/d' | sed 's/\ /\\ /g' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> $blocklist_tmp
+
+	echo "11. someonewhocares ad list"
+	curl -s http://someonewhocares.org/hosts/hosts | grep -v "#" | sed '/^$/d' | sed 's/\ /\\ /g' | grep -v '^\\' | grep -v '\\$' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> $blocklist_tmp
+
+	echo "12. hostsfile.mine.nu ad list"
+	curl -s http://hostsfile.mine.nu/Hosts | grep -v "#" | sed '/^$/d' | sed 's/\ /\\ /g' | grep -v '^\\' | grep -v '\\$' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> $blocklist_tmp
+
+	echo "13. Cameleon ad list"
+	curl -s http://sysctl.org/cameleon/hosts | grep -v "#" | sed '/^$/d' | sed 's/\ /\\ /g' | grep -v '^\\' | grep -v '\\$' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> $blocklist_tmp
+
+	echo "14. Securemecca list"
+	curl -s http://securemecca.com/Downloads/hosts.txt | grep -v "#" | sed '/^$/d' | sed 's/\ /\\ /g' | grep -v '^\\' | grep -v '\\$' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> $blocklist_tmp
+
+	echo "15. ADZHOSTS list"
+	curl -s http://pilotfiber.dl.sourceforge.net/project/adzhosts/HOSTS.txt | grep -v "#" | sed '/^$/d' | sed 's/\ /\\ /g' | grep -v '^\\' | grep -v '\\$' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> $blocklist_tmp
+
+	echo "16. mat1th list"
+	curl -s -k https://raw.githubusercontent.com/mat1th/Dns-add-block/master/hosts | grep -v "#" | sed '/^$/d' | sed 's/\ /\\ /g' | grep -v '^\\' | grep -v '\\$' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> $blocklist_tmp
+
+	echo "17. notracking list"
+	curl -s -k https://raw.githubusercontent.com/notracking/hosts-blocklists/master/hostnames.txt | grep -v "#" | sed '/^$/d' | sed 's/\ /\\ /g' | grep -v '^\\' | grep -v '\\$' | awk '{print $2}' | grep -v '^\\' | grep -v '\\$' | sort >> $blocklist_tmp
+
+	echo "18. quidsup/notrack list"
+	curl -s -k https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt | grep -v "#" >> $blocklist_tmp
+
+
+    truncate -s 0 /etc/hosts
+    cat $base_host_file >> /etc/hosts
+    cat $blocklist_tmp | sed $'s/\r$//' | sort -u | sed '/^$/d' | awk -v "IP=$destination_ip" '{sub(/\r$/,""); print IP" "$0}' >> /etc/hosts
+
+	rm -f $blocklist_tmp
+
+    exit 0
+else
+	echo "[my local] Network is down. Aborting."
+fi
+