I was so close! Full path for the cacert did the trick! Thanks again, JAMESMTL. _________________ R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x https://pi-hole.net/ https://github.com/DNSCrypt/dnscrypt-proxy
I need some help with curl, where do I get the certificate from?
I searched "ca-bundle.crt download dd-wrt". The source I found was a Mozilla ca-bundle.crt, but there are other sources you can find (i.e. Microsoft). I put the ca-bundle.crt on my USB thumbdrive in /opt and specified the full path to the file to get the curl command to work. _________________ R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x https://pi-hole.net/ https://github.com/DNSCrypt/dnscrypt-proxy
Posted: Mon Mar 28, 2016 18:08 Post subject: Affecting WAN speeds
Hi badmoon & JAMESMTL,
Thanks for taking time to write and improve the script. I am facing one issue with the script. When I add this to my router (R7000, DD-WRT v3.0-r29193 std) after a few hours or a day or so, my WAN speeds come to crawl.
I have a 25Mbps connection and after some times, it goes into 4-5 Mbps speeds on speedtest. If I remove the firewall rules mentioned in the OP, the speed jumps back to 25+.
Posted: Mon Mar 28, 2016 23:00 Post subject: Badmoon & JAMES- Thank you for your help with the script
Badmoon and JAMES,
Thank you for your help in teaching the noobies with ideas about scripting, please advice which directory should the shell script be located ,and also the invocation script is it part of firewall command on DD-WRT router, appreciate if you could post the step by step method to include this script in to the router.
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Wed Mar 30, 2016 6:48 Post subject: Re: Affecting WAN speeds
ddwrtjim wrote:
Hi badmoon & JAMESMTL,
Thanks for taking time to write and improve the script. I am facing one issue with the script. When I add this to my router (R7000, DD-WRT v3.0-r29193 std) after a few hours or a day or so, my WAN speeds come to crawl.
I have a 25Mbps connection and after some times, it goes into 4-5 Mbps speeds on speedtest. If I remove the firewall rules mentioned in the OP, the speed jumps back to 25+.
Any guess what could be going on?
Without any diagnostic info all I can do is guess. Short list:
1. I am not sure which kernal that version is using but there have been numerous reports of slow downs over time with 4.x. You may to give kong's latest build a try as he has reverted to 3.x kernel for his builds which seems to have resolved the issue for others.
2. over time something is making changes to the iptables chains order of execution. thats just a guess with nothing to back it up
I would start with a kong's 3.x build and if that doesn't fix it you will need post debug info.
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Wed Mar 30, 2016 6:55 Post subject: Re: Badmoon & JAMES- Thank you for your help with the sc
Avichi wrote:
Badmoon and JAMES,
Thank you for your help in teaching the noobies with ideas about scripting, please advice which directory should the shell script be located ,and also the invocation script is it part of firewall command on DD-WRT router, appreciate if you could post the step by step method to include this script in to the router.
TIA
Avi
I'll give badmoon a chance to respond as this is his script. If he hasn't had a chance to support it within a few days bump the thread. I try to limit my involvement to a thread or two a day.
Posted: Tue Feb 21, 2017 13:26 Post subject: Whitelist/allowed countries - block the rest script
Hi guys,
This is my first post, therefore, first and foremost, big thank you to EVERYONE for EVERYTHING on DD-WRT, I love DD-WRT and this forum make this project possible.
Thank you Badmoon and JAMESMTL for your hard work on this script.
I would like to ask you, and please, correct me if I'm wrong, that it seems the original script by Badmoon, could be easily tweaked to allow/whitelist 1, 2 or 3 countries and block the rest of the world.
In case this is possible, I would like to start a new thread with the recycled script converted to a Whitelist/allowed countries.
What I'm trying to do, is to make SSH on 443 and maybe FTP on any high random port like 54321 available just from any IP in UK, Ireland and Spain.
I'm completely newbie on Linux but I will try my best. I found that http://www.ipdeny.com/ipblocks/ has been updated recently, and I think we could keep using it.
I've recently bought a refur WRT1900AC v2 and I'm using Kong 31100M on it for this purpose.
Posted: Thu Feb 23, 2017 5:15 Post subject: Re: Whitelist/allowed countries - block the rest script
VictorPT wrote:
Hi guys,
This is my first post, therefore, first and foremost, big thank you to EVERYONE for EVERYTHING on DD-WRT, I love DD-WRT and this forum make this project possible.
Thank you Badmoon and JAMESMTL for your hard work on this script.
I would like to ask you, and please, correct me if I'm wrong, that it seems the original script by Badmoon, could be easily tweaked to allow/whitelist 1, 2 or 3 countries and block the rest of the world.
In case this is possible, I would like to start a new thread with the recycled script converted to a Whitelist/allowed countries.
What I'm trying to do, is to make SSH on 443 and maybe FTP on any high random port like 54321 available just from any IP in UK, Ireland and Spain.
I'm completely newbie on Linux but I will try my best. I found that http://www.ipdeny.com/ipblocks/ has been updated recently, and I think we could keep using it.
I've recently bought a refur WRT1900AC v2 and I'm using Kong 31100M on it for this purpose.
Thanks in advance.
Go for it, post a link to the new thread and let us know how it goes. I'm interested to see how it goes. _________________ R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x https://pi-hole.net/ https://github.com/DNSCrypt/dnscrypt-proxy
Has anybody adapted this script to IPv6? I'm interested in blocking all known Chinese IPv6 ranges.
With IPv6, would we be inserting anything into FORWARD chain since IPv6 are not NATted?