├── .gitattributes ├── .gitignore ├── Changelog.md ├── Install_From_Scratch.sh ├── LICENCE.md ├── P2Partisan └── p2partisan.sh ├── README.md ├── ci ├── .gitlab-ci.yml └── scripts │ ├── 00-libs.sh │ ├── 10-check_versions.sh │ ├── 30-check_bash.sh │ ├── 40-check_project.sh │ └── 99-end_script.sh ├── root ├── .bash_aliases ├── .bashrc ├── .inputrc ├── .profile ├── .screenrc ├── ConfigOverload │ └── .gitkeep ├── ISP │ └── Orange │ │ └── Orange_ISP.sh ├── OpenVPN │ ├── client1 │ │ └── .gitkeep │ ├── client2 │ │ └── .gitkeep │ ├── client3 │ │ └── .gitkeep │ ├── server1 │ │ └── .gitkeep │ └── server2 │ │ └── .gitkeep ├── SCRIPTs │ ├── Environment_Config.sh │ ├── Load_ArmExtras.sh │ ├── Services_Start.sh │ ├── Services_Stop.sh │ ├── USB_AfterMounting.sh │ ├── USB_BeforeUnmounting.sh │ ├── Upgrade.sh │ └── inc │ │ ├── funcs │ │ └── vars └── TEMPLATEs │ ├── .autorun.tmpl │ ├── dnscrypt │ ├── blacklists.txt.tmpl │ ├── cloaking-rules.txt.tmpl │ ├── dnscrypt-proxy.toml.tmpl │ ├── forwarding-rules.txt.tmpl │ ├── generate-domains-blacklists │ │ ├── domains-blacklist-local-additions.txt.tmpl │ │ ├── domains-blacklist.conf.tmpl │ │ ├── domains-time-restricted.txt.tmpl │ │ └── domains-whitelist.txt.tmpl │ ├── ip_blacklist.txt.tmpl │ └── whitelist.txt.tmpl │ ├── init │ ├── S01fake-hwclock.tmpl │ ├── S02syslog.tmpl │ ├── S03dnsmasq.tmpl │ ├── S09dnscrypt-proxy2.tmpl │ ├── S19rpcbind.tmpl │ ├── S57nfs-kernel-server.tmpl │ ├── S71openvpn-client1.tmpl │ ├── S72openvpn-client2.tmpl │ ├── S73openvpn-client3.tmpl │ ├── S74openvpn-server1.tmpl │ ├── S75openvpn-server2.tmpl │ ├── S76openvpn-server3.tmpl │ ├── S77ntpd.tmpl │ ├── S80cstats.tmpl │ ├── S81rstats.tmpl │ ├── S83samba.tmpl │ ├── rc.func.tmpl │ └── rc.unslung.tmpl │ ├── p2partisan │ ├── blacklist-custom.txt.tmpl │ ├── blacklists.txt.tmpl │ ├── greylist.txt.tmpl │ └── whitelist.txt.tmpl │ └── vars.tmpl └── version /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text eol=lf 3 | # Custom for Visual Studio 4 | *.cs diff=csharp 5 | *.sln merge=union 6 | *.csproj merge=union 7 | *.vbproj merge=union 8 | *.fsproj merge=union 9 | *.dbproj merge=union 10 | # Standard to msysgit 11 | *.doc diff=astextplain 12 | *.DOC diff=astextplain 13 | *.docx diff=astextplain 14 | *.DOCX diff=astextplain 15 | *.dot diff=astextplain 16 | *.DOT diff=astextplain 17 | *.pdf diff=astextplain 18 | *.PDF diff=astextplain 19 | *.rtf diff=astextplain 20 | *.RTF diff=astextplain 21 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.custom 2 | .vscode/ 3 | bin/ 4 | bash.exe.stackdump 5 | 6 | P2Partisan/* 7 | !P2Partisan/p2partisan.sh 8 | 9 | root/.ash_history 10 | root/.bash_history 11 | root/.config/ 12 | root/.uuid 13 | root/BACKUPs/ 14 | root/ConfigOverload/* 15 | 16 | ARM-Extras/ 17 | 18 | client1.log 19 | client2.log 20 | client3.log 21 | server1.log 22 | server2.log 23 | -------------------------------------------------------------------------------- /Changelog.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## v1.0.14 - _2021/06/27_ 4 | 5 | - fix `.gitignore` 6 | - Shellcheck fix 7 | - code format 8 | - force scripts permissions 9 | - remove unused empty log files 10 | - fix `Upgrade.sh` about OPKG packages listing 11 | - `p2partisan.sh` 12 | - nslookup DNS 13 | - Shellcheck review 14 | - `deaggregate.sh` review 15 | - clean 16 | - force source of overloaded vars 17 | - force Quad9 DNS for internal scripts 18 | - fix shebang 19 | 20 | ## v1.0.13 - _2021/06/21_ 21 | 22 | - disable **Ext4 Metadata Checksums** for USB disk setup from documentation _(#2)_ 23 | - remove OPKG Python2 package to avoid `opkg_install_cmd: Cannot install package python` error 24 | 25 | ## v1.0.12 - _2020/03/26_ 26 | 27 | - typo fix 28 | - CI review 29 | 30 | ## v1.0.11 - _2019/09/22_ 31 | 32 | - DNScrypt-proxy v2 33 | - add 'gsExternalDns' variable for use external DNS server like PiHole 34 | - Minor code review 35 | 36 | ## v1.0.10 - _2019/04/13_ 37 | 38 | - DNScrypt-proxy v2 39 | - update dnscrypt-proxy.toml.tmpl 40 | - update generate-domains-blacklists/domains-blacklist.conf.tmpl 41 | - set doh_servers to false _(DoH is not available with OPKG binary)_ 42 | - disable empty public DNS in inti script 43 | 44 | ## v1.0.9 - _2019/03/04_ 45 | 46 | - funcs, bug fix 47 | - DNScrypt-proxy v2 48 | - active tls_cipher_suite for default config 49 | - clean blacklists.txt 50 | - update default entries for cloaking-rules.txt 51 | - update default entries for ip_blacklist.txt 52 | - activate and add default file for query.log _(Query logging)_ 53 | - activate and add default file for nx.log _(Suspicious queries logging)_ 54 | - add defaults generate-domains-blacklists config files 55 | 56 | ## v1.0.8 - _2019/02/24_ 57 | 58 | - code review of ci/31-check_bash.sh 59 | - remove all variable declaration 60 | - add Youtube to DNScrypt whitelist 61 | - update P2Partisan blacklists _(block more countries)_ 62 | 63 | ## v1.0.7 - _2019/01/31_ 64 | 65 | - mount /tmp to /opt/tmp to avoid overloading NVRAM 66 | - increase /tmp to 256MB 67 | - update DNScrypt-proxy blacklists.txt 68 | - P2Partisan disable upgrade & autorun functions 69 | - P2Partisan disable tutor on firewall script, add it to custom schedule 1 at 05:00 70 | - bug fix Install_From_Scratch.sh 71 | - code review for .autorun script 72 | - add lock file for USB_AfterMounting.sh & USB_BeforeUnmounting.sh 73 | - P2Partisan update blocklists 74 | 75 | ## v1.0.6 - _2019/01/29_ 76 | 77 | - add .autorun to /opt _(permit to restore last NVRAM config file after a reset)_ 78 | - add more NVRAM save _(after mounting, before unmounting, during upgrade)_ 79 | - add Python 2 & 3 packages 80 | - update DNScrypt-proxy blacklists.txt from [Public Blacklists](https://github.com/jedisct1/dnscrypt-proxy/wiki/Public-blacklists) 81 | - add [DNScrypt-proxy utils](https://github.com/jedisct1/dnscrypt-proxy/tree/master/utils/generate-domains-blacklists) 82 | - included DNScrypt-proxy repo update _(get latest DNScrypt-proxy utils)_ 83 | - add comment in README about DNScrypt-proxy utils 84 | - add loading custom config files directly into S09dnscrypt-proxy2.tmpl 85 | - P2Partisan, remove native autorun 86 | - disable Upgrade.sh after USB mounting 87 | 88 | ## v1.0.5 - _2019/01/28_ 89 | 90 | - p2partisan.sh 91 | - dynamic addition of all ports of system services _(nvram show 2>/dev/null | grep 'port=')_ 92 | - add gsP2Partisan_UdpPorts & gsP2Partisan_TcpPorts to vars files 93 | - update blocklists 94 | 95 | ## v1.0.4 - _2019/01/26_ 96 | 97 | - remove Orange ISP patch 98 | - change the location of custom configuration files for DNScrypt-proxy and P2Partisan 99 | - p2partisan.sh version code review 100 | - DNScrypt-proxy detect AIO firmware 101 | 102 | ## v1.0.3 - _2019/01/25_ 103 | 104 | - remove backup of DNScrypt-config.toml by date 105 | - add auto restore NVRAM configuration file after mount /opt 106 | - change the location of custom configuration files for DNScrypt-proxy and P2Partisan 107 | - bug fix for Orange_ISP.sh 108 | - create method for /sbin/udhcpc 109 | - nvram set script_init 110 | - orange_ack_script_fire.sh 111 | - variables backslashes 112 | - some mistakes - p2partisan.sh, correct some shellcheck errors codes _(SC2164, SC2034, SC2046, SC2154, SC2181, SC2162, SC2116, SC2016)_ 113 | 114 | ## v1.0.2 - _2019/01/22_ 115 | 116 | - disable DNScrypt v2 install for AIO firmware version _(nvram get os_version)_ 117 | - add port 52 to p2partisan whitelist 118 | - update README 119 | - add chmod after an Upgrade for p2partisan.sh 120 | 121 | ## v1.0.1 - _2019/01/22_ 122 | 123 | - add /opt/etc/init.d/ to .bashrc 124 | - add p2partisan.sh alias to .bash_aliases 125 | - code review for gfnP2pArtisanStartStop function to add/remove start on boot 126 | - add whiteports_tcp=43,80,443 and whiteports_udp=53,123,1194:1196 to p2partisan.sh 127 | 128 | ## v1.0.0 - _2019/01/19_ 129 | 130 | - First release 131 | -------------------------------------------------------------------------------- /Install_From_Scratch.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # https://github.com/toulousain79/MyTomato 4 | 5 | #### Variables declaration 6 | gsDirLogs="" 7 | gsDirBackups="" 8 | gsDirArmExtras="" 9 | gsDirOverLoad="" 10 | gsWan1_DNS="" 11 | [ -n "${1}" ] && FILESYSTEM="${1}" || FILESYSTEM="ext4" 12 | 13 | #### Check if OPKG already exist 14 | (type opkg >/dev/null) && echo "ERROR: 'opkg' already exist" && exit 1 15 | 16 | #### Mount /opt 17 | (df -h | grep -q '/tmp/mnt/ENTWARE') && umount /tmp/mnt/ENTWARE 18 | echo "LABEL=ENTWARE /opt ${FILESYSTEM} defaults,data=writeback,noatime,nodiratime 0 0" >/etc/fstab 19 | mount -a 20 | (! df -h | grep -q '/opt') && echo "ERROR: '/opt' not mounting" && exit 1 21 | 22 | #### Install ENTWARE 23 | wget -O - http://bin.entware.net/armv7sf-k2.6/installer/generic.sh | sh 24 | 25 | ### Export 26 | (! echo "$PATH" | grep -q '/opt/bin') && PATH=$PATH:/opt/bin 27 | (! echo "$PATH" | grep -q '/opt/sbin') && PATH=$PATH:/opt/sbin 28 | export PATH 29 | 30 | wget -O - http://pkg.entware.net/sources/i18n_glib223.tar.gz | tar zx -C /tmp/ 31 | mv -v /tmp/i18n/locales/* /opt/usr/share/i18n/locales/ 32 | mv -v /tmp/i18n/charmaps/* /opt/usr/share/i18n/charmaps/ 33 | rm -rf /tmp/i18n 34 | 35 | opkg update 36 | opkg install \ 37 | bash \ 38 | wget \ 39 | curl \ 40 | bzip2 \ 41 | less \ 42 | lsof \ 43 | perl \ 44 | tar \ 45 | unzip \ 46 | sed \ 47 | vim \ 48 | vim-runtime \ 49 | tcpdump \ 50 | htop \ 51 | gawk \ 52 | bind-dig \ 53 | file \ 54 | strace \ 55 | whereis \ 56 | mlocate \ 57 | git \ 58 | jq \ 59 | xxd \ 60 | logrotate \ 61 | mount-utils \ 62 | coreutils-ln \ 63 | coreutils-uniq \ 64 | coreutils-kill \ 65 | coreutils-dircolors \ 66 | coreutils-dirname \ 67 | coreutils-cp \ 68 | coreutils-mv \ 69 | coreutils-chown \ 70 | coreutils-chmod \ 71 | coreutils-cat \ 72 | coreutils-basename \ 73 | coreutils-install \ 74 | coreutils-df \ 75 | procps-ng-ps \ 76 | procps-ng-pgrep \ 77 | ca-certificates \ 78 | ca-bundle \ 79 | fake-hwclock \ 80 | ntpdate \ 81 | ntpd \ 82 | rsync \ 83 | openssh-sftp-server \ 84 | nfs-kernel-server \ 85 | nfs-kernel-server-utils \ 86 | python3 87 | 88 | #### NTP 89 | ntpdate -4 -p 1 -u 0.fr.pool.ntp.org 90 | 91 | #### Clone GitHub repoistory 92 | if [ ! -d /opt/MyTomato ]; then 93 | git clone git://github.com/toulousain79/MyTomato.git /opt/MyTomato 94 | else 95 | cd /opt/MyTomato || exit 1 96 | git fetch origin 97 | git reset --hard origin/master 98 | git pull origin master 99 | fi 100 | 101 | #### DNScrypt-proxy v2 102 | if (! nvram get os_version | grep -q 'AIO'); then 103 | if [ ! -d /opt/usr/local/dnscrypt-proxy ]; then 104 | git clone git://github.com/jedisct1/dnscrypt-proxy.git /opt/usr/local/dnscrypt-proxy 105 | else 106 | cd /opt/usr/local/dnscrypt-proxy || exit 1 107 | git fetch origin 108 | git reset --hard origin/master 109 | git pull origin master 110 | fi 111 | if [ -f /opt/usr/local/dnscrypt-proxy/utils/generate-domains-blacklists/generate-domains-blacklist.py ]; then 112 | cd /opt/usr/local/dnscrypt-proxy/utils/generate-domains-blacklists/ || exit 113 | chmod +x generate-domains-blacklist.py 114 | # python generate-domains-blacklist.py >list.txt.tmp && mv -f list.txt.tmp blacklists.txt 115 | fi 116 | fi 117 | 118 | # Add /opt UUID to "/opt/MyTomato/root/ConfigOverload/vars" 119 | cp -v /opt/MyTomato/root/TEMPLATEs/vars.tmpl /opt/MyTomato/root/ConfigOverload/vars 120 | gsUsbOptUuid="$(blkid | grep 'ENTWARE' | awk '{ print $3 }' | cut -d '"' -f 2)" 121 | if [ -f /opt/MyTomato/root/ConfigOverload/vars ]; then 122 | nNumLine=$(grep 'gsUsbOptUuid' -n -m 1 >/opt/MyTomato/root/ConfigOverload/vars 134 | fi 135 | 136 | #### Loading vars 137 | [ ! -f /opt/MyTomato/root/SCRIPTs/inc/vars ] && { 138 | echo "Error, '/opt/MyTomato/root/SCRIPTs/inc/vars' file does not exist, aborting !" 139 | exit 1 140 | } 141 | # shellcheck source=root/SCRIPTs/inc/vars 142 | . /opt/MyTomato/root/SCRIPTs/inc/vars 143 | # shellcheck source=root/SCRIPTs/inc/vars 144 | . /opt/MyTomato/root/ConfigOverload/vars 145 | export PATH=/opt/bin:/opt/sbin:/opt/usr/bin:/opt/usr/sbin:/bin:/sbin:/mmc/bin:/mmc/sbin:/mmc/usr/bin:/mmc/usr/sbin:/usr/bin:/usr/sbin:/home/root 146 | echo "Firmware Version: ${gsFirmwareVersion}" 147 | echo "Firmware Year: ${gsFirmwareYear}" 148 | echo "URL Arm-Extras: ${gsUrlArmExtras}" 149 | echo "Locales: ${gsLocales}" 150 | echo "Timezone: ${gsTimezone}" 151 | echo "USB filesystem: ${gsUsbFileSystem}" 152 | echo "USB UUID: ${gsUsbOptUuid}" 153 | echo "Enable P2Partisan: ${gbP2Partisan_Enable}" 154 | echo "Enable DSNcrypt: ${gbDNScrypt_Enable}" 155 | echo "Default DNS (Quad 9): ${gsWan1_DNS}" 156 | echo "Enable repo auto upgrade: ${gbRepoUpgrade_Enable}" 157 | 158 | #### Add /opt/bin/bash to /opt/etc/shells 159 | (! grep -q '/opt/bin/bash' /opt/etc/shells) && echo "/opt/bin/bash" >>/opt/etc/shells 160 | cat /opt/etc/shells 161 | 162 | #### Locales 163 | [ -n "${gsLocales}" ] && /opt/bin/localedef.new -c -f UTF-8 -i "${gsLocales}" "${gsLocales}.UTF-8" 164 | [ -n "${gsTimezone}" ] && ln -sfv /opt/share/zoneinfo/${gsTimezone} /opt/etc/localtime 165 | 166 | #### TAG '/opt' and '/opt/var/log' with UUID to avoid deleting 167 | if [ -n "${gsUsbOptUuid}" ]; then 168 | if [ ! -f /opt/.uuid ] || [ "$(cat /opt/.uuid)" != "${gsUsbOptUuid}" ]; then 169 | echo "${gsUsbOptUuid}" >/opt/.uuid 170 | fi 171 | if [ ! -f /opt/root/.uuid ] || [ "$(cat /opt/root/.uuid)" != "${gsUsbOptUuid}" ]; then 172 | echo "${gsUsbOptUuid}" >/opt/root/.uuid 173 | fi 174 | if [ ! -f /opt/var/log/.uuid ] || [ "$(cat /opt/var/log/.uuid)" != "${gsUsbOptUuid}" ]; then 175 | echo "${gsUsbOptUuid}" >/opt/var/log/.uuid 176 | fi 177 | fi 178 | 179 | #### Prepare some files and directories #### 180 | # /opt/tmp 181 | if (! mount -l | grep -q '/tmp'); then 182 | mount -t tmpfs -o size=256M,mode=0755 tmpfs /opt/tmp/ 183 | cp -af /tmp/* /opt/tmp/ 184 | rm -rRf /tmp/* && rm -rRf /tmp/.??* 185 | mount -v --bind /opt/tmp /tmp 186 | fi 187 | 188 | # /opt/var/log 189 | if (! mount -l | grep -q '/tmp/var/log'); then 190 | if [ -f /tmp/var/log/messages ]; then 191 | cat /tmp/var/log/messages >>/opt/var/log/messages 192 | if [ ! -f /tmp/var/log/.uuid ]; then 193 | rm -rRfv /tmp/var/log/* && rm -rRf /tmp/var/log/.??* 194 | fi 195 | /opt/bin/mount -v --bind /opt/var/log /tmp/var/log 196 | fi 197 | fi 198 | 199 | # /opt/root 200 | if (! mount -l | grep -q '/tmp/home/root'); then 201 | if [ ! -f /tmp/home/root/.uuid ]; then 202 | rm -rRf /tmp/home/root/* && rm -rRf /tmp/home/root/.??* 203 | rm -rf /opt/root 204 | fi 205 | /opt/bin/mount -v --bind /opt/MyTomato/root /tmp/home/root 206 | fi 207 | [ ! -h /opt/root ] && ln -s /opt/MyTomato/root/ /opt/root 208 | 209 | # Rights 210 | chmod +x ${gsDirScripts}/* 211 | 212 | # Creating directories 213 | mkdir -pv "${gsDirBackups}" 214 | mkdir -pv "${gsDirArmExtras}" 215 | mkdir -pv "${gsDirOverLoad}/p2partisan" 216 | mkdir -pv "${gsDirOverLoad}/dnscrypt" 217 | 218 | # Copy back all existing init files 219 | /opt/bin/find /opt/etc/init.d/ -type f -name "*" -exec bash -c 'i="$1"; cp -v "${i}" "${gsDirBackups}/$(basename ${i}).original"' _ {} \; 220 | 221 | # Copy all init files 222 | /opt/bin/find "${gsDirTemplates}/init/" -name "*.tmpl" -exec bash -c 'i="$1"; cp -v "${i}" /opt/etc/init.d/$(basename $(echo "${i}" | sed "s/.tmpl//g;"))' _ {} \; 223 | chmod +x /opt/etc/init.d/* 224 | 225 | # Create empty file 226 | touch /etc/dnsmasq-custom.conf 227 | touch ${gsDirOverLoad}/.bash_aliases 228 | /opt/bin/find "${gsDirTemplates}/p2partisan/" -name "*.txt.tmpl" -exec bash -c 'i="$1"; cp -v "${i}" ${gsDirOverLoad}/p2partisan/$(basename $(echo "$1" | sed "s/p2partisan.//g;s/.txt.tmpl//g;"))' _ {} \; 229 | /opt/bin/find "${gsDirTemplates}/dnscrypt/" -name "*.txt.tmpl" -exec bash -c 'i="$1"; cp -v "${i}" ${gsDirOverLoad}/dnscrypt/$(basename $(echo "$1" | sed "s/.tmpl//g;"))' _ {} \; 230 | 231 | #### NVRAM settings 232 | # Administration > Scripts > Init 233 | nvram set script_init="echo \"LABEL=SWAP none swap sw 0 0\" > /etc/fstab 234 | echo \"LABEL=ENTWARE /opt ${FILESYSTEM} defaults,data=writeback,noatime,nodiratime 0 0\" >> /etc/fstab 235 | touch /etc/dnsmasq-custom.conf" 236 | 237 | # USB and NAS > USB Support>Run after mounting 238 | nvram set script_usbmount="{ [ \"\$1\" == \"/opt\" ]; [ -f \"\$1/MyTomato/root/SCRIPTs/USB_AfterMounting.sh\" ]; } && bash \"\$1/MyTomato/root/SCRIPTs/USB_AfterMounting.sh\"" 239 | # USB and NAS > USB Support>Run before unmounting 240 | { 241 | echo "{ [ \"\$1\" == \"/opt\" ]; [ -f \"\$1/MyTomato/root/SCRIPTs/USB_BeforeUnmounting.sh\" ]; } && bash \"\$1/MyTomato/root/SCRIPTs/USB_BeforeUnmounting.sh\"" 242 | echo "sleep 2; service dnsmasq restart" 243 | } >/tmp/script_usbumount 244 | nvram set script_usbumount="$(cat /tmp/script_usbumount)" 245 | # Administration > Scheduler > Custom 1 246 | nvram set sch_c1=1,300,127 # Everyday at 5:00 am 247 | nvram set sch_c1_cmd="bash ${gsDirScripts}/Upgrade.sh" 248 | # Administration > Script > Shutdown 249 | nvram set script_shut="[ -f ${gsDirScripts}/USB_BeforeUnmounting.sh ] && bash ${gsDirScripts}/USB_BeforeUnmounting.sh" 250 | #### Administration > Logging > Syslog 251 | nvram set log_file=1 252 | nvram set log_events="acre,crond,dhcpc,ntp,sched" 253 | nvram set log_file_custom=1 254 | nvram set log_file_path="/var/log/messages" 255 | nvram set log_file_keep=30 256 | nvram set log_file_size=10240 257 | nvram set log_limit=0 258 | nvram set log_mark=30 259 | ### Administration > Logging > IP Traffic Monitoring 260 | nvram set cstats_enable=0 261 | nvram set cstats_path="${gsDirLogs}/" 262 | nvram set cstats_offset=1 263 | nvram set cstats_stime=1 264 | nvram set cstats_include= 265 | nvram set cstats_exclude= 266 | nvram set cstats_sshut=1 267 | nvram set cstats_bak=1 268 | ### Administration > Logging > Bandwidth Monitoring 269 | nvram set rstats_enable=0 270 | nvram set rstats_path="${gsDirLogs}/" 271 | nvram set rstats_offset=1 272 | nvram set rstats_stime=1 273 | nvram set rstats_exclude= 274 | nvram set rstats_sshut=1 275 | nvram set rstats_bak=1 276 | ## Basic > Identification > Hostname 277 | nvram set wan_hostname="MyTomato" 278 | ## Basic > Network > WAN Settings > WAN 1 279 | nvram set wan_dns="${gsWan1_DNS}" 280 | ## Basic > Time 281 | nvram set ntp_tdod=1 282 | ## VPN Tunneling > OpenVPN Client > Client 1 > Advanced 283 | { 284 | echo "ca /opt/MyTomato/root/OpenVPN/client1/ca_example.crt" 285 | echo "cert /opt/MyTomato/root/OpenVPN/client1/demo_example.crt" 286 | echo "key /opt/MyTomato/root/OpenVPN/client1/demo_example.key" 287 | echo "tls-auth /opt/MyTomato/root/OpenVPN/client1/ta_example.key 1" 288 | echo "log /opt/MyTomato/root/OpenVPN/client1/client1.log" 289 | echo "verb 3" 290 | } >>/tmp/openvpn_client1 291 | nvram set vpn_client1_custom="$(cat /tmp/openvpn_client1)" 292 | 293 | #### Cleaning 294 | rm -fv /tmp/script_init 295 | rm -fv /tmp/script_fire 296 | rm -fv /tmp/script_usbumount 297 | rm -fv /tmp/openvpn_client1 298 | rm -fv /opt/etc/init.d/S77ntpdate 299 | rm -fv /opt/etc/*.1 300 | if (nvram get os_version | grep -q 'AIO'); then 301 | rm -fv /opt/etc/dnscrypt-proxy.toml 302 | rm -fv ${gsDirBackups}/dnscrypt-proxy* 303 | rm -fv /opt/etc/init.d/S09dnscrypt-proxy2 304 | rm -fv ${gsDirOverLoad}/dnscrypt* 305 | rm -fv ${gsDirOverLoad}/*.md 306 | rm -fv ${gsDirOverLoad}/*.minisig 307 | 308 | nNumLine=$(grep 'gbDNScrypt_Enable' -n -m 1 >/opt/etc/group 333 | cat /opt/etc/group 334 | updatedb 335 | 336 | #### NVRAM config save 337 | nvram set mytomato_config_save="${gdDateTime}" 338 | nvram commit 339 | nvram save "${gsDirBackups}/MyTomato_${gdDateTime}.cfg" >/dev/null 2>&1 340 | 341 | #### Reboot needed 342 | echo 343 | echo 344 | echo "Please, adapt '${gsDirOverLoad}/vars' as you want..." 345 | echo 346 | echo "And, reboot your router..." 347 | echo "The reboot can take a while, so please be patient." 348 | echo 349 | echo "Maybe adapt your LAN IP address... ;-)" 350 | echo 351 | echo 352 | -------------------------------------------------------------------------------- /LICENCE.md: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2013 toulousain79 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # MyTomato _(ARMv7 only)_ 2 | 3 | TomatoUSB environment for Shibby or FreshTomato **ARM v7** firmwares VPN version _(kernel v2.6.36)_. 4 | 5 | 11 | 12 |

