Legacy Ipset Scripts - XIYO/asuswrt-merlin.ng-kr GitHub Wiki
μ΄ μ€ν¬λ¦½νΈλ€μ λ κ±°μ μ€ν¬λ¦½νΈλ‘ κ°μ£Όλλ©° μ μ§ λ³΄μμκ° μμΌλ©° μ§μμ λ°κΈ° μ΄λ €μΈ μ μμ΅λλ€. λν μ΄ μ€ν¬λ¦½νΈλ€μ ipset λ²μ 4λ§ μ§μνλ―λ‘ μλ‘μ΄ λΌμ°ν°λ₯Ό μ¬μ©νλ κ²½μ° μ΄ μ€ν¬λ¦½νΈλ€μ μλνμ§ μμ κ²μ λλ€. μ¬κΈ°μ μ°¨νΈλ₯Ό μ°Έμ‘°νμμμ€.
νΌμ΄ κ°λμΈ
λ€λ₯Έ μλ‘ λΌμ°ν°μμ PeerGuardian κΈ°λ₯μ μ 곡ν©λλ€.
μ΄ μ€ν¬λ¦½νΈλ₯Ό /jffs/scripts/firewall-startμ μΆκ°νμ§ λ§μμμ€. μλνλ©΄ μ€ν μκ°μ΄ λ무 μ€λ 걸립λλ€ (~25λΆ, RT-N66U κΈ°μ€). λ€μ λ΄μ©μ /jffs/scripts/peerguardian.shμ λ£μΌμμμ€.
#!/bin/sh
# ipset λͺ¨λ λ‘λ©
lsmod | grep "ipt_set" > /dev/null 2>&1 || \
for module in ip_set ip_set_iptreemap ipt_set
do
insmod $module
done
# λ€μν λΌμ°ν°μλ λ€λ₯Έ iptables κ΅¬λ¬Έμ΄ μμ
case $(uname -m) in
armv7l)
MATCH_SET='--match-set'
;;
mips)
MATCH_SET='--set'
;;
esac
```# PeerGuardian κ·μΉ
λ§μ½ [ipset --swap BluetackLevel1 BluetackLevel1 2>&1 | grep 'Unknown set']" != "" ]μ΄λ©΄
κ·Έλ λ€λ©΄
ipset --create BluetackLevel1 iptreemap
[ -e /tmp/bluetack_lev1.lst ] || wget -q -O - "http://list.iblocklist.com/?list=bt_level1&fileformat=p2p&archiveformat=gz" | \
gunzip | cut -d: -f2 | grep -E "^[-0-9.]+$" > /tmp/bluetack_lev1.lst
for IP in $(cat /tmp/bluetack_lev1.lst)
do
ipset -A BluetackLevel1 $IP
done
fi
iptables -I FORWARD -m set $MATCH_SET BluetackLevel1 src,dst -j DROP
κ·Έλ¦¬κ³ λ€μ λͺ λ Ήμ μ€ννμμμ€:
sh /jffs/scripts/peerguardian.sh
μ€ν¬λ¦½νΈκ° μλ£λ λκΉμ§ SSH μΈμ μ λ«μ§ λ§μμμ€. μ€ν¬λ¦½νΈλ 8,000,000κ° μ΄μμ IP μ£Όμλ₯Ό μ°¨λ¨ν©λλ€. μ΄ IP μ£Όμλ P2P νλμμ κ΄μ°°λμμ΅λλ€.
Peer Guardian V2
IPSET 4λ§ μ§μν©λλ€.
μλλ μμ peerguardian.sh μ€ν¬λ¦½νΈμ μλ μ΅μ ν λ²μ μ
λλ€. λμΌν μμ
μ μννμ§λ§ μ€νμ 30μ΄ λ―Έλ§μ΄ 걸립λλ€ (RT-N66Uμμ μ΅λ¨ μ€ν μκ°μ 20μ΄μμ΅λλ€). μ΄μ /jffs/scripts/firewall-startμμ μ€νν μ μμ μλ μμ΅λλ€.
μ΄ μ€ν¬λ¦½νΈλ λ κ°μ μ§ν©μ νμ©ν©λλ€. κΈ°λ³Έ "BluetackLevel1"κ³Ό μμ "BluetackLevel2"μ λλ€. IP μ£Όμλ μμλ‘ λ‘λλκ³ λμ€μ κΈ°λ³ΈμΌλ‘ μ€μλ©λλ€. μ΄ μ κ·Ό λ°©μ λλ¬Έμ μ€ν μ€μΈ λΌμ°ν°μμ μ£ΌκΈ°μ μΌλ‘ μ€ννμ¬ νμ± μ§ν©μ μλ‘ κ³ μΉ μλ μμ΅λλ€.