13 | 14 |

15 | 16 |

17 | 18 | PayPal donate 19 | 20 | Bitcoins doante 21 |

22 | 23 | ## Features 24 | 25 | - Install latest [Entware](https://github.com/Entware/Entware) version _(Merge of Entware-ng-3x and Entware-ng)_ 26 | - Use of [standard](https://github.com/Entware/Entware/wiki/Alternative-install-vs-standard) installation version _(generic for kernel v2.6.36)_ 27 | - Prepare an environment for root user 28 | - bash _(prompt, locale, colors, readline, bash on login, ...)_ 29 | - aliases for all Entware binaries installed _(dynamically)_ 30 | - admin tools 31 | - PATH updated to prioritize binaries in /opt 32 | - code review of rc.unslung 33 | - add locales & timezone 34 | - auto restore the last NVRAM config saved on /opt 35 | - Project auto upgrade _(Entware & GitHub)_ 36 | - get patch 37 | - new features 38 | - ARM-Extras modules downloaded automatically 39 | - [P2Partisan v6.08](https://www.linksysinfo.org/index.php?threads/p2partisan-v5-14-v6-08-mass-ip-blocking-peerblock-peerguardian-for-tomato.69128/) 40 | - countries blocklists 41 | - usual blocklists 42 | - known addresses of TMG 43 | - code review 44 | - [DNScrypt-proxy v2](https://github.com/jedisct1/dnscrypt-proxy/blob/master/README.md) _(no DoH)_ _(disabled for AIO firmwares)_ 45 | - DNS query monitoring, with separate log files for regular and suspicious queries 46 | - Filtering: **block ads**, **malware**, and other unwanted content. Compatible with all DNS services 47 | - Time-based filtering, with a flexible weekly schedule 48 | - Compatible with DNSSEC 49 | - ... 50 | - NVram sets 51 | - init script 52 | - shutdown script 53 | - USB mount/unmount for /opt 54 | - ... 55 | 56 | ### Test on 57 | 58 | - Netgear R7000 _(FreshTomato)_ 59 | 60 | ## Install 61 | 62 | ### Prepare your USB disk _(mine is a 60Go SSD on USB 3.0)_ 63 | 64 | You must create partitions before _(fdisk /dev/xxx ?)_ ;-) 65 | 66 | Replace **/dev/xxxx** by your device _(ex: /dev/sda2)_ 67 | 68 | For an USB key, you can use _ext2_, because this filesystem limits disk access in read and write _(Journaling & Directory Indexing)_. 69 | 70 | Seas personally, I prefer to use _ext4_, as long as I disable the journaling. 71 | 72 | This allows faster read/write access, and increases the life of your USB device ;-) 73 | 74 | 1. Prepare your SWAP and ext4 partitions 75 | 76 | 2. Format the **SWAP** partition with the label **SWAP** _(for size, 128M is sufficient)_ 77 | 78 | ```bash 79 | mkswap -L SWAP /dev/xxxx 80 | ``` 81 | 82 | 3. Format **/opt** partition as EXT4 with the label **ENTWARE** _(minimum of 4Go)_ 83 | 84 | ```bash 85 | mkfs.ext4 -L ENTWARE /dev/xxxx 86 | ``` 87 | 88 | 4. Tuning the Ext4 filesystem _(disable Journal, disable Directory Indexing, disable Ext4 Metadata Checksums, reduce 5% to 2% Reserved Blocks)_ 89 | 90 | ```bash 91 | tune2fs -o ^journal_data_writeback -O ^has_journal,dir_index,^metadata_csum /dev/xxxx 92 | tune2fs -m 2 /dev/xxxx 93 | e2fsck -Df /dev/xxxx 94 | ``` 95 | 96 | ### Install MyTomato 97 | 98 | **It is best to before perform an _Erase all data in NVRAM memory thorough_.** 99 | 100 | 1. Plug your disk on router 101 | 102 | 2. Login in SSH 103 | 104 | 3. Make sure you have a working Internet connection on your router 105 | 106 | 4. Execute the installation 107 | 108 | Where FILESYSTEM can be **ext2**, **ext3** or **ext4** _(default)_ 109 | 110 | ```bash 111 | export FILESYSTEM="ext4" 112 | wget -O - https://raw.githubusercontent.com/toulousain79/MyTomato/master/Install_From_Scratch.sh | sh 113 | ``` 114 | 115 | 5. At the end, you will get the following message: 116 | 117 | ```bash 118 | Please, adapt '/opt/MyTomato/root/ConfigOverload/vars' as you want... 119 | 120 | And, reboot your router... 121 | The reboot can take a while, so please be patient. 122 | 123 | Maybe adapt your LAN IP address... ;-) 124 | ``` 125 | 126 | _**NB:** Default IP address is **192.168.1.1**_ 127 | 128 | 6. It's time to fill in your variables 129 | 130 | ```bash 131 | vim /opt/MyTomato/root/ConfigOverload/vars 132 | ``` 133 | 134 | 7. Reboot 135 | 136 | ## Availables commands 137 | 138 | All the scripts present in /opt/MyTomato/root/SCRIPTs/ are accessible directly via the PATH. 139 | 140 | - **USB_AfterMounting.sh** 141 | - executed after USB /opt mounting 142 | - **Services_Start.sh** 143 | - executed by USB_AfterMounting.sh 144 | - start all services using _/opt/etc/init.d/rc.unslung_ script 145 | - **USB_BeforeUnmounting.sh** 146 | - executed after USB /opt UNmounting 147 | - **Services_Stop.sh** 148 | - executed by USB_BeforeUnmounting.sh 149 | - stop all services using _/opt/etc/init.d/rc.unslung_ script 150 | - **Upgrade.sh** 151 | - executed periodically every day 152 | - upgrade /opt/MyTomato/ via GitHub 153 | - update & upgrade OPKG packages 154 | 155 | ## Personalization 156 | 157 | To allow the update of MyTomato, some files _(ex: config)_, are overchargeable. 158 | 159 | If you modify the original files, you will **lose** your changes during an update of MyTomato. 160 | 161 | Editable files are: 162 | 163 | - System 164 | - /opt/MyTomato/root/ConfigOverload/vars 165 | - /opt/MyTomato/root/ConfigOverload/.bash_aliases 166 | - /opt/MyTomato/root/ConfigOverload/.bashrc 167 | 168 | - DNScrypt-proxy v2 _(default files)_ 169 | - /opt/MyTomato/root/ConfigOverload/dnscrypt/dnscrypt-proxy.toml _(DNScrypt config file)_ 170 | - /opt/MyTomato/root/ConfigOverload/dnscrypt/blacklists.txt 171 | - /opt/MyTomato/root/ConfigOverload/dnscrypt/ip_blacklist.txt 172 | - /opt/MyTomato/root/ConfigOverload/dnscrypt/whitelist.txt 173 | - /opt/MyTomato/root/ConfigOverload/dnscrypt/cloaking-rules.txt 174 | - /opt/MyTomato/root/ConfigOverload/dnscrypt/forwarding-rules.txt 175 | 176 | - DNScrypt-proxy v2 _(generate-domains-blacklists)_ 177 | - /opt/MyTomato/root/ConfigOverload/dnscrypt/generate-domains-blacklists/domains-blacklist.conf 178 | - /opt/MyTomato/root/ConfigOverload/dnscrypt/generate-domains-blacklists/domains-blacklist-local-additions.txt 179 | - /opt/MyTomato/root/ConfigOverload/dnscrypt/generate-domains-blacklists/domains-time-restricted.txt 180 | - /opt/MyTomato/root/ConfigOverload/dnscrypt/generate-domains-blacklists/domains-whitelist.txt 181 | 182 | - P2Partisan 183 | - /opt/MyTomato/root/ConfigOverload/p2partisan/blacklists 184 | - /opt/MyTomato/root/ConfigOverload/p2partisan/blacklists-custom 185 | - /opt/MyTomato/root/ConfigOverload/p2partisan/greylist 186 | - /opt/MyTomato/root/ConfigOverload/p2partisan/whitelist 187 | 188 | ## Additional services 189 | 190 | ### P2Partisan _(mass IP blocking like peerblock/peerguardian for tomato)_ 191 | 192 | All ports of system services are dynamicly added to whitelist. _(nvram show 2>/dev/null | grep 'port=')_ 193 | 194 | And you can add more into **/opt/MyTomato/root/ConfigOverload/vars**. 195 | 196 | #### P2Partisan - Config file 197 | 198 | ```bash 199 | vim /opt/MyTomato/P2Partisan/p2partisan.sh 200 | ``` 201 | 202 | _**NB:** Default values are acceptable_ 203 | 204 | #### Blocklists 205 | 206 | - /opt/MyTomato/root/ConfigOverload/p2partisan/whitelist 207 | - /opt/MyTomato/root/ConfigOverload/p2partisan/greylist 208 | - /opt/MyTomato/root/ConfigOverload/p2partisan/blacklists 209 | - /opt/MyTomato/root/ConfigOverload/p2partisan/blacklist-custom 210 | 211 | _**NB:** Default values are acceptable_ 212 | 213 | ### DNScrypt-proxy v2 214 | 215 | #### DNScrypt-proxy - Config file 216 | 217 | ```bash 218 | vim /opt/MyTomato/root/ConfigOverload/dnscrypt/dnscrypt-proxy.toml 219 | ``` 220 | 221 | You can generate your own **blacklist.txt** with in **/opt/MyTomato/root/ConfigOverload/dnscrypt/generate-domains-blacklists/**. 222 | 223 | Please, check [Public Blacklists](https://github.com/jedisct1/dnscrypt-proxy/wiki/Public-blacklists) 224 | 225 | Edit following files like you want to generate your final **blocklist.txt**: 226 | 227 | - /opt/MyTomato/root/ConfigOverload/dnscrypt/generate-domains-blacklists/**domains-blacklist.conf** 228 | - /opt/MyTomato/root/ConfigOverload/dnscrypt/generate-domains-blacklists/**domains-whitelist.txt** 229 | - /opt/MyTomato/root/ConfigOverload/dnscrypt/generate-domains-blacklists/**domains-time-restricted.txt** 230 | - /opt/MyTomato/root/ConfigOverload/dnscrypt/generate-domains-blacklists/**domains-blacklist-local-additions.txt** 231 | 232 | And, simply execute this: 233 | 234 | ```bash 235 | Upgrade.sh 236 | . /opt/MyTomato/root/SCRIPTs/inc/vars 237 | cp -f "${gsDirOverLoad}/dnscrypt/generate-domains-blacklists/blacklists.txt" "${gsDirOverLoad}/dnscrypt/blacklists.txt" 238 | /opt/etc/init.d/S09dnscrypt-proxy2 restart 239 | ``` 240 | 241 | _**NB:** Default values are acceptable_ 242 | 243 | ## Links 244 | 245 | - [FreshTomato](http://freshtomato.org/) _(active development from Shibby work)_ 246 | - [Tomato by Shibby](http://tomato.groov.pl/) 247 | - [Entware - WiKi](https://github.com/Entware/Entware/wiki) 248 | - [DNScrypt - WiKi](https://github.com/jedisct1/dnscrypt-proxy/wiki) 249 | - [DNScrypt - Public Blacklists](https://github.com/jedisct1/dnscrypt-proxy/wiki/Public-blacklists) 250 | - [P2Partisan](https://www.linksysinfo.org/index.php?threads/p2partisan-v5-14-v6-08-mass-ip-blocking-peerblock-peerguardian-for-tomato.69128/) 251 | - [armv7sf-k3.2 - installer](http://bin.entware.net/armv7sf-k3.2/installer/) 252 | -------------------------------------------------------------------------------- /ci/.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | stages: 3 | - scheduled_check_develop 4 | - scheduled_check_master 5 | - check_develop_before_merge 6 | - check_master_after_merge 7 | 8 | # #### Templates - BoF 9 | .tmpl_check: &tmpl_check 10 | image: ${REGISTRY_IMAGES} 11 | script: 12 | - | 13 | for script in $(echo ${CI_PROJECT_DIR}/ci/scripts/[0-9][0-9]-*.sh); do 14 | echo ${script} "${CI_PROJECT_DIR}" 15 | done 16 | for script in $(echo ${CI_PROJECT_DIR}/ci/scripts/[0-9][0-9]-*.sh); do 17 | . ${script} "${CI_PROJECT_DIR}" 18 | done 19 | # #### Templates - EoF 20 | 21 | # #### Project check scheduled - BoF 22 | Scheduled Develop: 23 | stage: scheduled_check_develop 24 | only: 25 | refs: 26 | - schedules 27 | variables: 28 | - $RELEASE == "develop" 29 | <<: *tmpl_check 30 | 31 | Scheduled Prod: 32 | stage: scheduled_check_master 33 | only: 34 | refs: 35 | - schedules 36 | variables: 37 | - $RELEASE == "prod" 38 | <<: *tmpl_check 39 | # #### Project check scheduled - EoF 40 | 41 | # #### Project check before merge - BoF 42 | Develop: 43 | stage: check_develop_before_merge 44 | only: 45 | refs: 46 | - merge_requests 47 | <<: *tmpl_check 48 | 49 | Prod: 50 | stage: check_master_after_merge 51 | <<: *tmpl_check 52 | only: 53 | - master 54 | except: 55 | - schedules 56 | when: on_success 57 | # #### Project check before merge - EoF 58 | -------------------------------------------------------------------------------- /ci/scripts/00-libs.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | #### 0 - Base 4 | sPwd=$(pwd) 5 | nReturn=0 6 | [ -n "${CI_PROJECT_PATH}" ] && sProjectDir="/builds/${CI_PROJECT_PATH}" || sProjectDir="$(pwd)" 7 | sDirToScan="/tmp/shellcheck_scan" 8 | 9 | #### 1 - Colors 10 | CEND="\033[0m" 11 | CRED="\033[1;31m" 12 | CGREEN="\033[1;32m" 13 | CYELLOW="\033[1;33m" 14 | CBLUE="\033[1;34m" 15 | 16 | #### 2 - Functions 17 | function gfnCopyProject() { 18 | [ -d "${sDirToScan}" ] && rm -rf "${sDirToScan}" 19 | 20 | if [ -n "${sProjectDir}" ] && [ -d "${sProjectDir}" ]; then 21 | rsync -a --exclude '.git' "${sProjectDir}/" "${sDirToScan}/" 22 | else 23 | echo -e "${CYELLOW}You are not in 'project_validation' images:${CEND} ${CRED}Failed${CEND}" 24 | exit 1 25 | fi 26 | } 27 | 28 | #### Export 29 | export gbLoaded sPwd nReturn CEND CRED CGREEN CYELLOW CBLUE 30 | -------------------------------------------------------------------------------- /ci/scripts/10-check_versions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | echo && echo -e "${CBLUE}*** Current branch ***${CEND}" 4 | if [ -n "${CI_COMMIT_REF_NAME}" ]; then 5 | echo "${CI_COMMIT_REF_NAME}" 6 | else 7 | git branch | grep "^* " 8 | fi 9 | 10 | echo && echo -e "${CBLUE}*** Check bash version ***${CEND}" 11 | if (! bash --version); then 12 | echo -e "${CYELLOW}bash version:${CEND} ${CRED}Failed${CEND}" 13 | nReturn=$((nReturn + 1)) 14 | fi 15 | 16 | echo && echo -e "${CBLUE}*** Check shellcheck version ***${CEND}" 17 | if (! shellcheck --version); then 18 | echo -e "${CYELLOW}shellcheck version:${CEND} ${CRED}Failed${CEND}" 19 | nReturn=$((nReturn + 1)) 20 | fi 21 | 22 | echo && echo -e "${CBLUE}*** Check dos2unix version ***${CEND}" 23 | if (! dos2unix --version); then 24 | echo -e "${CYELLOW}dos2unix version:${CEND} ${CRED}Failed${CEND}" 25 | nReturn=$((nReturn + 1)) 26 | fi 27 | 28 | echo && echo -e "${CBLUE}*** Check xz version ***${CEND}" 29 | if (! xz --version); then 30 | echo -e "${CYELLOW}xz version:${CEND} ${CRED}Failed${CEND}" 31 | nReturn=$((nReturn + 1)) 32 | fi 33 | 34 | echo && echo -e "${CBLUE}*** Check rsync version ***${CEND}" 35 | if (! rsync --version); then 36 | echo -e "${CYELLOW}rsync version:${CEND} ${CRED}Failed${CEND}" 37 | nReturn=$((nReturn + 1)) 38 | fi 39 | 40 | echo && echo -e "${CBLUE}*** Check pylint version ***${CEND}" 41 | if (! pylint --version); then 42 | echo -e "${CYELLOW}pylint version:${CEND} ${CRED}Failed${CEND}" 43 | nReturn=$((nReturn + 1)) 44 | fi 45 | 46 | echo && echo -e "${CBLUE}*** Check pylint3 version ***${CEND}" 47 | if (! pylint3 --version); then 48 | echo -e "${CYELLOW}pylint3 version:${CEND} ${CRED}Failed${CEND}" 49 | nReturn=$((nReturn + 1)) 50 | fi 51 | 52 | export nReturn 53 | -------------------------------------------------------------------------------- /ci/scripts/30-check_bash.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | ###################################################################### 3 | # https://github.com/koalaman/shellcheck/wiki/Recursiveness 4 | ##################### FIRST LINE ##################################### 5 | 6 | if [ -z "${vars}" ] || [ "${vars}" -eq 0 ]; then 7 | # shellcheck source=/dev/null 8 | . "/builds/${CI_PROJECT_PATH}/ci/scripts/00-libs.sh" 9 | else 10 | nReturn=$((nReturn + 1)) 11 | fi 12 | 13 | gfnCopyProject 14 | 15 | sFilesListSh="$(grep -IRl "\(#\!/bin/\|shell\=\)sh" --exclude-dir ".git" --exclude-dir ".vscode" --exclude "funcs_*" "${sDirToScan}/")" 16 | if [ -n "${sFilesListSh}" ]; then 17 | echo && echo -e "${CBLUE}*** Check Syntax with Shellcheck (sh) ***${CEND}" 18 | for sFile in ${sFilesListSh}; do 19 | if ! shellcheck -s sh -f tty -S error -S warning -e SC2154 "${sFile}"; then 20 | echo -e "${CYELLOW}${sFile}:${CEND} ${CRED}Failed${CEND}" 21 | nReturn=$((nReturn + 1)) 22 | else 23 | echo -e "${CYELLOW}${sFile}:${CEND} ${CGREEN}Passed${CEND}" 24 | fi 25 | done 26 | fi 27 | 28 | sFilesListBash="$(grep -IRl "\(#\!/bin/\|shell\=\)bash" --exclude-dir ".git" --exclude-dir ".vscode" --exclude-dir ".vscode" "${sDirToScan}/")" 29 | if [ -n "${sFilesListBash}" ]; then 30 | echo && echo -e "${CBLUE}*** Check Syntax with Shellcheck (bash) ***${CEND}" 31 | for sFile in ${sFilesListBash}; do 32 | if ! shellcheck -s bash -f tty -S error -S warning -e SC2154 "${sFile}"; then 33 | echo -e "${CYELLOW}${sFile}:${CEND} ${CRED}Failed${CEND}" 34 | nReturn=$((nReturn + 1)) 35 | else 36 | echo -e "${CYELLOW}${sFile}:${CEND} ${CGREEN}Passed${CEND}" 37 | fi 38 | done 39 | fi 40 | 41 | sFuncsList="$(grep -R -h -E "^[A-Za-z]+[A-Za-z0-9]*(\(\)\ \{)" "${sDirToScan}/root/SCRIPTs/inc/" | cut -d '(' -f 1 | sort)" 42 | if [ -n "${sFuncsList}" ]; then 43 | echo && echo -e "${CBLUE}*** Check for orphan functions ***${CEND}" 44 | for func in ${sFuncsList}; do 45 | nCount=$(grep -R "${func}" "${sDirToScan}/" | wc -l) 46 | case "${nCount}" in 47 | 1) 48 | echo -e "${CYELLOW}${func}:${CEND} ${CRED}Failed${CEND}" 49 | nReturn=$((nReturn + 1)) 50 | ;; 51 | *) 52 | echo -e "${CYELLOW}${func}:${CEND} ${CGREEN}Passed${CEND}" 53 | ;; 54 | esac 55 | done 56 | fi 57 | 58 | sFilesListSh="$(grep -IRl "\(#\!/bin/\|shell\=\)sh" --exclude-dir ".git" --exclude-dir ".vscode" --exclude-dir "ci" "${sDirToScan}/")" 59 | sFilesListBash="$(grep -IRl "\(#\!