#!/bin/sh
# PeerGuardian κ·μΉ
```# ipset λͺ¨λ λ‘λ©
lsmod | grep "ipt_set" > /dev/null 2>&1 ||
for module in ip_set ip_set_iptreemap ipt_set; do
insmod $module
done
# λ€μν λΌμ°ν°μλ λ€λ₯Έ iptables κ΅¬λ¬Έμ΄ μμ
case $(uname -m) in armv7l) MATCH_SET='--match-set' ;; mips) MATCH_SET='--set' ;; esac
# BluetackLevel1 (κΈ°λ³Έ) μμ±, μ‘΄μ¬νμ§ μλ κ²½μ°
if [ "$(ipset --swap BluetackLevel1 BluetackLevel1 2>&1 | grep 'Unknown set')" != "" ]; then
ipset --create BluetackLevel1 iptreemap &&
iptables -I FORWARD -m set $MATCH_SET BluetackLevel1 src,dst -j DROP
fi
# μ΄ μΌμμ μΈ μ§ν©μ μμ μ μν΄ νκ΄΄
ipset --destroy BluetackLevel2 > /dev/null 2>&1
# μ΅μ κ·μΉ λ‘λ
(echo -e "-N BluetackLevel2 iptreemap\n" &&
nice wget -q -O - "http://list.iblocklist.com/?list=bt_level1&fileformat=p2p&archiveformat=gz" |
nice gunzip | nice cut -d: -f2 | nice grep -E "^[-0-9.]+$" |
nice sed 's/^/-A BluetackLevel2 /' &&
echo -e "\nCOMMIT\n"
) |
nice ipset --restore &&
nice ipset --swap BluetackLevel2 BluetackLevel1 &&
nice ipset --destroy BluetackLevel2
exit $?
IPSET 4λ§ μ§μν©λλ€
λ§μ½ νλλ‘ λ¬ΆμΈ λ€λ₯Έ λΈλ‘리μ€νΈλ₯Ό κ°μ§κ³ μΆλ€λ©΄, μ΄ μ€ν¬λ¦½νΈμ μ¬λ¬ λΈλ‘리μ€νΈλ₯Ό μΆκ°ν μ μλ λ³ν λ²μ μ
λλ€.
```shell
#!/bin/sh
logger "PeerGuardian κ·μΉ"
logger "ipset λͺ¨λ λ‘λ©"
lsmod | grep "ipt_set" > /dev/null 2>&1 || \
for module in ip_set ip_set_iptreemap ipt_set; do
insmod $module
done
case $(uname -m) in
armv7l)
MATCH_SET='--match-set'
;;
mips)
MATCH_SET='--set'
;;
esac
logger "BluetackLevel1 (κΈ°λ³Έ) μμ±, μ‘΄μ¬νμ§ μλ κ²½μ°"
if [ "$(ipset --swap BluetackLevel1 BluetackLevel1 2>&1 | grep 'Unknown set')" != "" ]; then
ipset --create BluetackLevel1 iptreemap && \
iptables -I FORWARD -m set $MATCH_SET BluetackLevel1 src,dst -j DROP
fi
logger "μ΄ μΌμμ μΈ μ§ν©μ μμ μ μν΄ νκ΄΄"
ipset --destroy BluetackLevel2 > /dev/null 2>&1
logger "μ΅μ κ·μΉ λ‘λ"
(
(
(
nice wget -q -O - "http://list.iblocklist.com/?list=dgxtneitpuvgqqcpfulq&fileformat=p2p&archiveformat=gz" | \
nice gunzip | nice cut -d: -f2 | nice grep -E "^[-0-9.]+$" \
) && \
(
nice wget -q -O - "http://list.iblocklist.com/?list=llvtlsjyoyiczbkjsxpf&fileformat=p2p&archiveformat=gz" | \
nice gunzip | nice cut -d: -f2 | nice grep -E "^[-0-9.]+$" \
) && \
(
nice wget -q -O - "http://list.iblocklist.com/?list=ydxerpxkpcfqjaybcssw&fileformat=p2p&archiveformat=gz" | \
nice gunzip | nice cut -d: -f2 | nice grep -E "^[-0-9.]+$" \
)
) | \
(
nice sed '/^$/d' | \
nice sed 's/^/-A BluetackLevel2 /' | \
nice sed '1s/^/-N BluetackLevel2 iptreemap\n/' && \
echo -e "\nCOMMIT\n" \
)
#) > output
) | \
nice ipset --restore && \
nice ipset --swap BluetackLevel2 BluetackLevel1 && \
nice ipset --destroy BluetackLevel2
logger "Peerguarding κ·μΉ μ’
λ£"
exit $?