/bin/\|shell\=\)bash" --exclude-dir ".git" --exclude-dir ".vscode" --exclude-dir "ci" "${sDirToScan}/")" 60 | sFilesList="${sFilesListSh} ${sFilesListBash}" 61 | if [ -n "${sFilesList}" ]; then 62 | echo && echo -e "${CBLUE}*** Check scripts with 'set -n' ***${CEND}" 63 | for file in ${sFilesList}; do 64 | sed -i '/includes_before/d' "${file}" 65 | sed -i '/includes_after/d' "${file}" 66 | sed -i '/#!\/bin\/bash/d' "${file}" 67 | sed -i '1iset -n' "${file}" 68 | echo "set +n" >>"${file}" 69 | dos2unix "${file}" &>/dev/null 70 | if (bash "${file}"); then 71 | echo -e "${CYELLOW}${file}:${CEND} ${CGREEN}Passed${CEND}" 72 | else 73 | echo -e "${CYELLOW}${file}:${CEND} ${CRED}Failed${CEND}" 74 | nReturn=$((nReturn + 1)) 75 | fi 76 | done 77 | fi 78 | -------------------------------------------------------------------------------- /ci/scripts/40-check_project.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # 1/ lister tous les fichiers .tmpl 4 | # 2/ pour chaque fichier trouvé, rechercher si il est appelé 5 | # SI trouvé ALORS OK 6 | # SI trouvé ET commenté ALORS WARNING 7 | # SINON KO 8 | 9 | if [ -z "${vars}" ] || [ "${vars}" -eq 0 ]; then 10 | # shellcheck source=/dev/null 11 | . "/builds/${CI_PROJECT_PATH}/ci/scripts/00-libs.sh" 12 | else 13 | nReturn=$((nReturn + 1)) 14 | fi 15 | 16 | gfnCopyProject 17 | 18 | # Templates files used 19 | sFilesListTmpl="$(find "${sDirToScan}"/root/TEMPLATEs/ -type f -name "*.tmpl" -printf "%f\n" | sort -z | xargs -r0)" 20 | if [ -n "${sFilesListTmpl}" ]; then 21 | echo && echo -e "${CBLUE}*** Check for unused templates ***${CEND}" 22 | for sFile in ${sFilesListTmpl}; do 23 | case "${sFile}" in 24 | *fake-hwclock* | *rpcbind* | *samba* | *openvpn-client* | *openvpn-server* | *ntpd* | *rstats* | *syslog* | *dnsmasq* | *cstats* | *ip_blacklist* | *domains-* | *-rules*) 25 | continue 26 | ;; 27 | *) 28 | if (! grep -qR --exclude-dir=.git "${sFile}" "${sDirToScan}"/); then 29 | echo -e "${CYELLOW}${sDirToScan}/${sFile}:${CEND} ${CRED}Failed${CEND}" 30 | nReturn=$((nReturn + 1)) 31 | else 32 | echo -e "${CYELLOW}${sFile}:${CEND} ${CGREEN}Passed${CEND}" 33 | fi 34 | ;; 35 | esac 36 | done 37 | fi 38 | 39 | # Templates files called 40 | sLine="$(grep -rh --exclude-dir=ci --exclude-dir=.git "TEMPLATEs\|\${gsDirTemplates}" "${sDirToScan}"/ | grep -v 'shellcheck')" 41 | if [ -n "${sLine}" ]; then 42 | echo && echo -e "${CBLUE}*** Check for missing templates ***${CEND}" 43 | for sColumn in ${sLine}; do 44 | sColumn="$(echo "${sColumn}" | sed "s/\"//g;s/'//g;s/)//g;s/;//g;")" 45 | if [ -n "${sColumn}" ]; then 46 | if (grep -q '.tmpl' <<<"${sColumn}"); then 47 | if (grep -q 'TEMPLATEs' <<<"${sColumn}"); then 48 | sTemplate="$(echo "${sColumn}" | cut -d '/' -f 6)" 49 | if [ -n "${sTemplate}" ]; then 50 | sFile="$(find "${sDirToScan}"/root/TEMPLATEs/ -type f -name "${sTemplate}")" 51 | for FILE in ${sFiles}; do 52 | if [ -n "${FILE}" ] && [ -f "${FILE}" ]; then 53 | echo -e "${CYELLOW}${sTemplate}:${CEND} ${CGREEN}Passed${CEND}" 54 | else 55 | echo -e "${CYELLOW}${sTemplate}:${CEND} ${CRED}Failed${CEND}" 56 | nReturn=$((nReturn + 1)) 57 | fi 58 | done 59 | fi 60 | elif (grep -q "\${gsDirTemplates}" <<<"${sColumn}"); then 61 | sTemplate="$(echo "${sColumn}" | cut -d '/' -f 3)" 62 | if [ -n "${sTemplate}" ]; then 63 | sFiles="$(find "${sDirToScan}"/root/TEMPLATEs/ -type f -name "${sTemplate}")" 64 | for FILE in ${sFiles}; do 65 | if [ -n "${FILE}" ] && [ -f "${FILE}" ]; then 66 | echo -e "${CYELLOW}${sTemplate}:${CEND} ${CGREEN}Passed${CEND}" 67 | else 68 | echo -e "${CYELLOW}${sTemplate}:${CEND} ${CRED}Failed${CEND}" 69 | nReturn=$((nReturn + 1)) 70 | fi 71 | done 72 | fi 73 | fi 74 | fi 75 | fi 76 | done 77 | fi 78 | 79 | export nReturn 80 | -------------------------------------------------------------------------------- /ci/scripts/99-end_script.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | if [ -z "${gbLoaded}" ] || [ "${gbLoaded}" -eq 0 ]; then 4 | # shellcheck source=ci/scripts/00-libs.sh 5 | . "/builds/${CI_PROJECT_PATH}/ci/scripts/00-libs.sh" 6 | fi 7 | 8 | if [ -n "${nReturn}" ]; then 9 | if [[ -f /.dockerenv ]]; then 10 | exit "${nReturn}" 11 | else 12 | return "${nReturn}" 13 | fi 14 | fi 15 | -------------------------------------------------------------------------------- /root/.bash_aliases: -------------------------------------------------------------------------------- 1 | # shellcheck shell=bash 2 | 3 | #### MyTomato 4 | # shellcheck source=root/SCRIPTs/inc/vars 5 | [ -f /opt/MyTomato/root/SCRIPTs/inc/vars ] && . /opt/MyTomato/root/SCRIPTs/inc/vars 6 | 7 | # enable color support of ls and also add handy aliases 8 | if [ -x /opt/bin/dircolors ]; then 9 | if test -r ~/.dircolors; then 10 | eval "$(dircolors -b ~/.dircolors)" 11 | else 12 | eval "$(dircolors -b)" 13 | fi 14 | alias ls='ls --color=auto' 15 | alias dir='dir --color=auto' 16 | alias vdir='vdir --color=auto' 17 | 18 | alias grep='grep --color=auto' 19 | alias fgrep='fgrep --color=auto' 20 | alias egrep='egrep --color=auto' 21 | fi 22 | 23 | # Commands 24 | alias ll='ls $LS_OPTIONS -l' 25 | alias l='ls $LS_OPTIONS -lA' 26 | alias l='ls -CF' 27 | alias ..='cd ..' 28 | alias ...='cd ../..' 29 | alias s='ssh -l root' 30 | 31 | # P2Partisan 32 | { 33 | [ "${gbP2Partisan_Enable}" -eq 1 ] 34 | [ -f /opt/MyTomato/P2Partisan/p2partisan.sh ] 35 | } && alias p2partisan='bash /opt/MyTomato/P2Partisan/p2partisan.sh' 36 | -------------------------------------------------------------------------------- /root/.bashrc: -------------------------------------------------------------------------------- 1 | # shellcheck shell=bash 2 | 3 | # ~/.bashrc: executed by bash(1) for non-login shells. 4 | # see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) 5 | # for examples 6 | 7 | # If not running interactively, don't do anything 8 | case $- in 9 | *i*) ;; 10 | *) return ;; 11 | esac 12 | 13 | # don't put duplicate lines or lines starting with space in the history. 14 | # See bash(1) for more options 15 | HISTCONTROL=ignoreboth 16 | 17 | # append to the history file, don't overwrite it 18 | shopt -s histappend 19 | 20 | # for setting history length see HISTSIZE and HISTFILESIZE in bash(1) 21 | HISTFILESIZE=4096 22 | HISTSIZE=4096 23 | 24 | # check the window size after each command and, if necessary, 25 | # update the values of LINES and COLUMNS. 26 | shopt -s checkwinsize 27 | 28 | # If set, the pattern "**" used in a pathname expansion context will 29 | # match all files and zero or more directories and subdirectories. 30 | shopt -s globstar 31 | 32 | # set a fancy prompt (non-color, unless we know we "want" color) 33 | case "$TERM" in 34 | xterm-color) color_prompt=yes ;; 35 | esac 36 | 37 | if [ "$color_prompt" = yes ]; then 38 | PS1='\[\033[01;31m\]\u\[\033[01;33m\]@\[\033[01;36m\]\h \[\033[01;33m\]\w \[\033[01;35m\]\$ \[\033[00m\]' 39 | else 40 | PS1='\u@\h:\w\$ ' 41 | fi 42 | unset color_prompt 43 | 44 | # If this is an xterm set the title to user@host:dir 45 | case "$TERM" in 46 | xterm* | rxvt*) 47 | PS1="\[\e]0;\u@\h: \w\a\]$PS1" 48 | ;; 49 | *) ;; 50 | 51 | esac 52 | 53 | # colored GCC warnings and errors 54 | export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01' 55 | 56 | #### MyTomato 57 | # shellcheck source=root/SCRIPTs/inc/vars 58 | [ -f /opt/MyTomato/root/SCRIPTs/inc/vars ] && . /opt/MyTomato/root/SCRIPTs/inc/vars 59 | 60 | # PATH 61 | export PATH=/opt/bin:/opt/sbin:/opt/usr/bin:/opt/usr/sbin:/bin:/sbin:/mmc/bin:/mmc/sbin:/mmc/usr/bin:/mmc/usr/sbin:/usr/bin:/usr/sbin:/home/root:/opt/etc/init.d/:${gsDirScripts} 62 | 63 | # Alias definitions. 64 | # You may want to put all your additions into a separate file like 65 | # ~/.bash_aliases, instead of adding them here directly. 66 | # See /usr/share/doc/bash-doc/examples in the bash-doc package. 67 | # shellcheck source=root/.bash_aliases 68 | [ -f ~/.bash_aliases ] && . ~/.bash_aliases 69 | 70 | # Define localization 71 | export LANG="${gsLocales}.UTF-8" 72 | export LC_ALL="${gsLocales}.UTF-8" 73 | 74 | # .bash_aliases custom 75 | # shellcheck source=root/.bash_aliases 76 | [ -f "${gsDirOverLoad}/.bash_aliases" ] && . "${gsDirOverLoad}/.bash_aliases" 77 | 78 | # .bashrc custom 79 | # shellcheck source=root/.bash_aliases 80 | [ -f "${gsDirOverLoad}/.bashrc" ] && . "${gsDirOverLoad}/.bashrc" 81 | 82 | /usr/sbin/mymotd 83 | -------------------------------------------------------------------------------- /root/.inputrc: -------------------------------------------------------------------------------- 1 | # https://wiki.archlinux.org/index.php/Readline 2 | set meta-flag on 3 | set convert-meta off 4 | set output-meta on 5 | # Faster completion 6 | set show-all-if-unmodified off 7 | set show-all-if-ambiguous off 8 | # Color files by types 9 | set colored-stats On 10 | # Append char to indicate type 11 | set visible-stats On 12 | # Mark symlinked directories 13 | set mark-symlinked-directories On 14 | # Color the common prefix 15 | set colored-completion-prefix On 16 | # Color the common prefix in menu-complete 17 | set menu-complete-display-prefix On 18 | 19 | "\e[1;5D": backward-word 20 | "\e[1;5C": forward-word 21 | "\e[1~": beginning-of-line 22 | "\e[4~": end-of-line 23 | "\e[7~": beginning-of-line 24 | "\e[8~": end-of-line 25 | "\eOH": beginning-of-line 26 | "\eOF": end-of-line 27 | "\e[H": beginning-of-line 28 | "\e[F": end-of-line 29 | -------------------------------------------------------------------------------- /root/.profile: -------------------------------------------------------------------------------- 1 | # shellcheck shell=bash 2 | # shellcheck disable=SC1091 3 | 4 | [ -f /opt/etc/profile ] && . /opt/etc/profile 5 | BASH_VERSION="$(bash --version 2>/dev/null | head -n 1)" 6 | 7 | export BASH_VERSION 8 | export TERM=xterm-color 9 | 10 | if [ -n "$BASH_VERSION" ]; then 11 | bash 12 | fi 13 | 14 | exit 15 | -------------------------------------------------------------------------------- /root/.screenrc: -------------------------------------------------------------------------------- 1 | # $Id: screenrc,v 1.15 2003/10/08 11:39:03 zal Exp $ 2 | # 3 | # This is the system wide screenrc. 4 | # 5 | # You can use this file to change the default behavior of screen system wide 6 | # or copy it to ~/.screenrc and use it as a starting point for your own 7 | # settings. 8 | # 9 | # Commands in this file are used to set options, bind screen functions to 10 | # keys, redefine terminal capabilities, and to automatically establish one or 11 | # more windows at the beginning of your screen session. 12 | # 13 | # This is not a comprehensive list of options, look at the screen manual for 14 | # details on everything that you can put in this file. 15 | # 16 | 17 | # ------------------------------------------------------------------------------ 18 | # SCREEN SETTINGS 19 | # ------------------------------------------------------------------------------ 20 | 21 | # Turn off the welcome message 22 | startup_message off 23 | #nethack on 24 | 25 | #defflow on # will force screen to process ^S/^Q 26 | deflogin on 27 | #autodetach off 28 | 29 | # turn visual bell on 30 | vbell off 31 | vbell_msg " Wuff ---- Wuff!! " 32 | 33 | # Set scrollback buffer to 10000 34 | defscrollback 10000 35 | 36 | # ------------------------------------------------------------------------------ 37 | # SCREEN KEYBINDINGS 38 | # ------------------------------------------------------------------------------ 39 | 40 | # Remove some stupid / dangerous key bindings 41 | bind ^k 42 | #bind L 43 | bind ^\ 44 | # Make them better 45 | bind \\ quit 46 | bind K kill 47 | bind I login on 48 | bind O login off 49 | bind } history 50 | 51 | # An example of a "screen scraper" which will launch urlview on the current 52 | # screen window 53 | # 54 | #bind ^B eval "hardcopy_append off" "hardcopy -h $HOME/.screen-urlview" "screen urlview $HOME/.screen-urlview" 55 | 56 | # ------------------------------------------------------------------------------ 57 | # TERMINAL SETTINGS 58 | # ------------------------------------------------------------------------------ 59 | 60 | # The vt100 description does not mention "dl". *sigh* 61 | termcapinfo vt100 dl=5\E[M 62 | 63 | # Customize the status line 64 | # turn sending of screen messages to hardstatus off 65 | hardstatus alwayslastline 66 | # Set the hardstatus prop on gui terms to set the titlebar/icon title 67 | termcapinfo xterm*|rxvt*|kterm*|Eterm* hs:ts=\E]0;:fs=\007:ds=\E]0;\007 68 | # use this for the hard status string 69 | #hardstatus string "%h%? users: %u%?" 70 | hardstatus string '%{= kG}[ %{G}%H %{g}][%= %{= kw}%?%-Lw%?%{r}(%{W}%n*%f%t%?(%u)%?%{r})%{w}%?%+Lw%?%?%= %{g}][%{B} %m-%d %{W}%c %{g}]' 71 | 72 | # An alternative hardstatus to display a bar at the bottom listing the 73 | # windownames and highlighting the current windowname in blue. (This is only 74 | # enabled if there is no hardstatus setting for your terminal) 75 | # 76 | #hardstatus lastline "%-Lw%{= BW}%50>%n%f* %t%{-}%+Lw%<" 77 | 78 | # set these terminals up to be 'optimal' instead of vt100 79 | termcapinfo xterm*|linux*|rxvt*|Eterm* OP 80 | 81 | # Change the xterm initialization string from is2=\E[!p\E[?3;4l\E[4l\E> 82 | # (This fixes the "Aborted because of window size change" konsole symptoms found 83 | # in bug #134198) 84 | termcapinfo xterm 'is=\E[r\E[m\E[2J\E[H\E[?7h\E[?1;4;6l' 85 | 86 | # To get screen to add lines to xterm's scrollback buffer, uncomment the 87 | # following termcapinfo line which tells xterm to use the normal screen buffer 88 | # (which has scrollback), not the alternate screen buffer. 89 | # 90 | #termcapinfo xterm|xterms|xs|rxvt ti@:te@ 91 | 92 | # Enable non-blocking mode to better cope with flaky ssh connections. 93 | defnonblock 5 94 | 95 | # ------------------------------------------------------------------------------ 96 | # STARTUP SCREENS 97 | # ------------------------------------------------------------------------------ 98 | 99 | # Example of automatically running some programs in windows on screen startup. 100 | # 101 | # The following will open top in the first window, an ssh session to monkey 102 | # in the next window, and then open mutt and tail in windows 8 and 9 103 | # respectively. 104 | # 105 | # screen top 106 | # screen -t monkey ssh monkey 107 | # screen -t mail 8 mutt 108 | # screen -t daemon 9 tail -f /var/log/daemon.log 109 | -------------------------------------------------------------------------------- /root/ConfigOverload/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/toulousain79/MyTomato/957c871a7d282fa569ee124ab227575c029ccc09/root/ConfigOverload/.gitkeep -------------------------------------------------------------------------------- /root/ISP/Orange/Orange_ISP.sh: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | #### Includes 4 | # shellcheck source=root/SCRIPTs/inc/vars 5 | . /opt/MyTomato/root/SCRIPTs/inc/vars 6 | # shellcheck source=root/SCRIPTs/inc/vars 7 | [ -f "${gsDirOverLoad}/vars" ] && . "${gsDirOverLoad}/vars" 8 | # shellcheck source=root/SCRIPTs/inc/funcs 9 | . /opt/MyTomato/root/SCRIPTs/inc/funcs 10 | 11 | ############################## 12 | 13 | [ -z "${gsOrange_FTI}" ] && { 14 | echo 15 | echo "'gsOrange_FTI' variable is not defined in '\"${gsDirOverLoad}/vars\"', aborting !" 16 | exit 1 17 | } 18 | 19 | (! df -h | grep -q '/opt') && { 20 | echo "ERROR: '/opt' not mounting" 21 | exit 1 22 | } 23 | 24 | #### Orange - DHCP Mode 25 | # https://lafibre.info/remplacer-livebox/tuto-mode-dhcp-sur-firmware-tomato/12/ 26 | 27 | ## Install neeeded tools 28 | # convert string to hexa 29 | if (opkg list-installed | grep -q 'xxd'); then 30 | opkg update 31 | opkg install xxd 32 | HEXA="$(xxd -p -u <<<"$(echo "${gsOrange_FTI}" | cut -d '/' -f 2)" | sed 's/0A$//')" 33 | else 34 | echo 35 | echo "'xxd' package is missing, aborting !" 36 | exit 1 37 | fi 38 | 39 | ## Basic > Network > WAN Settings 40 | nvram set wan_ppp_username="${gsOrange_FTI}" 41 | nvram set wan_proto=dhcp 42 | 43 | ## Advanced > Network > WAN Settings 44 | nvram set wan_iface=vlan832 45 | nvram set wan_ifname=vlan832 46 | nvram set wan_ifnameX=vlan2 47 | nvram set wan_ifnames=vlan832 48 | nvram set wandevs=vlan2 49 | nvram set vlan2vid=832 50 | nvram set vlan2tag=1 51 | 52 | ## Advanced -> DHCP/DNS -> DHCP Client (WAN) 53 | #nvram set dhcpc_custom="~u2014retries=2 ~u2014timeout=5 ~u2014tryagain=310" 54 | 55 | ## Adminsitration > Script > Init 56 | nvram get script_init >/tmp/script_init 57 | sed -i '/# Orange DHCP Mode/d' /tmp/script_init 58 | sed -i '/\/tmp\/sbin/d' /tmp/script_init 59 | sed -i '/udhcpc/d' /tmp/script_init 60 | { 61 | echo "# Orange DHCP Mode" 62 | echo "cp -R /sbin/ /tmp/sbin" 63 | echo "rm /tmp/sbin/udhcpc" 64 | echo "echo 'exec busybox udhcpc -O 0x4d -O 0x5a -x 0x4d:2b46535644534c5f6c697665626f782e496e7465726e65742e736f66746174686f6d652e4c697665626f7834 -x 0x5a:00000000000000000000001a0900000558010341010d6674692f${HEXA} \"\$*\"' >/tmp/sbin/udhcpc" 65 | echo "chmod +x /tmp/sbin/udhcpc" 66 | echo "mount --bind /tmp/sbin/ /sbin" 67 | } >>/tmp/script_init 68 | nvram set script_init="$(cat /tmp/script_init)" 69 | rm -f /tmp/script_init 70 | 71 | ## Adminsitration > Script > Firewall 72 | echo "### Version 17 20190117 73 | ### https://lafibre.info/remplacer-livebox/tuto-remplacer-la-livebox-par-un-routeur-dd-wrt-internet-tv/ 74 | 75 | ### Priorite / CoS pour Internet 76 | # File 0 (par defaut) pour le DHCP (raw-socket), file 1 pour le reste du trafic 77 | vconfig set_egress_map vlan832 0 6 78 | vconfig set_egress_map vlan832 1 0 79 | 80 | ### Support TV, priorite / CoS pour l'ensemble des files 81 | if ( nvram show |sort |grep 'vlan' |grep -q '840' ); then 82 | for i in \$(seq 0 7); do 83 | vconfig set_egress_map vlan840 \"\$i\" 5 84 | done 85 | fi 86 | 87 | ### On classe le trafic Internet dans les bonnes files 88 | # Tout le trafic priorite 1 (CoS 0) 89 | iptables -t mangle -A POSTROUTING -j CLASSIFY --set-class 0000:0001 90 | # Client DHCP non raw-socket (pas le cas de udhcpc) mais sert aussi pour le renew 91 | iptables -t mangle -A POSTROUTING -o vlan832 -p udp --dport 67 -j CLASSIFY --set-class 0000:0000" >/opt/etc/orange_ack_script_fire.sh 92 | 93 | nvram get script_fire >/tmp/script_fire 94 | sed -i '/orange_ack_script_fire/d' /tmp/script_fire 95 | echo "sh /opt/etc/orange_ack_script_fire.sh" >>/tmp/script_fire 96 | nvram set script_fire="$(cat /tmp/script_fire)" 97 | rm -f /tmp/script_fire 98 | 99 | ## Commit 100 | nvram commit 101 | 102 | ### Reboot needed 103 | echo 104 | echo 105 | echo "Please, reboot your router..." 106 | echo 107 | echo 108 | 109 | exit 0 110 | -------------------------------------------------------------------------------- /root/OpenVPN/client1/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/toulousain79/MyTomato/957c871a7d282fa569ee124ab227575c029ccc09/root/OpenVPN/client1/.gitkeep -------------------------------------------------------------------------------- /root/OpenVPN/client2/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/toulousain79/MyTomato/957c871a7d282fa569ee124ab227575c029ccc09/root/OpenVPN/client2/.gitkeep -------------------------------------------------------------------------------- /root/OpenVPN/client3/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/toulousain79/MyTomato/957c871a7d282fa569ee124ab227575c029ccc09/root/OpenVPN/client3/.gitkeep -------------------------------------------------------------------------------- /root/OpenVPN/server1/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/toulousain79/MyTomato/957c871a7d282fa569ee124ab227575c029ccc09/root/OpenVPN/server1/.gitkeep -------------------------------------------------------------------------------- /root/OpenVPN/server2/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/toulousain79/MyTomato/957c871a7d282fa569ee124ab227575c029ccc09/root/OpenVPN/server2/.gitkeep -------------------------------------------------------------------------------- /root/SCRIPTs/Environment_Config.sh: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | #### Includes 4 | # shellcheck source=root/SCRIPTs/inc/vars 5 | . /opt/MyTomato/root/SCRIPTs/inc/vars 6 | # shellcheck source=root/SCRIPTs/inc/vars 7 | [ -f "${gsDirOverLoad}/vars" ] && . "${gsDirOverLoad}/vars" 8 | # shellcheck source=root/SCRIPTs/inc/funcs 9 | . /opt/MyTomato/root/SCRIPTs/inc/funcs 10 | 11 | ############################## 12 | 13 | #### TAG '/opt' and '/opt/var/log' with UUID to avoid deleting 14 | if [ -n "${gsUsbOptUuid}" ]; then 15 | if [ ! -f /opt/.uuid ] || [ "$(cat /opt/.uuid)" != "${gsUsbOptUuid}" ]; then 16 | echo "${gsUsbOptUuid}" >/opt/.uuid 17 | fi 18 | if [ ! -f /opt/root/.uuid ] || [ "$(cat /opt/root/.uuid)" != "${gsUsbOptUuid}" ]; then 19 | echo "${gsUsbOptUuid}" >/opt/root/.uuid 20 | fi 21 | if [ ! -f /opt/var/log/.uuid ] || [ "$(cat /opt/var/log/.uuid)" != "${gsUsbOptUuid}" ]; then 22 | echo "${gsUsbOptUuid}" >/opt/var/log/.uuid 23 | fi 24 | fi 25 | 26 | #### Prepare some files and directories #### 27 | # /opt/tmp 28 | if (! /opt/bin/mount -l | grep -q '/opt/tmp'); then 29 | mount -t tmpfs -o size=256M,mode=0755 tmpfs /opt/tmp/ 30 | cp -af /tmp/* /opt/tmp/ 31 | rm -rRf /tmp/* && rm -rRf /tmp/.??* 32 | /opt/bin/mount --bind /opt/tmp /tmp 33 | fi 34 | 35 | # /opt/var/log 36 | if (! /opt/bin/mount -l | grep -q '/tmp/var/log'); then 37 | if [ -f /tmp/var/log/messages ]; then 38 | gfnStartStopSyslogd 'stop' 39 | echo "$(/bin/date '+%a %b %d %T %Y') $(nvram get lan_hostname) user.notice | ${gsScriptName} | Copy /tmp/var/log/messages to /opt/var/log/messages" >>/opt/var/log/messages 40 | cat /tmp/var/log/messages >>/opt/var/log/messages 41 | if [ ! -f /tmp/var/log/.uuid ]; then 42 | echo "$(/bin/date '+%a %b %d %T %Y') $(nvram get lan_hostname) user.notice | ${gsScriptName} | Clean /tmp/var/log/" >>/opt/var/log/messages 43 | rm -rRf /tmp/var/log/* && rm -rRf /tmp/var/log/.??* 44 | fi 45 | echo "$(/bin/date '+%a %b %d %T %Y') $(nvram get lan_hostname) user.notice | ${gsScriptName} | Mount /opt/var/log to /tmp/var/log" >>/opt/var/log/messages 46 | /opt/bin/mount --bind /opt/var/log /tmp/var/log 47 | gfnStartStopSyslogd 'start' 48 | fi 49 | fi 50 | 51 | # /opt/root 52 | if (! /opt/bin/mount -l | grep -q '/tmp/home/root'); then 53 | if [ ! -f /tmp/home/root/.uuid ]; then 54 | logger -p user.notice "| ${gsScriptName} | Clean /tmp/home/root/" 55 | rm -rRf /tmp/home/root/* && rm -rRf /tmp/home/root/.??* 56 | fi 57 | if [ ! -f /opt/root/.uuid ]; then 58 | logger -p user.notice "| ${gsScriptName} | Clean /opt/root/" 59 | rm -rRf /opt/root/* && rm -rRf /opt/root/.??* 60 | fi 61 | logger -p user.notice "| ${gsScriptName} | Mount /opt/MyTomato/root to /tmp/home/root" 62 | /opt/bin/mount --bind /opt/MyTomato/root /tmp/home/root 63 | fi 64 | 65 | #### Create /opt/.autorun script 66 | cp -v "${gsDirTemplates}"/.autorun.tmpl /opt/.autorun 67 | chmod +x /opt/.autorun 68 | 69 | #### rc.unslung / rc.func 70 | # Create a backup of original files 71 | { [ -f /opt/etc/init.d/rc.unslung ] && [ ! -f "${gsDirBackups}/rc.unslung.original" ]; } && 72 | cp /opt/etc/init.d/rc.unslung "${gsDirBackups}/rc.unslung.original" 73 | { [ -f /opt/etc/init.d/rc.func ] && [ ! -f "${gsDirBackups}/rc.func.original" ]; } && 74 | cp /opt/etc/init.d/rc.func "${gsDirBackups}/rc.func.original" 75 | # Replace original scripts by the templates 76 | [ -f "${gsDirTemplates}/init/rc.unslung.tmpl" ] && cp "${gsDirTemplates}/init/rc.unslung.tmpl" /opt/etc/init.d/rc.unslung 77 | [ -f "${gsDirTemplates}/init/rc.func.tmpl" ] && cp "${gsDirTemplates}/init/rc.func.tmpl" /opt/etc/init.d/rc.func 78 | chmod +x /opt/etc/init.d/* 79 | 80 | #### /opt/etc/init/SXX 81 | /opt/bin/find "${gsDirTemplates}/init/" -name "*.tmpl" -exec bash -c 'i="$1"; cp -v "${i}" /opt/etc/init.d/$(basename $(echo "${i}" | sed "s/.tmpl//g;"))' _ {} \; 82 | chmod +x /opt/etc/init.d/* 83 | 84 | #### Replace binaries with aliases 85 | if [ -d /opt/bin/ ]; then 86 | # Create an empty file if needed 87 | [ ! -f "${gsDirOverLoad}/.bash_aliases" ] && touch "${gsDirOverLoad}/.bash_aliases" 88 | 89 | # Add some aliases manualy 90 | (! grep -q 'vi=' "${gsDirOverLoad}/.bash_aliases") && 91 | { 92 | echo "alias vi='/opt/bin/vim'" 93 | } >"${gsDirOverLoad}/.bash_aliases" 94 | 95 | # Generate aliases list 96 | for bin in $(/opt/bin/find /opt/bin/ /opt/sbin/ -type f ! -type d -perm '-u+x' | grep -v '[0-9*]\.' | sort); do 97 | # Ignore links 98 | [ -h "${bin}" ] && continue 99 | [ "$(whereis "${bin}" | awk '{ print $2 }')" == "${bin}" ] || continue 100 | 101 | (! grep -q "${bin}" "${gsDirOverLoad}/.bash_aliases") && 102 | echo "alias $(echo "${bin}" | cut -d '/' -f 4)='${bin}'" >>"${gsDirOverLoad}/.bash_aliases" 103 | done 104 | cat "${gsDirOverLoad}/.bash_aliases" >>/tmp/to_syslog 105 | fi 106 | 107 | #### Add bash to shells 108 | (! grep -q '/bin/bash' /opt/etc/shells) && echo "/bin/bash" >>/opt/etc/shells 109 | (! grep -q '/opt/bin/bash' /opt/etc/shells) && echo "/opt/bin/bash" >>/opt/etc/shells 110 | cat /opt/etc/shells >>/tmp/to_syslog 111 | 112 | #### /etc/group 113 | [ ! -f /opt/etc/group ] && cp -fv /etc/group /opt/etc/group 114 | [ -f /opt/etc/group ] && (! grep -q 'mlocate' /opt/etc/group) && echo "mlocate:x:111:" >>/opt/etc/group 115 | cat /opt/etc/group >>/tmp/to_syslog 116 | 117 | #### Purge LOGs files (internal use) 118 | [ -n "${gsDirLogs}" ] && /opt/bin/find "${gsDirLogs}/" -type f -mtime +30 -exec rm -vf {} \; >>/tmp/to_syslog 119 | [ -n "${gsDirBackups}" ] && /opt/bin/find "${gsDirBackups}/" -type f -mtime +30 -exec rm -vf {} \; >>/tmp/to_syslog 120 | 121 | #### Copy back local logs to Syslog 122 | gfnCopyToSyslog 123 | 124 | #### Locales 125 | if [ -n "${gsLocales}" ]; then 126 | logger -p user.notice "| ${gsScriptName} | Add locales '${gsLocales}'" 127 | /opt/bin/localedef.new -c -f UTF-8 -i "${gsLocales}" "${gsLocales}.UTF-8" 128 | fi 129 | if [ -n "${gsTimezone}" ]; then 130 | logger -p user.notice "| ${gsScriptName} | Add timezone '${gsTimezone}'" 131 | ln -sf /opt/share/zoneinfo/"${gsTimezone}" /opt/etc/localtime 132 | fi 133 | 134 | exit 0 135 | -------------------------------------------------------------------------------- /root/SCRIPTs/Load_ArmExtras.sh: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | #### Includes 4 | # shellcheck source=root/SCRIPTs/inc/vars 5 | . /opt/MyTomato/root/SCRIPTs/inc/vars 6 | # shellcheck source=root/SCRIPTs/inc/vars 7 | [ -f "${gsDirOverLoad}/vars" ] && . "${gsDirOverLoad}/vars" 8 | # shellcheck source=root/SCRIPTs/inc/funcs 9 | . /opt/MyTomato/root/SCRIPTs/inc/funcs 10 | 11 | ############################## 12 | 13 | if [ -n "${gsUrlArmExtras}" ]; then 14 | logger -p user.notice "| ${gsScriptName} | Get ${gsUrlArmExtras}" 15 | ${binCurl} "${gsUrlArmExtras}" -o "/tmp/arm-extras.tar.gz" 16 | fi 17 | 18 | if [ -f "/tmp/arm-extras.tar.gz" ]; then 19 | logger -p user.notice "| ${gsScriptName} | Untar /tmp/arm-extras.tar.gz" 20 | if [ -f "/tmp/arm-extras.tar.gz" ]; then 21 | sSubDir="$(tar -ztf "/tmp/arm-extras.tar.gz" | cut -d '/' -f 1 | head -n 1)" 22 | tar -zxf "/tmp/arm-extras.tar.gz" -C "/tmp/" 23 | rm -rf "${gsDirArmExtras}" 24 | mv "/tmp/${sSubDir}" "${gsDirArmExtras}" 25 | rm -f "/tmp/arm-extras.tar.gz" 26 | fi 27 | fi 28 | 29 | gfnLoadModules 'usb' 30 | gfnLoadModules 'nfs' 31 | 32 | exit 0 33 | -------------------------------------------------------------------------------- /root/SCRIPTs/Services_Start.sh: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | #### Includes 4 | # shellcheck source=root/SCRIPTs/inc/vars 5 | . /opt/MyTomato/root/SCRIPTs/inc/vars 6 | # shellcheck source=root/SCRIPTs/inc/vars 7 | [ -f "${gsDirOverLoad}/vars" ] && . "${gsDirOverLoad}/vars" 8 | # shellcheck source=root/SCRIPTs/inc/funcs 9 | . /opt/MyTomato/root/SCRIPTs/inc/funcs 10 | 11 | ############################## 12 | 13 | #### STOP all services #### 14 | bash "${gsDirScripts}/Services_Stop.sh" 15 | 16 | #### SysLog #### 17 | gfnStartStopSyslogd 'start' 18 | 19 | #### EntWare Services #### 20 | gfnEntwareServices "start" 21 | 22 | #### P2Partisan 23 | gfnP2pArtisanStartStop 24 | 25 | exit 0 26 | -------------------------------------------------------------------------------- /root/SCRIPTs/Services_Stop.sh: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | #### Includes 4 | # shellcheck source=root/SCRIPTs/inc/vars 5 | . /opt/MyTomato/root/SCRIPTs/inc/vars 6 | # shellcheck source=root/SCRIPTs/inc/vars 7 | [ -f "${gsDirOverLoad}/vars" ] && . "${gsDirOverLoad}/vars" 8 | # shellcheck source=root/SCRIPTs/inc/funcs 9 | . /opt/MyTomato/root/SCRIPTs/inc/funcs 10 | 11 | ############################## 12 | 13 | #### EntWare Services 14 | gfnEntwareServices "stop" 15 | 16 | #### P2Partisan 17 | [ -f /opt/MyTomato/P2Partisan/p2partisan.sh ] && /opt/MyTomato/P2Partisan/p2partisan.sh stop 18 | 19 | #### SFTP 20 | [ -n "$(pidof sftp-server)" ] && killall sftp-server >/dev/null 21 | 22 | exit 0 23 | -------------------------------------------------------------------------------- /root/SCRIPTs/USB_AfterMounting.sh: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | #### Restore last date time 4 | fake-hwclock load force 5 | 6 | #### Includes 7 | # shellcheck source=root/SCRIPTs/inc/vars 8 | . /opt/MyTomato/root/SCRIPTs/inc/vars 9 | # shellcheck source=root/SCRIPTs/inc/vars 10 | [ -f "${gsDirOverLoad}/vars" ] && . "${gsDirOverLoad}/vars" 11 | # shellcheck source=root/SCRIPTs/inc/funcs 12 | . /opt/MyTomato/root/SCRIPTs/inc/funcs 13 | 14 | ############################## 15 | 16 | #### Lock file 17 | [ ! -f /tmp/"${gsScriptName}".lock ] && touch /tmp/"${gsScriptName}".lock || exit 0 18 | 19 | #### Sync time 20 | gfnNtpUpdate 21 | 22 | #### Creating directories 23 | [ ! -d "${gsDirLogs}" ] && mkdir -pv "${gsDirLogs}" 24 | [ ! -d "${gsDirBackups}" ] && mkdir -pv "$gsDirBackups" 25 | [ ! -d "${gsDirArmExtras}" ] && mkdir -pv "${gsDirArmExtras}" 26 | 27 | #### SCRIPTs 28 | chmod +x "${gsDirScripts}"/* 29 | 30 | #### Restore config if needed 31 | if [ -z "$(nvram get mytomato_config_save)" ]; then 32 | sLastConfig="$(find "${gsDirBackups}"/ -type f -name "MyTomato_*.cfg" -exec ls -A1t {} + | head -1)" 33 | if [ -n "${sLastConfig}" ] && [ -f "${sLastConfig}" ]; then 34 | (nvram restore "${sLastConfig}") && reboot 35 | fi 36 | fi 37 | 38 | #### NVRAM settings 39 | gfnNvramUpdate 'fstab' 40 | gfnNvramUpdate 'dnsmasq' 41 | gfnNvramUpdate 'dns_wan1' 42 | 43 | #### Environment Config (/opt/root, /opt/var/log, ...) 44 | bash "${gsDirScripts}/Environment_Config.sh" 45 | 46 | #### P2Partisan install 47 | if [ ! -f /opt/MyTomato/P2Partisan/p2partisan.sh ] && [ "${gbP2Partisan_Enable}" -eq 1 ]; then 48 | logger -p user.notice "| ${gsScriptName} | Start P2Partisan installation" 49 | gfnP2pArtisanStartStop 50 | logger -p user.notice "| ${gsScriptName} | End of P2Partisan installation" 51 | fi 52 | 53 | #### DNScrypt install 54 | gfnInstallDnscryptProxy 55 | 56 | #### Loading Additional modules 57 | bash "${gsDirScripts}/Load_ArmExtras.sh" 58 | 59 | #### Services 60 | bash "${gsDirScripts}/Services_Start.sh" 61 | 62 | #### NVRAM config save 63 | gfnNvramSave 64 | 65 | #### Lock file 66 | [ -f /tmp/"${gsScriptName}".lock ] && rm /tmp/"${gsScriptName}".lock 67 | 68 | exit 0 69 | -------------------------------------------------------------------------------- /root/SCRIPTs/USB_BeforeUnmounting.sh: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | #### Includes 4 | # shellcheck source=root/SCRIPTs/inc/vars 5 | . /opt/MyTomato/root/SCRIPTs/inc/vars 6 | # shellcheck source=root/SCRIPTs/inc/vars 7 | [ -f "${gsDirOverLoad}/vars" ] && . "${gsDirOverLoad}/vars" 8 | # shellcheck source=root/SCRIPTs/inc/funcs 9 | . /opt/MyTomato/root/SCRIPTs/inc/funcs 10 | 11 | ############################## 12 | 13 | #### Lock file 14 | [ ! -f /tmp/"${gsScriptName}".lock ] && touch "${gsScriptName}".lock || exit 0 15 | 16 | #### NVRAM settings 17 | gfnNvramUpdate 'dns_wan1' 'get' 18 | 19 | #### Stop all services 20 | bash "${gsDirScripts}/Services_Stop.sh" 21 | 22 | #### Keep date time 23 | fake-hwclock save 24 | 25 | #### NVRAM save 26 | gfnNvramSave 27 | 28 | #### Umount if possible 29 | # /tmp/var/log 30 | (/opt/bin/mount -l | grep -q '/tmp/var/log') && /opt/bin/umount -v /tmp/var/log 31 | (/opt/bin/mount -l | grep -q '/tmp/var/log') && /opt/bin/umount -vf /tmp/var/log 32 | (/opt/bin/mount -l | grep -q '/tmp/var/log') && /opt/bin/umount -vl /tmp/var/log 33 | # /tmp/home/root 34 | (/opt/bin/mount -l | grep -q '/tmp/home/root') && /opt/bin/umount -v /tmp/home/root 35 | (/opt/bin/mount -l | grep -q '/tmp/home/root') && /opt/bin/umount -vf /tmp/home/root 36 | (/opt/bin/mount -l | grep -q '/tmp/home/root') && /opt/bin/umount -vl /tmp/home/root 37 | # /opt/tmp 38 | if (/opt/bin/mount -l | grep -q '/opt/tmp'); then 39 | [ ! -d /opt/temp ] && mkdir /opt/temp 40 | cp -af /tmp/* /opt/temp/ 41 | /opt/bin/umount -v /tmp 42 | /opt/bin/umount -vf /tmp 43 | /opt/bin/umount -vl /tmp 44 | cp -af /opt/temp/* /tmp/ 45 | [ -d /opt/temp ] && rm -rf /opt/temp 46 | fi 47 | # /opt 48 | (/opt/bin/mount -l | grep -q '/opt') && /opt/bin/umount -v /opt 49 | (/opt/bin/mount -l | grep -q '/opt') && /opt/bin/umount -vf /opt 50 | (/opt/bin/mount -l | grep -q '/opt') && /opt/bin/umount -vl /opt 51 | 52 | #### Lock file 53 | [ -f /tmp/"${gsScriptName}".lock ] && rm "${gsScriptName}".lock 54 | 55 | #### Kill bash sessions 56 | for sPid in $(pidof bash); do kill -9 "${sPid}"; done 57 | 58 | ############################## 59 | -------------------------------------------------------------------------------- /root/SCRIPTs/Upgrade.sh: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | #### Includes 4 | # shellcheck source=root/SCRIPTs/inc/vars 5 | . /opt/MyTomato/root/SCRIPTs/inc/vars 6 | # shellcheck source=root/SCRIPTs/inc/vars 7 | [ -f "${gsDirOverLoad}/vars" ] && . "${gsDirOverLoad}/vars" 8 | # shellcheck source=root/SCRIPTs/inc/funcs 9 | . /opt/MyTomato/root/SCRIPTs/inc/funcs 10 | 11 | ############################## 12 | 13 | #### OPKG 14 | opkg update 15 | opkg upgrade 16 | 17 | logger -p user.notice "| ${gsScriptName} | EntWare generate pakages installed list" 18 | gsOpkgPackagesList="${gsDirLogs}/opkg_list-installed_${gdDateTime}.txt" 19 | opkg list-installed | awk '{ print $1 }' >"${gsOpkgPackagesList}" 20 | 21 | if [ -f "${gsOpkgPackagesList}" ]; then 22 | while read -r line; do 23 | sPackage="$(echo "${line}" | awk '{ print $1 }')" 24 | (! opkg list-installed | grep -q "${sPackage}") && opkg install "${sPackage}" \ 25 | logger -p user.notice "| ${gsScriptName} | EntWare install package '${sPackage}'" 26 | done <"${gsOpkgPackagesList}" 27 | fi 28 | 29 | #### MyTomato repo 30 | if [ "${gbRepoUpgrade_Enable:?}" -eq 1 ]; then 31 | [ -d "/opt/MyTomato" ] && cd "/opt/MyTomato" || exit 1 32 | logger -p user.notice "| ${gsScriptName} | Update /opt/MyTomato via GitHub" 33 | git fetch origin 34 | git reset --hard origin/master 35 | git config pull.rebase false 36 | git pull origin master 37 | fi 38 | 39 | #### DNScrypt-proxy v2 40 | if [ ! -d /opt/usr/local/dnscrypt-proxy ]; then 41 | logger -p user.notice "| ${gsScriptName} | Git clone https://github.com/jedisct1/dnscrypt-proxy.git" 42 | git clone git://github.com/jedisct1/dnscrypt-proxy.git "${gsDirDnscrypt:?}" 43 | else 44 | cd "${gsDirDnscrypt:?