μΆλ ₯μ λΌμ°ν° λ‘κ·Έμ λνλ κ²μ λλ€:
May 29 09:03:21 admin: PeerGuardian κ·μΉ
May 29 09:03:21 admin: ipset λͺ¨λ λ‘λ©
May 29 09:03:21 admin: BluetackLevel1 (κΈ°λ³Έ) μμ±, μ‘΄μ¬νμ§ μλ κ²½μ°
May 29 09:03:22 admin: μ΄ μΌμμ μΈ μ§ν©μ μμ μ μν΄ νκ΄΄
May 29 09:03:22 admin: μ΅μ κ·μΉ λ‘λ
May 29 09:04:04 admin: Peerguarding κ·μΉ μ’
λ£
```# Windows 10 μΆμ λΉνμ±ν
_μ°Έκ³ : μ΄ κ°μ΄λλ 378.55 μ΄μμ asuswrt-merlin 릴리μ€μμλ§ μλν©λλ€. 380.57 μ΄μ λ²μ μ κΆμ₯ν©λλ€._
μ΄ ν΄κ²°μ±
μ λ λΆλΆμΌλ‘ ꡬμ±λ©λλ€:
1. μμΉ μλ λλ©μΈ λͺ©λ‘μμ ν΄κ²°λ IPλ₯Ό dnsmasqμ ν¨κ» IP μΈνΈλ‘ μμ§
2. λ°©νλ²½ κ·μΉμ μ¬μ©νμ¬ μμ§λ IPλ‘λΆν°μ νΈλν½ μ°¨λ¨
λ¨Όμ JFFS μ¬μ©μ μ μ μ€ν¬λ¦½νΈμ ꡬμ±μ WebUIμμ νμ±ννμμμ€. λ€μ λͺ©λ‘μ μμΉ μλ λλ©μΈμ `/jffs/configs/windows-10-tracking-hosts.txt`μ λ£μΌμμμ€:
a.ads1.msn.com a.ads2.msads.net a.ads2.msn.com a.rad.msn.com a-0001.a-msedge.net a-0002.a-msedge.net a-0003.a-msedge.net a-0004.a-msedge.net a-0005.a-msedge.net a-0006.a-msedge.net a-0007.a-msedge.net a-0008.a-msedge.net a-0009.a-msedge.net ac3.msn.com ad.doubleclick.net adnexus.net adnxs.com ads.msn.com ads1.msads.net ads1.msn.com aidps.atdmt.com aka-cdn-ns.adtech.de a-msedge.net apps.skype.com az361816.vo.msecnd.net az512334.vo.msecnd.net b.ads1.msn.com b.ads2.msads.net b.rad.msn.com bs.serving-sys.com c.atdmt.com c.msn.com cdn.atdmt.com cds26.ams9.msecn.net choice.microsoft.com choice.microsoft.com.nsatc.net compatexchange.cloudapp.net corp.sts.microsoft.com corpext.msitadfs.glbdns2.microsoft.com cs1.wpc.v0cdn.net db3aqu.atdmt.com df.telemetry.microsoft.com diagnostics.support.microsoft.com ec.atdmt.com fe2.update.microsoft.com.akadns.net feedback.microsoft-hohm.com feedback.search.microsoft.com feedback.windows.com flex.msn.com g.msn.com h1.msn.com i1.services.social.microsoft.com i1.services.social.microsoft.com.nsatc.net lb1.www.ms.akadns.net live.rads.msn.com m.adnxs.com m.hotmail.com msedge.net msftncsi.com msnbot-65-55-108-23.search.msn.com msntest.serving-sys.com oca.telemetry.microsoft.com oca.telemetry.microsoft.com.nsatc.net pre.footprintpredict.com preview.msn.com pricelist.skype.com rad.live.com rad.msn.com redir.metaservices.microsoft.com reports.wes.df.telemetry.microsoft.com s.gateway.messenger.live.com s0.2mdn.net schemas.microsoft.akadns.net secure.adnxs.com secure.flashtalking.com services.wes.df.telemetry.microsoft.com settings-sandbox.data.microsoft.com settings-win.data.microsoft.com sls.update.microsoft.com.akadns.net sqm.df.telemetry.microsoft.com sqm.telemetry.microsoft.com sqm.telemetry.microsoft.com.nsatc.net static.2mdn.net statsfe1.ws.microsoft.com statsfe2.update.microsoft.com.akadns.net statsfe2.ws.microsoft.com survey.watson.microsoft.com