}" || exit 1 45 | logger -p user.notice "| ${gsScriptName} | Update ${gsDirDnscrypt} via GitHub" 46 | git fetch origin 47 | git reset --hard origin/master 48 | # git pull origin master 49 | [ -f "${gsDirDnscryptGen}"/generate-domains-blacklist.py ] && { 50 | mkdir -p "${gsDirOverLoad}"/dnscrypt/generate-domains-blacklists 51 | cp -v "${gsDirDnscryptGen}"/generate-domains-blacklist.py "${gsDirOverLoad}"/dnscrypt/generate-domains-blacklists/generate-domains-blacklist.py 52 | chmod +x "${gsDirOverLoad}"/dnscrypt/generate-domains-blacklists/generate-domains-blacklist.py 53 | } 54 | fi 55 | if [ -f "${gsDirOverLoad}"/dnscrypt/generate-domains-blacklists/generate-domains-blacklist.py ] && [ -f "${gsDirOverLoad}"/dnscrypt/generate-domains-blacklists/domains-blacklist.conf ]; then 56 | cd "${gsDirOverLoad}"/dnscrypt/generate-domains-blacklists/ || exit 1 57 | logger -p user.notice "| ${gsScriptName} | Generate 'blacklists.txt' with 'generate-domains-blacklist.py'" 58 | python generate-domains-blacklist.py -c domains-blacklist.conf >list.txt.tmp && mv -f list.txt.tmp blacklists.txt 59 | fi 60 | 61 | #### SCRIPTs 62 | logger -p user.notice "| ${gsScriptName} | Chmod +x to ${gsDirScripts}/*" 63 | chmod +x "${gsDirScripts}"/* 64 | logger -p user.notice "| ${gsScriptName} | Chmod +x to /opt/MyTomato/P2Partisan/p2partisan.sh" 65 | [ -f /opt/MyTomato/P2Partisan/p2partisan.sh ] && chmod +x /opt/MyTomato/P2Partisan/p2partisan.sh 66 | 67 | #### NVRAM save 68 | gfnNvramSave 69 | 70 | exit 0 71 | -------------------------------------------------------------------------------- /root/SCRIPTs/inc/funcs: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | #### NTP Update 4 | gfnNtpUpdate() { 5 | ntpdate -4 -p 1 -u 0.fr.pool.ntp.org 6 | } 7 | 8 | #### NVRAM save 9 | gfnNvramSave() { 10 | logger -p user.notice "| ${gsScriptName} | NVRAM config save to ${gsDirBackups}/MyTomato_${gdDateTime}.cfg" 11 | nvram set mytomato_config_save="${gdDateTime}" 12 | nvram commit 13 | nvram save "${gsDirBackups}/MyTomato_${gdDateTime}.cfg" >/dev/null 2>&1 14 | } 15 | 16 | #### NVRAM update 17 | gfnNvramUpdate() { 18 | local sValue sSwith nCommit 19 | nCommit=0 20 | 21 | [ -n "${1}" ] && sValue="${1}" || return 1 22 | sSwith="${2}" 23 | 24 | case "${sValue}" in 25 | 'fstab') 26 | nvram get script_init >/tmp/script_init 27 | (! grep -q 'LABEL=ENTWARE' /tmp/script_init) && { 28 | echo "echo \"LABEL=ENTWARE /opt ${FILESYSTEM} defaults,data=writeback,noatime,nodiratime 0 0\" >> /etc/fstab" >>/tmp/script_init 29 | nCommit=1 30 | } 31 | (! grep -q 'LABEL=SWAP' /tmp/script_init) && { 32 | echo 'echo "LABEL=SWAP none swap sw 0 0" > /etc/fstab' >>/tmp/script_init 33 | nCommit=1 34 | } 35 | (! grep -q 'dnsmasq-custom.conf' /tmp/script_init) && { 36 | echo "touch /etc/dnsmasq-custom.conf" >>/tmp/script_init 37 | nCommit=1 38 | } 39 | [ "${nCommit}" -eq 1 ] && nvram set script_init="$(cat /tmp/script_init)" 40 | rm -f /tmp/script_init 41 | ;; 42 | 'dnsmasq') 43 | nvram get dnsmasq_custom >/tmp/dnsmasq_custom 44 | (! grep -q 'log-async' /tmp/dnsmasq_custom) && { 45 | echo "log-async=20" >>/tmp/dnsmasq_custom 46 | nCommit=1 47 | } 48 | (! grep -q '/etc/dnsmasq-custom.conf' /tmp/dnsmasq_custom) && { 49 | echo "conf-file=/etc/dnsmasq-custom.conf" >>/tmp/dnsmasq_custom 50 | nCommit=1 51 | } 52 | if [ "${nCommit}" -eq 1 ]; then 53 | logger -p user.notice "| ${gsScriptName} | Set NVram dnsmasq_custom=\"$(cat /tmp/dnsmasq_custom)\"" 54 | nvram set dnsmasq_custom="$(cat /tmp/dnsmasq_custom)" 55 | service dnsmasq restart 56 | fi 57 | rm -f /tmp/dnsmasq_custom 58 | ;; 59 | 'dns_wan1') 60 | case "${sSwith}" in 61 | 'get') 62 | # WAN 1 DNS 63 | sWan1Dns="$(nvram get wan_dns)" 64 | if [ -n "${sWan1Dns}" ] && [ "${sWan1Dns}" != "${gsWan1_DNS}" ]; then 65 | # Backup custom vars file 66 | [ -f "${gsDirOverLoad}/vars" ] && cp "${gsDirOverLoad}/vars" "${gsDirBackups}/vars.${gdDateTime}" 67 | # Replace value in vars file 68 | logger -p user.notice "| ${gsScriptName} | Replace gsWan1_DNS FROM \"${gsWan1_DNS}\" to \"${sWan1Dns}\" in \"${gsDirOverLoad}/vars\"" 69 | nNumLine=$(grep 'gsWan1_DNS' -n -m 1 <"${gsDirOverLoad}/vars" | cut -d ':' -f 1) 70 | sed -i "${nNumLine}"s/.*/gsWan1_DNS=\""${sWan1Dns}"\"/ "${gsDirOverLoad}/vars" 71 | fi 72 | ;; 73 | *) 74 | sWan1Dns="$(nvram get wan_dns)" 75 | if [ "${sWan1Dns}" != "${gsWan1_DNS}" ]; then 76 | logger -p user.notice "| ${gsScriptName} | Set NVram wan_dns=\"${gsWan1_DNS}\"" 77 | nCommit=1 78 | nvram set wan_dns="${gsWan1_DNS}" 79 | fi 80 | ;; 81 | esac 82 | ;; 83 | esac 84 | 85 | [ "${nCommit}" -eq 1 ] && nvram commit 86 | } 87 | 88 | #### Start all Optware services 89 | gfnEntwareServices() { 90 | local sAction 91 | [ -n "${1}" ] && sAction="$(echo "${1}" | sed 's/^ //g;s/\s+$//g;')" 92 | 93 | # NFS 94 | # gfnInstallNfsServer 95 | # if [ -f /opt/etc/init.d/S57nfs-kernel-server ]; then 96 | # nNumLine=$(grep 'ENABLED' -n -m 1 >/opt/var/log/messages 159 | syslogd -L -s "$(nvram get log_file_size)" -O "$(nvram get log_file_path)" -b "$(nvram get log_file_keep)" 160 | fi 161 | ;; 162 | 'stop') 163 | if [ -n "$(pidof syslogd)" ]; then 164 | killall syslogd >/dev/null | echo "$(/bin/date '+%a %b %d %T %Y') $(nvram get lan_hostname) user.notice | Stop SysLog process" >>/opt/var/log/messages 165 | fi 166 | ;; 167 | *) return 1 ;; 168 | esac 169 | } 170 | 171 | #### Install DNScrypt-proxy 172 | gfnInstallDnscryptProxy() { 173 | #### AIO version 174 | if (nvram get os_version | grep -q 'AIO'); then 175 | nNumLine=$(grep 'gbDNScrypt_Enable' -n -m 1 <"${gsDirOverLoad}/vars" | cut -d ':' -f 1) 176 | sed -i "${nNumLine}"s/.*/gbDNScrypt_Enable=0/ "${gsDirOverLoad}/vars" 177 | if [ -f /opt/etc/init.d/S09dnscrypt-proxy2 ]; then 178 | nNumLine=$(grep 'ENABLED' -n -m 1 /dev/null); then 217 | # logger -p user.notice "| ${gsScriptName} | Start DNScrypt-proxy installation" 218 | # # Download latest release 219 | # sUrl="https://api.github.com/repos/jedisct1/dnscrypt-proxy/releases/latest" 220 | # for sFile in $(${binCurl} ${sUrl} |jq -r ".assets[] | select(.name | contains(\"linux_arm-\")) | .browser_download_url"); do 221 | # if (! grep -q 'minisig' <<< "${sFile}"); then 222 | # sTarGz="$(basename "${gsDirBackups}/${sFile##*/}")" 223 | # ${binCurl} "${sFile}" -o "${gsDirBackups}/${sTarGz}" 224 | # fi 225 | # done 226 | # # Extract it 227 | # sSubDir="$(tar -ztf "${gsDirBackups}/${sTarGz}" | cut -d '/' -f 1 | uniq)" 228 | # tar -zxf "${gsDirBackups}/${sTarGz}" -C /tmp/ 229 | # mv -v "/tmp/$sSubDir/dnscrypt-proxy" /opt/sbin/dnscrypt-proxy 230 | # chmod +x /opt/sbin/dnscrypt-proxy 231 | # # Copy back examples files in conf overload dir 232 | # find "/tmp/$sSubDir/" -name "example*.toml" -exec bash -c 'i="$1"; mv -v "$i" ${gsDirBackups}/$(basename $(echo "$1" | sed "s/example-//g;"))' _ {} \; 233 | # find "/tmp/$sSubDir/" -name "example*.txt" -exec bash -c 'i="$1"; mv -v "$i" ${gsDirBackups}/$(basename $(echo "$1" | sed "s/example-/dnscrypt./g;"))' _ {} \; 234 | # logger -p user.notice "| ${gsScriptName} | End of DNScrypt-proxy installation" 235 | # fi 236 | 237 | #### Files 238 | # Create logs directory 239 | [ ! -d /opt/var/log/dnscrypt ] && mkdir -p /opt/var/log/dnscrypt 240 | # Create custom config directory 241 | [ ! -d "${gsDirOverLoad}/dnscrypt/" ] && mkdir -p "${gsDirOverLoad}/dnscrypt/" 242 | 243 | # Create a backup of original file: /opt/etc/init.d/S09dnscrypt-proxy2 244 | { [ -f /opt/etc/init.d/S09dnscrypt-proxy2 ] && [ ! -f "${gsDirBackups}/S09dnscrypt-proxy2.original" ]; } && 245 | cp /opt/etc/init.d/S09dnscrypt-proxy2 "${gsDirBackups}/S09dnscrypt-proxy2.original" 246 | 247 | # Replace original init script by the template 248 | [ -f "${gsDirTemplates}/init/S09dnscrypt-proxy2.tmpl" ] && cp "${gsDirTemplates}/init/S09dnscrypt-proxy2.tmpl" /opt/etc/init.d/S09dnscrypt-proxy2 249 | 250 | # If exist, replace actual init script by cutom 251 | [ -f "${gsDirOverLoad}/S09dnscrypt-proxy2" ] && cp "${gsDirOverLoad}/S09dnscrypt-proxy2" /opt/etc/init.d/S09dnscrypt-proxy2 252 | chmod +x /opt/etc/init.d/S09dnscrypt-proxy2 253 | 254 | # Create a custom config file: dnscrypt-proxy.toml 255 | { [ -f "${gsDirTemplates}/dnscrypt/dnscrypt-proxy.toml.tmpl" ] && [ ! -f "${gsDirOverLoad}/dnscrypt/dnscrypt-proxy.toml" ]; } && 256 | cp "${gsDirTemplates}/dnscrypt/dnscrypt-proxy.toml.tmpl" "${gsDirOverLoad}/dnscrypt/dnscrypt-proxy.toml" 257 | 258 | # Create a backup of original file: /opt/etc/dnscrypt-proxy.toml 259 | { [ -f /opt/etc/dnscrypt-proxy.toml ] && [ ! -f "${gsDirBackups}/dnscrypt-proxy.toml.original" ]; } && 260 | cp /opt/etc/dnscrypt-proxy.toml "${gsDirBackups}/dnscrypt-proxy.toml.original" 261 | 262 | # Copy dnscrypt-proxy.toml from templates for next start 263 | [ -f "${gsDirTemplates}/dnscrypt/dnscrypt-proxy.toml.tmpl" ] && cp "${gsDirTemplates}/dnscrypt/dnscrypt-proxy.toml.tmpl" /opt/etc/dnscrypt-proxy.toml 264 | # If exist, use a custom dnscrypt-proxy.toml 265 | [ -f "${gsDirOverLoad}/dnscrypt/dnscrypt-proxy.toml" ] && cp "${gsDirOverLoad}/dnscrypt/dnscrypt-proxy.toml" /opt/etc/dnscrypt-proxy.toml 266 | 267 | # Blocklists 268 | if (! find "${gsDirOverLoad}/dnscrypt/"*.txt &>/dev/null); then 269 | find "${gsDirTemplates}/dnscrypt/" -name "*.txt.tmpl" -exec bash -c 'i="$1"; mv "$i" ${gsDirOverLoad}/dnscrypt/$(basename $(echo "$1" | sed "s/.tmpl//g;"))' _ {} \; 270 | fi 271 | # Blocklists - generate-domains-blacklists 272 | mkdir -p "${gsDirOverLoad}"/dnscrypt/generate-domains-blacklists 273 | if (! find "${gsDirOverLoad}"/dnscrypt/generate-domains-blacklists/*.txt &>/dev/null); then 274 | find "${gsDirTemplates}/dnscrypt/generate-domains-blacklists/" -name "*.txt.tmpl" -exec bash -c 'i="$1"; mv "$i" ${gsDirOverLoad}/dnscrypt/generate-domains-blacklists/$(basename $(echo "$1" | sed "s/.tmpl//g;"))' _ {} \; 275 | fi 276 | if (! find "${gsDirOverLoad}"/dnscrypt/generate-domains-blacklists/*.conf &>/dev/null); then 277 | find "${gsDirTemplates}/dnscrypt/generate-domains-blacklists/" -name "*.conf.tmpl" -exec bash -c 'i="$1"; mv "$i" ${gsDirOverLoad}/dnscrypt/generate-domains-blacklists/$(basename $(echo "$1" | sed "s/.tmpl//g;"))' _ {} \; 278 | fi 279 | # Blocklists - generate-domains-blacklists 280 | mkdir -p "${gsDirOverLoad}"/dnscrypt/generate-domains-blacklists 281 | if (! find "${gsDirOverLoad}"/dnscrypt/generate-domains-blacklists/*.txt &>/dev/null); then 282 | find "${gsDirTemplates}/dnscrypt/generate-domains-blacklists/" -name "*.txt.tmpl" -exec bash -c 'i="$1"; mv -v "$i" ${gsDirOverLoad}/dnscrypt/generate-domains-blacklists/$(basename $(echo "$1" | sed "s/.tmpl//g;"))' _ {} \; 283 | fi 284 | if (! find "${gsDirOverLoad}"/dnscrypt/generate-domains-blacklists/*.conf &>/dev/null); then 285 | find "${gsDirTemplates}/dnscrypt/generate-domains-blacklists/" -name "*.conf.tmpl" -exec bash -c 'i="$1"; mv -v "$i" ${gsDirOverLoad}/dnscrypt/generate-domains-blacklists/$(basename $(echo "$1" | sed "s/.tmpl//g;"))' _ {} \; 286 | fi 287 | } 288 | 289 | #### Install P2Partisan 290 | gfnP2pArtisanStartStop() { 291 | 292 | if [ "${gbP2Partisan_Enable}" -eq 1 ] && [ -f /opt/MyTomato/P2Partisan/p2partisan.sh ]; then 293 | #### Files 294 | # Create custom config directory 295 | [ ! -d "${gsDirOverLoad}/p2partisan/" ] && mkdir -p "${gsDirOverLoad}/p2partisan/" 296 | 297 | # Copy templates 298 | { [ -f "${gsDirTemplates}/p2partisan/blacklists.txt.tmpl" ] && [ ! -f /opt/MyTomato/P2Partisan/blacklists ]; } && 299 | cp "${gsDirTemplates}/p2partisan/blacklists.txt.tmpl" /opt/MyTomato/P2Partisan/blacklists 300 | { [ -f "${gsDirTemplates}/p2partisan/blacklist-custom.txt.tmpl" ] && [ ! -f /opt/MyTomato/P2Partisan/blacklist-custom ]; } && 301 | cp "${gsDirTemplates}/p2partisan/blacklist-custom.txt.tmpl" /opt/MyTomato/P2Partisan/blacklist-custom 302 | { [ -f "${gsDirTemplates}/p2partisan/greylist.txt.tmpl" ] && [ ! -f /opt/MyTomato/P2Partisan/greylist ]; } && 303 | cp "${gsDirTemplates}/p2partisan/greylist.txt.tmpl" /opt/MyTomato/P2Partisan/greylist 304 | { [ -f "${gsDirTemplates}/p2partisan/whitelist.txt.tmpl" ] && [ ! -f /opt/MyTomato/P2Partisan/whitelist ]; } && 305 | cp "${gsDirTemplates}/p2partisan/whitelist.txt.tmpl" /opt/MyTomato/P2Partisan/whitelist 306 | 307 | # Create custom lists 308 | { [ -f "${gsDirTemplates}/p2partisan/blacklists.txt.tmpl" ] && [ ! -f "${gsDirOverLoad}/p2partisan/blacklists" ]; } && 309 | cp "${gsDirTemplates}/p2partisan/blacklists.txt.tmpl" "${gsDirOverLoad}/p2partisan/blacklists" 310 | { [ -f "${gsDirTemplates}/p2partisan/blacklist-custom.txt.tmpl" ] && [ ! -f "${gsDirOverLoad}/p2partisan/blacklist-custom" ]; } && 311 | cp "${gsDirTemplates}/p2partisan/blacklist-custom.txt.tmpl" "${gsDirOverLoad}/p2partisan/blacklist-custom" 312 | { [ -f "${gsDirTemplates}/p2partisan/greylist.txt.tmpl" ] && [ ! -f "${gsDirOverLoad}/p2partisan/greylist" ]; } && 313 | cp "${gsDirTemplates}/p2partisan/greylist.txt.tmpl" "${gsDirOverLoad}/p2partisan/greylist" 314 | { [ -f "${gsDirTemplates}/p2partisan/whitelist.txt.tmpl" ] && [ ! -f "${gsDirOverLoad}/p2partisan/whitelist" ]; } && 315 | cp -v "${gsDirTemplates}/p2partisan/whitelist.txt.tmpl" "${gsDirOverLoad}/p2partisan/whitelist" 316 | 317 | # If exist, replace actual list by cutom 318 | [ -f "${gsDirOverLoad}/p2partisan/blacklists" ] && cp "${gsDirOverLoad}/p2partisan/blacklists" /opt/MyTomato/P2Partisan/blacklists 319 | [ -f "${gsDirOverLoad}/p2partisan/blacklist-custom" ] && cp "${gsDirOverLoad}/p2partisan/blacklist-custom" /opt/MyTomato/P2Partisan/blacklist-custom 320 | [ -f "${gsDirOverLoad}/p2partisan/greylist" ] && cp "${gsDirOverLoad}/p2partisan/greylist" /opt/MyTomato/P2Partisan/greylist 321 | [ -f "${gsDirOverLoad}/p2partisan/whitelist" ] && cp "${gsDirOverLoad}/p2partisan/whitelist" /opt/MyTomato/P2Partisan/whitelist 322 | 323 | # Create a symlink to /opt/usr/bin 324 | [ ! -h /opt/sbin/p2partisan.sh ] && ln -s /opt/MyTomato/P2Partisan/p2partisan.sh /opt/sbin/p2partisan.sh 325 | 326 | chmod +x /opt/MyTomato/P2Partisan/p2partisan.sh 327 | /opt/MyTomato/P2Partisan/p2partisan.sh restart 328 | elif [ "${gbP2Partisan_Enable}" -ne 1 ] && [ -f /opt/MyTomato/P2Partisan/p2partisan.sh ]; then 329 | chmod +x /opt/MyTomato/P2Partisan/p2partisan.sh 330 | /opt/MyTomato/P2Partisan/p2partisan.sh stop 331 | fi 332 | } 333 | 334 | #### Install NFS server 335 | gfnInstallNfsServer() { 336 | #### Install 337 | if (! opkg list-installed | grep -q 'nfs-kernel-server'); then 338 | if (opkg list | grep -q 'nfs-kernel-server'); then 339 | logger -p user.notice "| ${gsScriptName} | Start NFS Server installation" 340 | opkg install nfs-kernel-server nfs-kernel-server-utils 341 | logger -p user.notice "| ${gsScriptName} | End of NFS Server installation" 342 | fi 343 | fi 344 | 345 | #### Load modules 346 | gfnLoadModules 'nfs' 347 | 348 | #### Files 349 | # Replace original init script by the template 350 | [ -f "${gsDirTemplates}/init/S57nfs-kernel-server.tmpl" ] && cp "${gsDirTemplates}/init/S57nfs-kernel-server.tmpl" /opt/etc/init.d/S57nfs-kernel-server 351 | 352 | # /etc/services 353 | sed -i '/nfsd/d' /etc/services 354 | if (! grep -q 'nfs 2049/tcp' /etc/services); then 355 | nNumLine=$(grep 'upnp 1900/udp' -n -m 1 /dev/null | grep 'port=') 75 | gsP2Partisan_UdpPorts="" # Whitelist UDP ports separated by commas 76 | gsP2Partisan_TcpPorts="" # Whitelist TCP ports separated by commas 77 | 78 | # DNScrypt-proxy 79 | gbDNScrypt_Enable=1 # Off = 0 / On = 1 80 | gsWan1_DNS="84.200.69.80 84.200.70.40" # Quad 9 DNS; Add 1 or 2 IP address comma seperated. 81 | gsExternalDns="" # External DNS server like PiHole instead of local DNScrypt 82 | 83 | # Upgrade MyTomato from GitHub repository 84 | gbRepoUpgrade_Enable=1 # Off = 0 / On = 1 85 | 86 | #### Export 87 | export binCurl gsDirArmExtras gsUrlArmExtras gsLocales gsTimezone 88 | export gsScriptName gsDirRoot gsDirScripts gsDirOpenVpn gsDirBackups gsDirLogs gsDirTemplates gsDirOverLoad gsDirDnscrypt gsDirDnscryptGen 89 | export gsUsbFileSystem gsUsbOptUuid gsWan1_DNS gsExternalDns gsP2Partisan_UdpPorts gsP2Partisan_TcpPorts 90 | export gdDateTime 91 | export gbP2Partisan_Enable gbDNScrypt_Enable gbRepoUpgrade_Enable gbSyslog_Enable 92 | 93 | # shellcheck disable=SC1091 94 | [ -f "${gsDirOverLoad}"/vars ] && . "${gsDirOverLoad}"/vars 95 | -------------------------------------------------------------------------------- /root/TEMPLATEs/.autorun.tmpl: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | gdDateTime="$(date +%Y%m%d_%H%M)" 4 | 5 | #### Restore config if needed 6 | if [ -z "$(nvram get mytomato_config_save)" ]; then 7 | sLastConfig="$(find /mnt/ -name "MyTomato_*.cfg" -exec ls -A1t {} + | head -1)" 8 | if [ -n "${sLastConfig}" ] && [ -f "${sLastConfig}" ]; then 9 | nvram restore "${sLastConfig}" 10 | sleep 2 11 | nvram set mytomato_config_save="${gdDateTime:?}" 12 | nvram commit 13 | reboot 14 | fi 15 | fi 16 | 17 | exit 0 18 | -------------------------------------------------------------------------------- /root/TEMPLATEs/dnscrypt/blacklists.txt.tmpl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/toulousain79/MyTomato/957c871a7d282fa569ee124ab227575c029ccc09/root/TEMPLATEs/dnscrypt/blacklists.txt.tmpl -------------------------------------------------------------------------------- /root/TEMPLATEs/dnscrypt/dnscrypt-proxy.toml.tmpl: -------------------------------------------------------------------------------- 1 | # shellcheck disable=SC1073,SC1072,SC1020,SC1035 2 | ############################################## 3 | # # 4 | # dnscrypt-proxy configuration # 5 | # # 6 | ############################################## 7 | 8 | ## This is an example configuration file. 9 | ## You should adjust it to your needs, and save it as "dnscrypt-proxy.toml" 10 | ## 11 | ## Online documentation is available here: https://dnscrypt.info/doc 12 | 13 | ################################## 14 | # Global settings # 15 | ################################## 16 | 17 | ## List of servers to use 18 | ## 19 | ## Servers from the "public-resolvers" source (see down below) can 20 | ## be viewed here: https://dnscrypt.info/public-servers 21 | ## 22 | ## If this line is commented, all registered servers matching the require_* filters 23 | ## will be used. 24 | ## 25 | ## The proxy will automatically pick the fastest, working servers from the list. 26 | ## Remove the leading # first to enable this; lines starting with # are ignored. 27 | 28 | # server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare'] 29 | 30 | ## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6. 31 | ## Note: When using systemd socket activation, choose an empty set (i.e. [] ). 32 | 33 | listen_addresses = ['127.0.0.1:52', '[::1]:52'] 34 | 35 | ## Maximum number of simultaneous client connections to accept 36 | 37 | max_clients = 250 38 | 39 | ## Switch to a different system user after listening sockets have been created. 40 | ## Note (1): this feature is currently unsupported on Windows. 41 | ## Note (2): this feature is not compatible with systemd socket activation. 42 | ## Note (3): when using -pidfile, the PID file directory must be writable by the new user 43 | 44 | # user_name = 'nobody' 45 | 46 | ## Require servers (from static + remote sources) to satisfy specific properties 47 | 48 | # Use servers reachable over IPv4 49 | 50 | ipv4_servers = true 51 | 52 | # Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 connectivity 53 | 54 | ipv6_servers = false 55 | 56 | # Use servers implementing the DNSCrypt protocol 57 | 58 | dnscrypt_servers = true 59 | 60 | # Use servers implementing the DNS-over-HTTPS protocol (not available with OPKG binary) 61 | 62 | doh_servers = false 63 | 64 | ## Require servers defined by remote sources to satisfy specific properties 65 | 66 | # Server must support DNS security extensions (DNSSEC) 67 | 68 | require_dnssec = false 69 | 70 | # Server must not log user queries (declarative) 71 | 72 | require_nolog = true 73 | 74 | # Server must not enforce its own blacklist (for parental control, ads blocking...) 75 | 76 | require_nofilter = true 77 | 78 | # Server names to avoid even if they match all criteria 79 | 80 | disabled_server_names = [] 81 | 82 | ## Always use TCP to connect to upstream servers. 83 | ## This can be useful if you need to route everything through Tor. 84 | ## Otherwise, leave this to `false`, as it doesn't improve security 85 | ## (dnscrypt-proxy will always encrypt everything even using UDP), and can 86 | ## only increase latency. 87 | 88 | force_tcp = false 89 | 90 | ## SOCKS proxy 91 | ## Uncomment the following line to route all TCP connections to a local Tor node 92 | ## Tor doesn't support UDP, so set `force_tcp` to `true` as well. 93 | 94 | # proxy = "socks5://127.0.0.1:9050" 95 | 96 | ## HTTP/HTTPS proxy 97 | ## Only for DoH servers 98 | 99 | # http_proxy = "http://127.0.0.1:8888" 100 | 101 | ## How long a DNS query will wait for a response, in milliseconds 102 | 103 | timeout = 2500 104 | 105 | ## Keepalive for HTTP (HTTPS, HTTP/2) queries, in seconds 106 | 107 | keepalive = 30 108 | 109 | ## Use the REFUSED return code for blocked responses 110 | ## Setting this to `false` means that some responses will be lies. 111 | ## Unfortunately, `false` appears to be required for Android 8+ 112 | 113 | refused_code_in_responses = true 114 | 115 | ## Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random' 116 | 117 | lb_strategy = 'p2' 118 | 119 | ## Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors) 120 | 121 | log_level = 2 122 | 123 | ## log file for the application 124 | 125 | log_file = '/opt/var/log/dnscrypt/dnscrypt-proxy.log' 126 | 127 | ## Use the system logger (syslog on Unix, Event Log on Windows) 128 | 129 | use_syslog = true 130 | 131 | ## Delay, in minutes, after which certificates are reloaded 132 | 133 | cert_refresh_delay = 240 134 | 135 | ## DNSCrypt: Create a new, unique key for every single DNS query 136 | ## This may improve privacy but can also have a significant impact on CPU usage 137 | ## Only enable if you don't have a lot of network load 138 | 139 | # dnscrypt_ephemeral_keys = false 140 | 141 | ## DoH: Disable TLS session tickets - increases privacy but also latency 142 | 143 | tls_disable_session_tickets = false 144 | 145 | ## DoH: Use a specific cipher suite instead of the server preference 146 | ## 49199 = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 147 | ## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 148 | ## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 149 | ## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 150 | ## 151 | ## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...), 152 | ## the following suite improves performance. 153 | ## This may also help on Intel CPUs running 32-bit operating systems. 154 | ## 155 | ## Keep tls_cipher_suite empty if you have issues fetching sources or 156 | ## connecting to some DoH servers. Google and Cloudflare are fine with it. 157 | 158 | tls_cipher_suite = [52392, 49199] 159 | 160 | ## Fallback resolver 161 | ## This is a normal, non-encrypted DNS resolver, that will be only used 162 | ## for one-shot queries when retrieving the initial resolvers list, and 163 | ## only if the system DNS configuration doesn't work. 164 | ## No user application queries will ever be leaked through this resolver, 165 | ## and it will not be used after IP addresses of resolvers URLs have been found. 166 | ## It will never be used if lists have already been cached, and if stamps 167 | ## don't include host names without IP addresses. 168 | ## It will not be used if the configured system DNS works. 169 | ## A resolver supporting DNSSEC is recommended. This may become mandatory. 170 | ## 171 | ## People in China may need to use 114.114.114.114:53 here. 172 | ## Other popular options include 8.8.8.8 and 1.1.1.1. 173 | 174 | fallback_resolvers = '84.200.69.80:53' 175 | 176 | ## Never let dnscrypt-proxy try to use the system DNS settings; 177 | ## unconditionally use the fallback resolver. 178 | 179 | ignore_system_dns = false 180 | 181 | ## Maximum time (in seconds) to wait for network connectivity before 182 | ## initializing the proxy. 183 | ## Useful if the proxy is automatically started at boot, and network 184 | ## connectivity is not guaranteed to be immediately available. 185 | ## Use 0 to disable. 186 | 187 | netprobe_timeout = 60 188 | 189 | ## Offline mode - Do not use any remote encrypted servers. 190 | ## The proxy will remain fully functional to respond to queries that 191 | ## plugins can handle directly (forwarding, cloaking, ...) 192 | 193 | # offline_mode = false 194 | 195 | ## Automatic log files rotation 196 | 197 | # Maximum log files size in MB 198 | log_files_max_size = 10 199 | 200 | # How long to keep backup files, in days 201 | log_files_max_age = 7 202 | 203 | # Maximum log files backups to keep (or 0 to keep all backups) 204 | log_files_max_backups = 1 205 | 206 | ######################### 207 | # Filters # 208 | ######################### 209 | 210 | ## Immediately respond to IPv6-related queries with an empty response 211 | ## This makes things faster when there is no IPv6 connectivity, but can 212 | ## also cause reliability issues with some stub resolvers. 213 | ## Do not enable if you added a validating resolver such as dnsmasq in front 214 | ## of the proxy. 215 | 216 | block_ipv6 = false 217 | 218 | ################################################################################## 219 | # Route queries for specific domains to a dedicated set of servers # 220 | ################################################################################## 221 | 222 | ## Example map entries (one entry per line): 223 | ## example.com 9.9.9.9 224 | ## example.net 9.9.9.9,8.8.8.8,1.1.1.1 225 | 226 | # forwarding_rules = '/opt/MyTomato/root/ConfigOverload/dnscrypt/forwarding-rules.txt' 227 | 228 | ############################### 229 | # Cloaking rules # 230 | ############################### 231 | 232 | ## Cloaking returns a predefined address for a specific name. 233 | ## In addition to acting as a HOSTS file, it can also return the IP address 234 | ## of a different name. It will also do CNAME flattening. 235 | ## 236 | ## Example map entries (one entry per line) 237 | ## example.com 10.1.1.1 238 | ## www.google.com forcesafesearch.google.com 239 | 240 | # cloaking_rules = '/opt/MyTomato/root/ConfigOverload/dnscrypt/cloaking-rules.txt' 241 | 242 | ########################### 243 | # DNS cache # 244 | ########################### 245 | 246 | ## Enable a DNS cache to reduce latency and outgoing traffic 247 | 248 | cache = true 249 | 250 | ## Cache size 251 | 252 | cache_size = 512 253 | 254 | ## Minimum TTL for cached entries 255 | 256 | cache_min_ttl = 600 257 | 258 | ## Maximum TTL for cached entries 259 | 260 | cache_max_ttl = 86400 261 | 262 | ## Minimum TTL for negatively cached entries 263 | 264 | cache_neg_min_ttl = 60 265 | 266 | ## Maximum TTL for negatively cached entries 267 | 268 | cache_neg_max_ttl = 600 269 | 270 | ############################### 271 | # Query logging # 272 | ############################### 273 | 274 | ## Log client queries to a file 275 | 276 | [query_log] 277 | 278 | ## Path to the query log file (absolute, or relative to the same directory as the executable file) 279 | 280 | file = '/opt/var/log/dnscrypt/query.log' 281 | 282 | ## Query log format (currently supported: tsv and ltsv) 283 | 284 | format = 'tsv' 285 | 286 | ## Do not log these query types, to reduce verbosity. Keep empty to log everything. 287 | 288 | ignored_qtypes = ['DNSKEY', 'NS'] 289 | 290 | ############################################ 291 | # Suspicious queries logging # 292 | ############################################ 293 | 294 | ## Log queries for nonexistent zones 295 | ## These queries can reveal the presence of malware, broken/obsolete applications, 296 | ## and devices signaling their presence to 3rd parties. 297 | 298 | [nx_log] 299 | 300 | ## Path to the query log file (absolute, or relative to the same directory as the executable file) 301 | 302 | file = '/opt/var/log/dnscrypt/nx.log' 303 | 304 | ## Query log format (currently supported: tsv and ltsv) 305 | 306 | format = 'tsv' 307 | 308 | ###################################################### 309 | # Pattern-based blocking (blacklists) # 310 | ###################################################### 311 | 312 | ## Blacklists are made of one pattern per line. Example of valid patterns: 313 | ## 314 | ## example.com 315 | ## =example.com 316 | ## *sex* 317 | ## ads.* 318 | ## ads*.example.* 319 | ## ads*.example[0-9]*.com 320 | ## 321 | ## Example blacklist files can be found at https://download.dnscrypt.info/blacklists/ 322 | ## A script to build blacklists from public feeds can be found in the 323 | ## `utils/generate-domains-blacklists` directory of the dnscrypt-proxy source code. 324 | 325 | [blacklist] 326 | 327 | ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file) 328 | 329 | # blacklist_file = '/opt/MyTomato/root/ConfigOverload/dnscrypt/blacklists.txt' 330 | 331 | ## Optional path to a file logging blocked queries 332 | 333 | log_file = '/opt/var/log/dnscrypt/blocked.log' 334 | 335 | ## Optional log format: tsv or ltsv (default: tsv) 336 | 337 | log_format = 'tsv' 338 | 339 | ########################################################### 340 | # Pattern-based IP blocking (IP blacklists) # 341 | ########################################################### 342 | 343 | ## IP blacklists are made of one pattern per line. Example of valid patterns: 344 | ## 345 | ## 127.* 346 | ## fe80:abcd:* 347 | ## 192.168.1.4 348 | 349 | [ip_blacklist] 350 | 351 | ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file) 352 | 353 | # blacklist_file = '/opt/MyTomato/root/ConfigOverload/dnscrypt/ip_blacklist.txt' 354 | 355 | ## Optional path to a file logging blocked queries 356 | 357 | log_file = '/opt/var/log/dnscrypt/ip_blocked.log' 358 | 359 | ## Optional log format: tsv or ltsv (default: tsv) 360 | 361 | log_format = 'tsv' 362 | 363 | ###################################################### 364 | # Pattern-based whitelisting (blacklists bypass) # 365 | ###################################################### 366 | 367 | ## Whitelists support the same patterns as blacklists 368 | ## If a name matches a whitelist entry, the corresponding session 369 | ## will bypass names and IP filters. 370 | ## 371 | ## Time-based rules are also supported to make some websites only accessible at specific times of the day. 372 | 373 | [whitelist] 374 | 375 | ## Path to the file of whitelisting rules (absolute, or relative to the same directory as the executable file) 376 | 377 | # whitelist_file = '/opt/MyTomato/root/ConfigOverload/dnscrypt/whitelist.txt' 378 | 379 | ## Optional path to a file logging whitelisted queries 380 | 381 | log_file = '/opt/var/log/dnscrypt/whitelisted.log' 382 | 383 | ## Optional log format: tsv or ltsv (default: tsv) 384 | 385 | log_format = 'tsv' 386 | 387 | ########################################## 388 | # Time access restrictions # 389 | ########################################## 390 | 391 | ## One or more weekly schedules can be defined here. 392 | ## Patterns in the name-based blocklist can optionally be followed with @schedule_name 393 | ## to apply the pattern 'schedule_name' only when it matches a time range of that schedule. 394 | ## 395 | ## For example, the following rule in a blacklist file: 396 | ## *.youtube.* @time-to-sleep 397 | ## would block access to YouTube only during the days, and period of the days 398 | ## define by the 'time-to-sleep' schedule. 399 | ## 400 | ## {after='21:00', before= '7:00'} matches 0:00-7:00 and 21:00-0:00 401 | ## {after= '9:00', before='18:00'} matches 9:00-18:00 402 | 403 | [schedules] 404 | 405 | # [schedules.'time-to-sleep'] 406 | # mon = [{after='21:00', before='7:00'}] 407 | # tue = [{after='21:00', before='7:00'}] 408 | # wed = [{after='21:00', before='7:00'}] 409 | # thu = [{after='21:00', before='7:00'}] 410 | # fri = [{after='23:00', before='7:00'}] 411 | # sat = [{after='23:00', before='7:00'}] 412 | # sun = [{after='21:00', before='7:00'}] 413 | 414 | # [schedules.'work'] 415 | # mon = [{after='9:00', before='18:00'}] 416 | # tue = [{after='9:00', before='18:00'}] 417 | # wed = [{after='9:00', before='18:00'}] 418 | # thu = [{after='9:00', before='18:00'}] 419 | # fri = [{after='9:00', before='17:00'}] 420 | 421 | ######################### 422 | # Servers # 423 | ######################### 424 | 425 | ## Remote lists of available servers 426 | ## Multiple sources can be used simultaneously, but every source 427 | ## requires a dedicated cache file. 428 | ## 429 | ## Refer to the documentation for URLs of public sources. 430 | ## 431 | ## A prefix can be prepended to server names in order to 432 | ## avoid collisions if different sources share the same for 433 | ## different servers. In that case, names listed in `server_names` 434 | ## must include the prefixes. 435 | ## 436 | ## If the `urls` property is missing, cache files and valid signatures 437 | ## must be already present; This doesn't prevent these cache files from 438 | ## expiring after `refresh_delay` hours. 439 | 440 | [sources] 441 | 442 | ## An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers 443 | 444 | [sources.'public-resolvers'] 445 | urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'] 446 | cache_file = 'public-resolvers.md' 447 | minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' 448 | refresh_delay = 72 449 | prefix = 'public-' 450 | 451 | ## Quad9 over DNSCrypt - https://quad9.net/ 452 | 453 | [sources.quad9-resolvers] 454 | urls = ["https://www.quad9.net/quad9-resolvers.md"] 455 | minisign_key = "RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN" 456 | cache_file = "quad9-resolvers.md" 457 | refresh_delay = 72 458 | prefix = "quad9-" 459 | 460 | ## OpenNIC - https://download.dnscrypt.info/dnscrypt-resolvers/v2/opennic.md 461 | 462 | [sources.'opennic'] 463 | urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md', 'https://download.dnscrypt.info/resolvers-list/v2/opennic.md'] 464 | minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' 465 | cache_file = 'opennic.md' 466 | refresh_delay = 72 467 | prefix = "opennic-" 468 | 469 | ## Another example source, with resolvers censoring some websites not appropriate for children 470 | ## This is a subset of the `public-resolvers` list, so enabling both is useless 471 | 472 | # [sources.'parental-control'] 473 | # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md'] 474 | # cache_file = 'parental-control.md' 475 | # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' 476 | 477 | ## Optional, local, static list of additional servers 478 | ## Mostly useful for testing your own servers. 479 | 480 | [static] 481 | 482 | # [static.'google'] 483 | # stamp = 'sdns://AgUAAAAAAAAAAAAOZG5zLmdvb2dsZS5jb20NL2V4cGVyaW1lbnRhbA' 484 | -------------------------------------------------------------------------------- /root/TEMPLATEs/dnscrypt/forwarding-rules.txt.tmpl: -------------------------------------------------------------------------------- 1 | ################################## 2 | # Forwarding rules # 3 | ################################## 4 | 5 | ## This is used to route specific domain names to specific servers. 6 | ## The general format is: 7 | ## [:port] [, [:port]...] 8 | ## IPv6 addresses can be specified by enclosing the address in square brackets. 9 | 10 | ## In order to enable this feature, the "forwarding_rules" property needs to 11 | ## be set to this file name inside the main configuration file. 12 | 13 | ## Forward queries for example.com and *.example.com to 9.9.9.9 and 8.8.8.8 14 | # example.com 9.9.9.9,8.8.8.8 15 | -------------------------------------------------------------------------------- /root/TEMPLATEs/dnscrypt/generate-domains-blacklists/domains-blacklist-local-additions.txt.tmpl: -------------------------------------------------------------------------------- 1 | 2 | # Local set of patterns to block 3 | 4 | ad.* 5 | ads.* 6 | banner.* 7 | banners.* 8 | creatives.* 9 | oas.* 10 | oascentral.* 11 | stats.* 12 | tag.* 13 | telemetry.* 14 | tracker.* 15 | 16 | # My Macbook constantly sends a lot of useless queries to *.local, 17 | # so I block them. *.lan is apparently another common one, and 18 | # *.localdomain and *.workgroup are common on Windows. 19 | 20 | *.lan 21 | *.local 22 | *.localdomain 23 | *.workgroup 24 | 25 | # eth0.me is hardcoded in tools such as Archey, but is not available any 26 | # more, causing issues such as terminal sessions taking a long time to 27 | # start. 28 | 29 | eth0.me 30 | 31 | # ibpxl.com is a tracker that seems to frequently have issues, causing 32 | # page loads to stall. 