telecommand.telemetry.microsoft.com telecommand.telemetry.microsoft.com.nsatc.net telemetry.appex.bing.net telemetry.microsoft.com telemetry.urs.microsoft.com view.atdmt.com vortex.data.microsoft.com vortex-bn2.metron.live.com.nsatc.net vortex-cy2.metron.live.com.nsatc.net vortex-sandbox.data.microsoft.com vortex-win.data.microsoft.com watson.live.com watson.microsoft.com watson.ppe.telemetry.microsoft.com watson.telemetry.microsoft.com watson.telemetry.microsoft.com.nsatc.net wes.df.telemetry.microsoft.com www.msftncsi.com
μ λ μ λͺ©λ‘μ [μ¬κΈ°](https://github.com/10se1ucgo/DisableWinTracking/blob/master/dwt.py#L320)μμ κ°μ Έμμ΅λλ€. μ΄μ λ€μ λ΄μ©μ `/jffs/scripts/firewall-start`μ λ£μΌμμμ€:
```shell
#!/bin/sh
JFFS_CONFIG_DIR=/jffs/configs
BLOCKED_HOSTS_FILE=${JFFS_CONFIG_DIR}/windows-10-tracking-hosts.txt
DNSMASQ_CFG=${JFFS_CONFIG_DIR}/dnsmasq.conf.add
if [ ! -f $DNSMASQ_CFG ] || [ "$(grep Win10tracking $DNSMASQ_CFG)" = "" ];
then
rm -f $DNSMASQ_CFG
for i in `cat $BLOCKED_HOSTS_FILE`;
do
echo "ipset=/$i/Win10tracking" >> $DNSMASQ_CFG
done
service restart_dnsmasq
fi
```# ipset λͺ¨λ λ‘λ©
lsmod | grep "ipt_set" > /dev/null 2>&1 ||
for module in ip_set ip_set_nethash ip_set_iphash ipt_set
do
insmod $module
done
# IP μΈνΈ μμ±
if [ "$(ipset --swap Win10tracking Win10tracking 2>&1 | grep 'Unknown set')" != "" ]; then ipset -N Win10tracking iphash fi
# iptables κ·μΉ μ μ©
iptables-save | grep Win10tracking > /dev/null 2>&1 && exit case $(uname -m) in armv7l) iptables -I FORWARD -m set --match-set Win10tracking src,dst -j DROP ;; mips) iptables -I FORWARD -m set --set Win10tracking src,dst -j DROP ;; esac
μ€ν¬λ¦½νΈλ₯Ό μ€ν κ°λ₯νκ² λ§λ€κ³ λΌμ°ν°λ₯Ό λ€μ μμνμ¬ μ μ©νμμμ€:
chmod +x /jffs/scripts/firewall-start reboot
μλ μ¬λΆλ₯Ό νμΈνλ €λ©΄ λͺ κ°μ§ μ¬μ΄νΈ (μ: view.atdmt.com)λ₯Ό μ΄λ €κ³ μλν λ€μ "λΈλ 리μ€νΈ"μ μΌλΆ IP μ£Όμκ° ν¬ν¨λμ΄ μλμ§ νμΈνμμμ€:
ipset --list Win10tracking
λλ μμ μ€ν¬λ¦½νΈλ₯Ό `/jffs/scripts/windows-10-tracking-blocker`μ λ£κ³ `/jffs/scripts/firewall-start`μμ ν΄λΉ μ€ν¬λ¦½νΈλ₯Ό νΈμΆνμμμ€.
***
# Windows Spy Blocker
[Windows Spy Blocker](https://github.com/crazy-max/WindowsSpyBlocker)λ λ€μν νλ‘μ νΈμμ μ¬μ©νλ μ μ₯μλ‘, μ£Όλ‘ [pi-hole](https://pi-hole.net/) λ° [LEDE Project](https://lede-project.org/)μ κ°μ νλ‘μ νΈμμ μ¬μ©λ©λλ€. DNSCrypt, OpenWrt λλ simplewallκ³Ό κ°μ λ€μν λꡬμ ν¨κ» μ¬μ©ν μ μμ΅λλ€.
Windows Spy Blocker μ°¨λ¨ κ·μΉμλ νμ¬ μ
λ°μ΄νΈλ [dnsmaskμ© λͺ©λ‘](https://github.com/crazy-max/WindowsSpyBlocker/blob/master/data/openwrt/win10/spy/dnsmasq.conf)μ΄ ν¬ν¨λμ΄ μμΌλ©°, μ΄ λͺ©λ‘μ μ΄μ μ₯μμ λ€λ£¬ [Windows 10 μΆμ λΉνμ±ν](https://github.com/10se1ucgo/DisableWinTracking)μ `windows-10-tracking-hosts.txt`λ³΄λ€ μ΅μ μ
λλ€.