33 | 34 | ibpxl.com 35 | 36 | # ditto for that one 37 | 38 | internetbrands.com 39 | -------------------------------------------------------------------------------- /root/TEMPLATEs/dnscrypt/generate-domains-blacklists/domains-blacklist.conf.tmpl: -------------------------------------------------------------------------------- 1 | 2 | ################################################################################## 3 | # # 4 | # Generate a black list of domains using public data sources, and the local # 5 | # domains-blacklist-local-additions.txt file. # 6 | # # 7 | # The default configuration is just indicative, and corresponds to the one # 8 | # used to produce the public "mybase" set. # 9 | # # 10 | # Comment out the URLs of the sources you wish to disable, leave the ones # 11 | # you would like enabled uncommented. Then run the script to build the # 12 | # dnscrypt-blacklist-domains.txt file: # 13 | # # 14 | # $ generate-domains-blacklist.py > dnscrypt-blacklist-domains.txt # 15 | # # 16 | # Domains that should never be blocked can be put into a file named # 17 | # domains-whitelist.txt. # 18 | # # 19 | # That blacklist file can then be used in the dnscrypt-proxy.toml file: # 20 | # # 21 | # [blacklist] # 22 | # # 23 | # blacklist_file = 'dnscrypt-blacklist-domains.txt' # 24 | # # 25 | ################################################################################## 26 | 27 | # Local additions 28 | # file:domains-blacklist-local-additions.txt 29 | 30 | # Bambenek malware C2s 31 | # https://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt 32 | 33 | # hpHosts’ Ad and tracking servers 34 | # https://hosts-file.net/ad_servers.txt 35 | 36 | # Malware domains 37 | # https://mirror1.malwaredomains.com/files/justdomains 38 | 39 | # Abuse.ch Ransomware Tracker 40 | # https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt 41 | 42 | # Malware Domain List 43 | # https://www.malwaredomainlist.com/mdlcsv.php?inactive=off 44 | 45 | # Adblock Warning Removal List 46 | # https://easylist-downloads.adblockplus.org/antiadblockfilters.txt 47 | 48 | # EasyList 49 | # https://easylist-downloads.adblockplus.org/easylist_noelemhide.txt 50 | 51 | # EasyList China 52 | # https://easylist-downloads.adblockplus.org/easylistchina.txt 53 | 54 | # RU AdList 55 | # https://easylist-downloads.adblockplus.org/advblock.txt 56 | 57 | # Fanboy’s Social Blocking List 58 | # https://easylist-downloads.adblockplus.org/fanboy-social.txt 59 | 60 | # Peter Lowe’s Ad and tracking server list 61 | # https://pgl.yoyo.org/adservers/serverlist.php 62 | 63 | # Spam404 64 | # https://raw.githubusercontent.com/Dawsey21/Lists/master/adblock-list.txt 65 | 66 | # CJX Annoyance List 67 | # https://raw.githubusercontent.com/cjx82630/cjxlist/master/cjxlist.txt 68 | 69 | # EU: Prebake - Filter Obtrusive Cookie Notices 70 | # https://raw.githubusercontent.com/liamja/Prebake/master/obtrusive.txt 71 | 72 | # Malvertising filter list by Disconnect 73 | # https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt 74 | 75 | # Malware filter list by Disconnect 76 | # https://s3.amazonaws.com/lists.disconnect.me/simple_malware.txt 77 | 78 | # Basic tracking list by Disconnect 79 | # https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt 80 | 81 | # Sysctl list (ads) 82 | # http://sysctl.org/cameleon/hosts 83 | 84 | # KAD host file (fraud/adware) - https://github.com/azet12/KADhosts 85 | # https://raw.githubusercontent.com/azet12/KADhosts/master/KADhosts.txt 86 | 87 | # BarbBlock list (spurious and invalid DMCA takedowns) 88 | # https://ssl.bblck.me/blacklists/domain-list.txt 89 | 90 | # Dan Pollock's hosts list 91 | # https://someonewhocares.org/hosts/hosts 92 | 93 | # NoTracking's list - blocking ads, trackers and other online garbage 94 | # https://raw.githubusercontent.com/notracking/hosts-blocklists/master/domains.txt 95 | 96 | # CoinBlockerLists: blocks websites serving cryptocurrency miners - https://gitlab.com/ZeroDot1/CoinBlockerLists/ - Contains false positives 97 | # https://gitlab.com/ZeroDot1/CoinBlockerLists/raw/master/list_browser.txt 98 | 99 | # Websites potentially publishing fake news 100 | # https://raw.githubusercontent.com/marktron/fakenews/master/fakenews 101 | 102 | # Quidsup NoTrack Blocklist - Contains too many false positives to be enabled by default 103 | # https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt 104 | 105 | # Quidsup Malware Blocklist - Contains too many false positives to be enabled by default 106 | # https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt 107 | 108 | # Dynamic DNS services, sadly often used by malware 109 | # https://mirror1.malwaredomains.com/files/dynamic_dns.txt 110 | 111 | # Block pornography 112 | # https://raw.githubusercontent.com/Clefspeare13/pornhosts/master/0.0.0.0/hosts 113 | # https://raw.githubusercontent.com/Sinfonietta/hostfiles/master/pornography-hosts 114 | 115 | # Block gambling sites 116 | # https://raw.githubusercontent.com/Sinfonietta/hostfiles/master/gambling-hosts 117 | 118 | # Block social media sites 119 | # https://raw.githubusercontent.com/Sinfonietta/hostfiles/master/social-hosts 120 | -------------------------------------------------------------------------------- /root/TEMPLATEs/dnscrypt/generate-domains-blacklists/domains-time-restricted.txt.tmpl: -------------------------------------------------------------------------------- 1 | ## Rules to be applied at specific times 2 | ## 3 | ## This requires a time schedule to be defined in the 4 | ## dnscrypt-proxy.toml configuration file. 5 | 6 | # twitter.com @work 7 | # facebook.com @work 8 | # *.youtube.* @time-to-sleep 9 | -------------------------------------------------------------------------------- /root/TEMPLATEs/dnscrypt/generate-domains-blacklists/domains-whitelist.txt.tmpl: -------------------------------------------------------------------------------- 1 | a-msedge.net 2 | amazon.com 3 | appsflyer.com 4 | azurewebsites.net 5 | cdnetworks.com 6 | cloudapp.net 7 | edgekey.net 8 | elasticbeanstalk.com 9 | github.com 10 | github.io 11 | gitlab.com 12 | invalid 13 | j.mp 14 | l-msedge.net 15 | lan 16 | liveinternet.ru 17 | localdomain 18 | microsoft.com 19 | msedge.net 20 | nsatc.net 21 | ovh.net 22 | polyfill.io 23 | pusher.com 24 | pusherapp.com 25 | revinate.com 26 | spotify.com 27 | tagcommander.com 28 | windows.net 29 | tracker.* 30 | -------------------------------------------------------------------------------- /root/TEMPLATEs/dnscrypt/ip_blacklist.txt.tmpl: -------------------------------------------------------------------------------- 1 | ########################### 2 | # IP Blacklist # 3 | ########################### 4 | 5 | #### https://raw.githubusercontent.com/CHEF-KOCH/dnscrypt-proxy-blacklist-filter/master/ip-blacklist.txt 6 | 13.68.82.8 7 | 13.78.235.247 8 | 13.80.12.54 9 | 13.107.3.128 10 | 13.107.13.88 11 | 13.107.21.200 12 | 23.97.178.173 13 | 40.77.224.8 14 | 40.77.224.11 15 | 40.77.225.248 16 | 40.77.226.0-40.77.226.255 17 | 40.83.127.51 18 | 40.90.136.1 19 | 40.90.136.20 20 | 40.101.46.178 21 | 40.114.241.141 22 | 40.118.103.7 23 | 40.121.213.159 24 | 40.127.142.76 25 | 51.140.65.84 26 | 51.140.127.197 27 | 51.141.26.229 28 | 52.164.191.55 29 | 52.166.110.64 30 | 52.166.120.77 31 | 52.169.71.150 32 | 52.178.161.41 33 | 52.178.163.85 34 | 52.232.16.77 35 | 52.232.69.150 36 | 37 | #### https://raw.githubusercontent.com/CHEF-KOCH/dnscrypt-proxy-blacklist-filter/master/blacklist-ips.txt 38 | # Converted from https://github.com/felixonmars/dnsmasq-china-list/blob/master/bogus-nxdomain.china.conf 39 | # https://github.com/felixonmars/dnsmasq-china-list 40 | # Thanks to all contributors. 41 | 123.125.81.12 42 | 101.226.10.8 43 | 198.105.254.11 44 | 104.239.213.7 45 | 61.191.206.4 46 | 218.30.64.194 47 | 61.139.8.101 48 | 61.139.8.102 49 | 61.139.8.103 50 | 61.139.8.104 51 | 42.123.125.237 52 | 202.100.68.117 53 | 113.12.83.4 54 | 113.12.83.5 55 | 202.100.220.54 56 | 60.191.124.236 57 | 60.191.124.252 58 | 222.221.5.204 59 | 124.232.132.94 60 | 202.102.110.204 61 | 61.131.208.210 62 | 61.131.208.211 63 | 202.102.110.203 64 | 202.102.110.205 65 | 219.146.13.36 66 | 180.168.41.175 67 | 180.153.103.224 68 | 111.175.221.58 69 | 61.183.1.186 70 | 125.76.239.244 71 | 125.76.239.245 72 | 222.221.5.252 73 | 222.221.5.253 74 | 220.165.8.172 75 | 220.165.8.174 76 | 112.132.230.179 77 | 202.106.199.34 78 | 202.106.199.35 79 | 202.106.199.36 80 | 202.106.199.37 81 | 202.106.199.38 82 | 221.192.153.41 83 | 221.192.153.42 84 | 221.192.153.43 85 | 221.192.153.44 86 | 221.192.153.45 87 | 221.192.153.46 88 | 221.192.153.49 89 | 125.211.213.130 90 | 125.211.213.131 91 | 125.211.213.132 92 | 125.211.213.133 93 | 125.211.213.134 94 | 218.28.144.36 95 | 218.28.144.37 96 | 218.28.144.38 97 | 218.28.144.39 98 | 218.28.144.40 99 | 218.28.144.41 100 | 218.28.144.42 101 | 202.98.24.121 102 | 202.98.24.122 103 | 202.98.24.123 104 | 202.98.24.124 105 | 202.98.24.125 106 | 60.19.29.21 107 | 60.19.29.22 108 | 60.19.29.23 109 | 60.19.29.24 110 | 60.19.29.25 111 | 60.19.29.26 112 | 60.19.29.27 113 | 220.250.64.18 114 | 220.250.64.19 115 | 220.250.64.20 116 | 220.250.64.21 117 | 220.250.64.22 118 | 220.250.64.23 119 | 220.250.64.24 120 | 220.250.64.25 121 | 220.250.64.26 122 | 220.250.64.27 123 | 220.250.64.28 124 | 220.250.64.29 125 | 220.250.64.30 126 | 220.250.64.225 127 | 220.250.64.226 128 | 220.250.64.227 129 | 220.250.64.228 130 | 202.99.254.231 131 | 202.99.254.232 132 | 202.99.254.230 133 | 123.129.254.11 134 | 123.129.254.12 135 | 123.129.254.13 136 | 123.129.254.14 137 | 123.129.254.15 138 | 123.129.254.16 139 | 123.129.254.17 140 | 123.129.254.18 141 | 123.129.254.19 142 | 221.204.244.36 143 | 221.204.244.37 144 | 221.204.244.38 145 | 221.204.244.39 146 | 221.204.244.40 147 | 221.204.244.41 148 | 218.68.250.117 149 | 218.68.250.118 150 | 218.68.250.119 151 | 218.68.250.120 152 | 218.68.250.121 153 | 120.209.138.64 154 | 211.139.136.73 155 | 221.179.46.190 156 | 221.179.46.194 157 | 183.207.232.253 158 | 223.82.248.117 159 | 211.138.74.132 160 | 211.137.130.101 161 | 211.136.113.1 162 | 211.138.102.198 163 | 120.192.83.163 164 | 183.221.242.172 165 | 183.221.250.11 166 | 111.11.208.2 167 | 183.224.40.24 168 | 211.98.70.226 169 | 211.98.70.227 170 | 211.98.71.195 171 | 114.112.163.232 172 | 114.112.163.254 173 | -------------------------------------------------------------------------------- /root/TEMPLATEs/dnscrypt/whitelist.txt.tmpl: -------------------------------------------------------------------------------- 1 | 2 | ########################### 3 | # Whitelist # 4 | ########################### 5 | 6 | ## Rules for name-based query whitelisting, one per line 7 | ## 8 | ## Example of valid patterns: 9 | ## 10 | ## ads.* | matches anything with an "ads." prefix 11 | ## *.example.com | matches example.com and all names within that zone such as www.example.com 12 | ## example.com | identical to the above 13 | ## =example.com | whitelists example.com but not *.example.com 14 | ## *sex* | matches any name containing that substring 15 | ## ads[0-9]* | matches "ads" followed by one or more digits 16 | ## ads*.example* | *, ? and [] can be used anywhere, but prefixes/suffixes are faster 17 | -------------------------------------------------------------------------------- /root/TEMPLATEs/init/S01fake-hwclock.tmpl: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 4 | ENABLED=yes 5 | PROCS=fake-hwclock 6 | ARGS="" 7 | PREARGS="" 8 | DESC="Fake Hardware Clock" 9 | export ENABLED PROCS ARGS PREARGS DESC 10 | 11 | start() { 12 | fake-hwclock load force >/dev/null 13 | } 14 | 15 | stop() { 16 | fake-hwclock save 17 | } 18 | 19 | case "$1" in 20 | start) 21 | start 22 | ;; 23 | stop) 24 | stop 25 | ;; 26 | *) 27 | echo "Usage: $0 (start|stop)" 28 | exit 1 29 | ;; 30 | esac 31 | 32 | exit 0 33 | -------------------------------------------------------------------------------- /root/TEMPLATEs/init/S02syslog.tmpl: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | ENABLED="$(nvram get log_file |sed 's/0/no/g;s/1/yes/g;')" 4 | PROCS=syslogd 5 | ARGS="-L -s $(nvram get log_file_size) -O $(nvram get log_file_path) -b $(nvram get log_file_keep)" 6 | PREARGS="" 7 | DESC="SysLog" 8 | PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 9 | export ENABLED PROCS ARGS PREARGS DESC 10 | # shellcheck source=root/TEMPLATEs/init/rc.func.tmpl 11 | . /opt/etc/init.d/rc.func 12 | -------------------------------------------------------------------------------- /root/TEMPLATEs/init/S03dnsmasq.tmpl: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | ENABLED=yes 4 | PROCS=dnsmasq 5 | ARGS="" 6 | PREARGS="" 7 | DESC="DNSmasq" 8 | PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 9 | export ENABLED PROCS ARGS PREARGS DESC 10 | # shellcheck source=root/TEMPLATEs/init/rc.func.tmpl 11 | . /opt/etc/init.d/rc.func 12 | -------------------------------------------------------------------------------- /root/TEMPLATEs/init/S09dnscrypt-proxy2.tmpl: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 4 | ENABLED=yes 5 | PROCS=dnscrypt-proxy 6 | ARGS="" 7 | PREARGS="" 8 | DESC="DNScrypt-proxy" 9 | export ENABLED PROCS ARGS PREARGS DESC 10 | 11 | # shellcheck source=root/TEMPLATEs/init/rc.func.tmpl 12 | [ -n "$LOOP" ] && . /opt/etc/init.d/rc.func 13 | 14 | #### Includes 15 | # shellcheck source=root/SCRIPTs/inc/vars 16 | . /opt/MyTomato/root/SCRIPTs/inc/vars 17 | # shellcheck source=root/SCRIPTs/inc/vars 18 | [ -f "${gsDirOverLoad}/vars" ] && . "${gsDirOverLoad}/vars" 19 | # shellcheck source=root/SCRIPTs/inc/funcs 20 | . /opt/MyTomato/root/SCRIPTs/inc/funcs 21 | 22 | ###################################################################### 23 | # 24 | # S T A R T W O R K S P A C E 25 | # 26 | ###################################################################### 27 | 28 | #------------------------------------------------------------ 29 | # Functions - Begin 30 | #------------------------------------------------------------ 31 | # Checking prerequisites 32 | gfnCheckPrerequisites() { 33 | local nExit sMode 34 | 35 | nExit=0 36 | sMode='' 37 | 38 | # Check if DNScrypt-proxy is installed 39 | if ! gfnCheckCommand $PROCS; then 40 | sMode='con' 41 | gsMess="\nSorry '$PROCS' was not found.\n" 42 | gsMess+="Please check if the program was installed.\n" 43 | nExit=1 44 | fi 45 | 46 | if [ $nExit -eq 1 ]; then 47 | gfnMessage 'ERROR' 'con' "$gsMess" 48 | exit $nExit 49 | else 50 | gfnMessage 'INFO' 'log' "$gsMess" 51 | fi 52 | } 53 | 54 | # Function START 55 | gfnStart() { 56 | local sType nReturn 57 | 58 | # Stop others processes 59 | if [ -n "$(pidof $PROCS)" ]; then 60 | gfnMessage 'INFO' 'log' "$DESC is already running !" 61 | nReturn=0 62 | else 63 | gfnInstallDnscryptProxy 64 | 65 | ${PROCS} -config /opt/etc/dnscrypt-proxy.toml >/dev/null 2>&1 & 66 | sleep 1 67 | 68 | if [ -n "$(pidof $PROCS)" ]; then 69 | # Start OK 70 | sType='INFO' 71 | gsMess="'$DESC' is started completly" 72 | nReturn=0 73 | else 74 | # Start KO 75 | sType='ERROR' 76 | gsMess="'$DESC' did not started" 77 | nReturn=1 78 | fi 79 | fi 80 | 81 | # Return 82 | # 0 : if daemon has been started 83 | # 1 : if daemon could not be started 84 | case "$nReturn" in 85 | 0) gfnSwitchDNS 'dnscrypt' ;; 86 | *) gfnStop ;; 87 | esac 88 | 89 | return $nReturn 90 | } 91 | 92 | # Function STOP the daemon/service 93 | gfnStop() { 94 | local sType 95 | sType='INFO' 96 | 97 | if [ -z "$(pidof $PROCS)" ]; then 98 | gsMess="$DESC is not running !" 99 | else 100 | # Force kill 101 | killall -q $PROCS >/dev/null 102 | sType='NOTICE' 103 | gsMess="\nForce kill for ghost processes !" 104 | fi 105 | 106 | # Log file 107 | gfnMessage "$sType" 'log' "$gsMess" 108 | # Switch DNS 109 | gfnSwitchDNS 'standard' 110 | } 111 | 112 | # Show Messages 113 | gfnMessage() { 114 | # Options: 115 | # $1: [notice|info|warning|error] 116 | # notice - send message to log [NOTICE] 117 | # info - send message to log [INFO] 118 | # warning - send message to log [WARNING] 119 | # error - send message to log [ERROR] 120 | # $2: [con|log] 121 | # con - send message to whiptail box OR console 122 | # log - send message only into log 123 | # $3: [message] 124 | local sType="$1" 125 | local sMode="$2" 126 | local sMess="$3" 127 | 128 | fnWriteToLogFile() { 129 | local sType="$1" 130 | local sMess='' 131 | 132 | # clear new line chars 133 | sMess=$(echo -e "$2" | tr '\n' '|') 134 | while IFS='|' read -ra sLogLine; do 135 | for sLine in "${sLogLine[@]}"; do 136 | logger -p user.notice "| $DESC" "[$sType] $sLine" 137 | done 138 | done <<<"$sMess" 139 | } 140 | 141 | case "$sMode" in 142 | 'con') echo -e "$sMess" ;; 143 | esac 144 | 145 | fnWriteToLogFile "$sType" "$sMess" 146 | } 147 | 148 | # Check if a command exist 149 | gfnCheckCommand() { 150 | if [ -z "$(whereis "$1" | awk '{ print $2 }')" ]; then 151 | return 1 152 | else 153 | return 0 154 | fi 155 | } 156 | 157 | # Switch DNS (standard / DNScrypt-proxy) 158 | gfnSwitchDNS() { 159 | local scCommand="$1" 160 | 161 | # Cleaning /etc/dnsmasq-custom.conf 162 | sed -i '/no-resolv/d' /etc/dnsmasq-custom.conf 163 | sed -i '/server=/d' /etc/dnsmasq-custom.conf 164 | sed -i '/listen-address/d' /etc/dnsmasq-custom.conf 165 | 166 | case "$scCommand" in 167 | 'dnscrypt') 168 | NvramCommit="NO" 169 | 170 | if (! nvram get dnsmasq_custom | grep -q 'conf-file=/etc/dnsmasq-custom.conf'); then 171 | gfnNvramUpdate 'dnsmasq' 172 | NvramCommit="YES" 173 | fi 174 | if [ "$(nvram get dnssec_enable)" == "0" ]; then 175 | nvram set dnssec_enable=1 176 | NvramCommit="YES" 177 | fi 178 | # if [ -n "$(nvram get wan_dns)" ]; then 179 | # nvram set wan_dns= 180 | # NvramCommit="YES" 181 | # fi 182 | # Commit ? 183 | if [ "$NvramCommit" == "YES" ]; then 184 | nvram commit 185 | fi 186 | 187 | # /etc/dnsmasq-custom.conf 188 | { 189 | echo "server=127.0.0.1#52" 190 | echo "server=::1#52" 191 | echo "listen-address=::1,127.0.0.1" 192 | if [ -n "${gsExternalDns}" ]; then 193 | echo "dhcp-option=6,${gsExternalDns}" 194 | fi 195 | } >>/etc/dnsmasq-custom.conf 196 | 197 | service dnsmasq stop >/dev/null 198 | sleep 1 199 | service dnsmasq start >/dev/null 200 | ;; 201 | 'standard') 202 | NvramCommit="NO" 203 | 204 | if (! nvram get dnsmasq_custom | grep -q 'conf-file=/etc/dnsmasq-custom.conf'); then 205 | gfnNvramUpdate 'dnsmasq' 206 | NvramCommit="YES" 207 | fi 208 | if [ "$(nvram get wan_dns)" != "${gsWan1_DNS}" ]; then 209 | nvram set wan_dns="${gsWan1_DNS}" 210 | NvramCommit="YES" 211 | fi 212 | # Commit ? 213 | if [ "$NvramCommit" == "YES" ]; then 214 | nvram commit 215 | fi 216 | 217 | # /etc/dnsmasq-custom.conf 218 | # if [ -n "${gsExternalDns}" ]; then 219 | # { 220 | # echo "dhcp-option=6,${gsExternalDns}" 221 | # } >>/etc/dnsmasq-custom.conf 222 | # fi 223 | 224 | service dnsmasq stop >/dev/null 225 | sleep 1 226 | service dnsmasq start >/dev/null 227 | ;; 228 | esac 229 | } 230 | 231 | #------------------------------------------------------------ 232 | # Functions - End 233 | #------------------------------------------------------------ 234 | 235 | ###################################################################### 236 | # 237 | # E N D W O R K S P A C E 238 | # 239 | ###################################################################### 240 | 241 | ###################################################################### 242 | # 243 | # S T A R T C O M M A N D L I N E M O D E 244 | # 245 | ###################################################################### 246 | 247 | # Start some functions 248 | gfnCheckPrerequisites 249 | 250 | # Options 251 | if [ $# -ge 1 ]; then 252 | for Arg in "$@"; do 253 | case "$Arg" in 254 | 'start') gfnStart ;; 255 | 'stop') gfnStop ;; 256 | 'restart') 257 | gfnStop 258 | gfnStart 259 | ;; 260 | 'status') 261 | sProcess="$(pidof $PROCS)" 262 | if [ -n "$sProcess" ]; then 263 | gfnMessage 'NOTICE' 'con' "$DESC is running !" 264 | else 265 | gfnMessage 'NOTICE' 'con' "$DESC is not running !" 266 | fi 267 | ;; 268 | *) exit 0 ;; 269 | esac 270 | done 271 | fi 272 | 273 | ###################################################################### 274 | # 275 | # E N D C O M M A N D L I N E M O D E 276 | # 277 | ###################################################################### 278 | 279 | if [ $# -lt 1 ]; then 280 | printf "Usage: %s {start|stop|restart|status}\n" "$0" >&2 281 | exit 1 282 | fi 283 | 284 | exit 0 285 | -------------------------------------------------------------------------------- /root/TEMPLATEs/init/S19rpcbind.tmpl: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 4 | ENABLED=no 5 | PROCS=rpcbind 6 | ARGS="-f -w" 7 | PREARGS="" 8 | DESC="RPC Bind" 9 | export ENABLED PROCS ARGS PREARGS DESC 10 | # shellcheck source=root/TEMPLATEs/init/rc.func.tmpl 11 | . /opt/etc/init.d/rc.func 12 | -------------------------------------------------------------------------------- /root/TEMPLATEs/init/S57nfs-kernel-server.tmpl: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 4 | ENABLED=no 5 | PROCS=nfs-kernel-server 6 | ARGS="" 7 | PREARGS="" 8 | DESC="NFS Server" 9 | export ENABLED PROCS ARGS PREARGS DESC 10 | 11 | # shellcheck source=root/TEMPLATEs/init/rc.func.tmpl 12 | [ -n "$LOOP" ] && . /opt/etc/init.d/rc.func 13 | 14 | PATH=/opt/bin:/opt/sbin:/sbin:/bin:/usr/sbin:/usr/bin 15 | 16 | if [ -z "$(pidof rpcbind)" ]; then 17 | #echo 'Error: portmap not started' 18 | exit 1 19 | fi 20 | 21 | start() { 22 | echo 'Starting NFS server' 23 | modprobe nfsd 24 | mkdir -p /opt/var/lib/nfs/sm 25 | mkdir -p /opt/var/lib/nfs/sm.bak 26 | mkdir -p /opt/var/lib/nfs/rpc_pipefs 27 | echo -n >/opt/var/lib/nfs/etab 28 | echo -n >/opt/var/lib/nfs/rmtab 29 | echo -n >/opt/var/lib/nfs/xtab 30 | mount -t rpc_pipefs rpc_pipefs /opt/var/lib/nfs/rpc_pipefs 31 | mount -t nfsd nfsd /proc/fs/nfsd 32 | echo 65536 >/proc/fs/nfsd/max_block_size 33 | exportfs -ra 34 | rpc.nfsd --no-nfs-version 4 --no-tcp 1 35 | rpc.mountd --no-nfs-version 4 --no-tcp 36 | } 37 | 38 | stop() { 39 | echo 'Stopping NFS server' 40 | killall -q rpc.mountd >/dev/null 41 | killall -q -2 nfsd >/dev/null 42 | exportfs -ua 43 | umount /proc/fs/nfsd 2>/dev/null 44 | umount /opt/var/lib/nfs/rpc_pipefs 2>/dev/null 45 | rm -f /opt/var/lib/nfs/etab 46 | } 47 | 48 | status() { 49 | if [ -n "$(pidof nfsd)" ] && [ -n "$(pidof rpc.mountd)" ]; then 50 | echo 'NFS server is running' 51 | else 52 | echo 'NFS server is stopped' 53 | fi 54 | } 55 | 56 | reload() { 57 | echo 'Reloading /opt/etc/exports' 58 | exportfs -r 59 | } 60 | 61 | case "$1" in 62 | start) 63 | start 64 | ;; 65 | stop) 66 | stop 67 | ;; 68 | restart) 69 | stop 70 | sleep 2 71 | start 72 | ;; 73 | status) 74 | status 75 | ;; 76 | reload) 77 | reload 78 | ;; 79 | *) 80 | echo "Usage: $0 (start|stop|restart|reload|status)" 81 | exit 1 82 | ;; 83 | esac 84 | 85 | exit 0 86 | -------------------------------------------------------------------------------- /root/TEMPLATEs/init/S71openvpn-client1.tmpl: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | ENABLED="$(nvram get vpn_client_eas | grep -q '1' && echo yes || echo no)" 4 | PROCS=vpnclient1 5 | ARGS="" 6 | PREARGS="" 7 | DESC="OpenVPN Client 1" 8 | PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 9 | export ENABLED PROCS ARGS PREARGS DESC 10 | # shellcheck source=root/TEMPLATEs/init/rc.func.tmpl 11 | . /opt/etc/init.d/rc.func 12 | -------------------------------------------------------------------------------- /root/TEMPLATEs/init/S72openvpn-client2.tmpl: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | ENABLED="$(nvram get vpn_client_eas | grep -q '2' && echo yes || echo no)" 4 | PROCS=vpnclient2 5 | ARGS="" 6 | PREARGS="" 7 | DESC="OpenVPN Client 2" 8 | PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 9 | export ENABLED PROCS ARGS PREARGS DESC 10 | # shellcheck source=root/TEMPLATEs/init/rc.func.tmpl 11 | . /opt/etc/init.d/rc.func 12 | -------------------------------------------------------------------------------- /root/TEMPLATEs/init/S73openvpn-client3.tmpl: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | ENABLED="$(nvram get vpn_client_eas | grep -q '3' && echo yes || echo no)" 4 | PROCS=vpnclient3 5 | ARGS="" 6 | PREARGS="" 7 | DESC="OpenVPN Client 3" 8 | PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 9 | export ENABLED PROCS ARGS PREARGS DESC 10 | # shellcheck source=root/TEMPLATEs/init/rc.func.tmpl 11 | . /opt/etc/init.d/rc.func 12 | -------------------------------------------------------------------------------- /root/TEMPLATEs/init/S74openvpn-server1.tmpl: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | ENABLED="$(nvram get vpn_server_eas | grep -q '1' && echo yes || echo no)" 4 | PROCS=vpnserver1 5 | ARGS="" 6 | PREARGS="" 7 | DESC="OpenVPN Server 1" 8 | PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 9 | export ENABLED PROCS ARGS PREARGS DESC 10 | # shellcheck source=root/TEMPLATEs/init/rc.func.tmpl 11 | . /opt/etc/init.d/rc.func 12 | -------------------------------------------------------------------------------- /root/TEMPLATEs/init/S75openvpn-server2.tmpl: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | ENABLED="$(nvram get vpn_server_eas | grep -q '2' && echo yes || echo no)" 4 | PROCS=vpnserver2 5 | ARGS="" 6 | PREARGS="" 7 | DESC="OpenVPN Server 2" 8 | PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 9 | export ENABLED PROCS ARGS PREARGS DESC 10 | # shellcheck source=root/TEMPLATEs/init/rc.func.tmpl 11 | . /opt/etc/init.d/rc.func 12 | -------------------------------------------------------------------------------- /root/TEMPLATEs/init/S76openvpn-server3.tmpl: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | ENABLED="$(nvram get vpn_server_eas | grep -q '3' && echo yes || echo no)" 4 | PROCS=vpnserver3 5 | ARGS="" 6 | PREARGS="" 7 | DESC="OpenVPN Server 3" 8 | PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 9 | export ENABLED PROCS ARGS PREARGS DESC 10 | # shellcheck source=root/TEMPLATEs/init/rc.func.tmpl 11 | . /opt/etc/init.d/rc.func 12 | -------------------------------------------------------------------------------- /root/TEMPLATEs/init/S77ntpd.tmpl: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | ENABLED=yes 4 | PROCS=ntpd 5 | ARGS="-c /opt/etc/ntp.conf -f /opt/var/spool/ntp/ntp.drift -s /opt/var/spool/ntp -k /opt/etc/ntp -l /opt/var/spool/ntp/ntp.log" 6 | PREARGS="" 7 | DESC="NTP Server" 8 | PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 9 | export ENABLED PROCS ARGS PREARGS DESC 10 | # shellcheck source=root/TEMPLATEs/init/rc.func.tmpl 11 | . /opt/etc/init.d/rc.func 12 | -------------------------------------------------------------------------------- /root/TEMPLATEs/init/S80cstats.tmpl: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | ENABLED="$(nvram get cstats_enable | sed 's/0/no/g;s/1/yes/g;')" 4 | PROCS=cstats 5 | ARGS="" 6 | PREARGS="" 7 | DESC="IP Traffic Monitoring" 8 | PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 9 | export ENABLED PROCS ARGS PREARGS DESC 10 | # shellcheck source=root/TEMPLATEs/init/rc.func.tmpl 11 | . /opt/etc/init.d/rc.func 12 | -------------------------------------------------------------------------------- /root/TEMPLATEs/init/S81rstats.tmpl: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | ENABLED="$(nvram get rstats_enable | sed 's/0/no/g;s/1/yes/g;')" 4 | PROCS=rstats 5 | ARGS="" 6 | PREARGS="" 7 | DESC="Bandwidth Monitoring" 8 | PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 9 | export ENABLED PROCS ARGS PREARGS DESC 10 | # shellcheck source=root/TEMPLATEs/init/rc.func.tmpl 11 | . /opt/etc/init.d/rc.func 12 | -------------------------------------------------------------------------------- /root/TEMPLATEs/init/S83samba.tmpl: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | ENABLED="$(nvram get smbd_enable |sed 's/0/no/g;s/1/yes/g;s/2/yes/g;')" 4 | PROCS=smbd 5 | ARGS="" 6 | PREARGS="" 7 | DESC="Samba" 8 | PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 9 | export ENABLED PROCS ARGS PREARGS DESC 10 | # shellcheck source=root/TEMPLATEs/init/rc.func.tmpl 11 | . /opt/etc/init.d/rc.func 12 | -------------------------------------------------------------------------------- /root/TEMPLATEs/init/rc.func.tmpl: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | 3 | ACTION="$1" 4 | CALLER="$2" 5 | 6 | ansi_red="\033[1;31m" 7 | ansi_white="\033[1;37m" 8 | ansi_green="\033[1;32m" 9 | ansi_yellow="\033[1;33m" 10 | ansi_std="\033[m" 11 | 12 | start() { 13 | unset LOOP 14 | 15 | { 16 | [ "$CRITICAL" != "yes" ] 17 | [ "$CALLER" = "cron" ] 18 | } && return 7 19 | [ "$ENABLED" != "yes" ] && return 8 20 | echo -e -n "$ansi_white Starting $DESC... $ansi_std" 21 | if [ -n "$(pidof "$PROC")" ]; then 22 | echo -e "$ansi_yellow already running. $ansi_std" 23 | return 0 24 | fi 25 | 26 | case "$PROC" in 27 | 'dnscrypt-proxy') 28 | /opt/etc/init.d/S09dnscrypt-proxy2 restart 29 | ;; 30 | 'vpnclient1' | 'vpnclient2' | 'vpnclient3' | 'vpnserver1' | 'vpnserver2' | 'vpnserver3') 31 | service "$PROC" restart >/dev/null 32 | ;; 33 | 'dnsmasq' | 'cstats' | 'rstats' | 'smbd') 34 | service "$PROC" restart >/dev/null 35 | ;; 36 | *) 37 | $PRECMD >/dev/null 2>&1 38 | eval "$PREARGS $PROC $ARGS" 39 | ;; 40 | esac 41 | 42 | COUNTER=0 43 | LIMIT=20 44 | 45 | while [ -z "$(pidof "$PROC")" ] && [ "$COUNTER" -le "$LIMIT" ]; do 46 | sleep 1 47 | COUNTER=$((COUNTER + 1)) 48 | done 49 | $POSTCMD >/dev/null 2>&1 50 | 51 | if [ -z "$(pidof "$PROC")" ]; then 52 | echo -e "$ansi_red failed. $ansi_std" 53 | logger "Failed to start $DESC from $CALLER." 54 | return 255 55 | else 56 | echo -e "$ansi_green done. $ansi_std" 57 | logger "Started $DESC from $CALLER." 58 | return 0 59 | fi 60 | } 61 | 62 | stop() { 63 | unset LOOP 64 | 65 | case "$ACTION" in 66 | stop | restart) 67 | echo -e -n "$ansi_white Shutting down $PROC... $ansi_std" 68 | 69 | case "$PROC" in 70 | 'dnscrypt-proxy') 71 | /opt/etc/init.d/S09dnscrypt-proxy2 "$ACTION" 72 | ;; 73 | 'vpnclient1' | 'vpnclient2' | 'vpnclient3' | 'vpnserver1' | 'vpnserver2' | 'vpnserver3') 74 | service "$PROC" "$ACTION" >/dev/null 75 | ;; 76 | 'dnsmasq' | 'cstats' | 'rstats' | 'smbd') 77 | service "$PROC" "$ACTION" >/dev/null 78 | ;; 79 | *) killall "$PROC" >/dev/null ;; 80 | esac 81 | 82 | COUNTER=0 83 | LIMIT=10 84 | while [ -n "$(pidof "$PROC")" ] && [ "$COUNTER" -le "$LIMIT" ]; do 85 | sleep 1 86 | COUNTER=$((COUNTER + 1)) 87 | done 88 | ;; 89 | kill) 90 | echo -e -n "$ansi_white Killing $PROC... $ansi_std" 91 | killall -9 "$PROC" >/dev/null 92 | ;; 93 | esac 94 | 95 | if [ -n "$(pidof "$PROC")" ]; then 96 | echo -e "$ansi_red failed. $ansi_std" 97 | return 255 98 | else 99 | echo -e "$ansi_green done. $ansi_std" 100 | return 0 101 | fi 102 | } 103 | 104 | check() { 105 | echo -e -n "$ansi_white Checking $DESC... " 106 | if [ -n "$(pidof "$PROC")" ]; then 107 | echo -e "$ansi_green alive. $ansi_std" 108 | return 0 109 | else 110 | echo -e "$ansi_red dead. $ansi_std" 111 | return 1 112 | fi 113 | } 114 | 115 | reconfigure() { 116 | SIGNAL=SIGHUP 117 | echo -e "$ansi_white Sending $SIGNAL to $PROC... $ansi_std" 118 | killall -$SIGNAL "$PROC" >/dev/null 119 | } 120 | 121 | export PROCS 122 | for PROC in $PROCS; do 123 | case "$ACTION" in 124 | start) 125 | start 126 | ;; 127 | stop | kill) 128 | check && stop 129 | ;; 130 | restart) 131 | check >/dev/null && stop 132 | start 133 | ;; 134 | check) 135 | check 136 | ;; 137 | reconfigure) 138 | reconfigure 139 | ;; 140 | *) 141 | echo -e "$ansi_white Usage: $0 (start|stop|restart|check|kill|reconfigure)$ansi_std" 142 | exit 1 143 | ;; 144 | esac 145 | done 146 | -------------------------------------------------------------------------------- /root/TEMPLATEs/init/rc.unslung.tmpl: -------------------------------------------------------------------------------- 1 | #!/opt/bin/bash 2 | # 3 | # Start/stop all init scripts in /opt/etc/init.d including symlinks 4 | # starting them in numerical order and 5 | # stopping them in reverse numerical order 6 | # 7 | 8 | #### VARs 9 | PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 10 | unset LD_LIBRARY_PATH 11 | unset LD_PRELOAD 12 | ACTION="${1}" 13 | [ -n "${2}" ] && CALLER="${2}" || CALLER="$(basename "$0")" 14 | 15 | if [ $# -lt 1 ]; then 16 | printf "Usage: %s {start|stop|restart|reconfigure|check|kill}\n" "$0" >&2 17 | exit 1 18 | fi 19 | 20 | case "$ACTION" in 21 | 'stop' | 'restart' | 'kill') ORDER="-r" ;; 22 | esac 23 | 24 | for i in $(find /opt/etc/init.d/ -perm '-u+x' -name 'S*' | sort $ORDER); do 25 | logger -p user.notice "| $(basename "$0") |" "Beginning $ACTION sequence for '$(basename "$i")'" 26 | 27 | LOOP=1 # Permit to avoid loop for some sourced scripts !!! 28 | export LOOP 29 | 30 | case "$i" in 31 | S* | *.sh) 32 | # Source shell script for speed. 33 | trap "" INT QUIT TSTP EXIT 34 | # shellcheck source=root/TEMPLATEs/init/S09dnscrypt-proxy2.tmpl 35 | ACTION=$ACTION CALLER=$CALLER . "$i" 36 | ;; 37 | *) 38 | # No sh extension, so fork subprocess. 39 | $i "$ACTION" "$CALLER" 40 | ;; 41 | esac 42 | 43 | logger -p user.notice "| $(basename "$0") |" "Ending $ACTION sequence for '$(basename "$i")'" 44 | done 45 | -------------------------------------------------------------------------------- /root/TEMPLATEs/p2partisan/blacklist-custom.txt.tmpl: -------------------------------------------------------------------------------- 1 | # shellcheck shell=bash 2 | ###################################### 3 | # Custom blacklist, mix and match any of the following formats 4 | # Single: "X.X.X.X" 5 | # Range: "FIRSTIP-LASTIP" 6 | # FQDN: "bbc.com" 7 | # CIDR: "X.X.X.X/YY" 8 | # NOTE: ONLY PUBLIC IP ADDRESSES WILL BE CONSIDERED HERE 9 | ###################################### 10 | # TMG ? 11 | 31.13.76.102 12 | 173.194.0.0-173.194.255.255 13 | 216.58.192.0-216.58.223.255 14 | 74.125.0.0-74.125.255.255 15 | 2.16.4.0-2.16.4.255 16 | 74.125.136.0-74.125.136.255 17 | 173.194.65.0-173.194.65.255 18 | 23.235.43.0-23.235.43.255 19 | 194.68.165.0-194.68.165.255 20 | -------------------------------------------------------------------------------- /root/TEMPLATEs/p2partisan/blacklists.txt.tmpl: -------------------------------------------------------------------------------- 1 | ########################################################################### 2 | # Generic lists, additional available e.g. at the following providers: 3 | # https://www.iblocklist.com/lists.php 4 | # http://iplists.firehol.org/ 5 | # https://www.spamhaus.org/drop/ 6 | ########################################################################### 7 | # The 2 formats supported are: 8 | # Type A: 9 | # .gz cointaining ASCII i nthe format "description:SIP-DIP" 10 | # Type B: 11 | # ASCII cointainting X.X.X.X or X.X.X.X/YY, any optional trailer define by a 12 | # semicolon e.g. ";description" is ignored 13 | # 14 | # NOTE: enable with caution, with too many lists you might run of RAM on your router! 15 | # 16 | 17 | ################################################################################## 18 | # NOTE: enable with caution, with too many lists you might run of RAM on your router! 19 | # Every enabled list must honour the format: "name URL" 20 | ################################################################################## 21 | Pedophiles http://list.iblocklist.com/?list=dufcxgnbjsdwmwctgfuj&fileformat=p2p&archiveformat=gz 22 | level1 http://list.iblocklist.com/?list=ydxerpxkpcfqjaybcssw&fileformat=p2p&archiveformat=gz 23 | level2 http://list.iblocklist.com/?list=gyisgnzbhppbvsphucsw&fileformat=p2p&archiveformat=gz 24 | # level3 http://list.iblocklist.com/?list=uwnukjqktoggdknzrhgh&fileformat=p2p&archiveformat=gz 25 | # edu http://list.iblocklist.com/?list=imlmncgrkbnacgcwfjvh&fileformat=p2p&archiveformat=gz 26 | rangetest http://list.iblocklist.com/?list=plkehquoahljmyxjixpu&fileformat=p2p&archiveformat=gz 27 | # bogon http://list.iblocklist.com/?list=gihxqmhyunbxhbmgqrla&fileformat=p2p&archiveformat=gz 28 | # ads http://list.iblocklist.com/?list=dgxtneitpuvgqqcpfulq&fileformat=p2p&archiveformat=gz 29 | # spyware http://list.iblocklist.com/?list=llvtlsjyoyiczbkjsxpf&fileformat=p2p&archiveformat=gz 30 | # proxy http://list.iblocklist.com/?list=xoebmbyexwuiogmbyprb&fileformat=p2p&archiveformat=gz 31 | badpeers http://list.iblocklist.com/?list=cwworuawihqvocglcoss&fileformat=p2p&archiveformat=gz 32 | Microsoft http://list.iblocklist.com/?list=xshktygkujudfnjfioro&fileformat=p2p&archiveformat=gz 33 | # spider http://list.iblocklist.com/?list=mcvxsnihddgutbjfbghy&fileformat=p2p&archiveformat=gz 34 | # hijacked http://list.iblocklist.com/?list=usrcshglbiilevmyfhse&fileformat=p2p&archiveformat=gz 35 | # dshield http://list.iblocklist.com/?list=xpbqleszmajjesnzddhv&fileformat=p2p&archiveformat=gz 36 | # forumspam http://list.iblocklist.com/?list=ficutxiwawokxlcyoeye&fileformat=p2p&archiveformat=gz 37 | # webexploit http://list.iblocklist.com/?list=ghlzqtqxnzctvvajwwag&fileformat=p2p&archiveformat=gz 38 | # iana-reserved http://list.iblocklist.com/?list=bcoepfyewziejvcqyhqo&fileformat=p2p&archiveformat=gz 39 | # iana-private http://list.iblocklist.com/?list=cslpybexmxyuacbyuvib&fileformat=p2p&archiveformat=gz 40 | # iana-multicast http://list.iblocklist.com/?list=pwqnlynprfgtjbgqoizj&fileformat=p2p&archiveformat=gz 41 | # fornonlancomputers http://list.iblocklist.com/?list=jhaoawihmfxgnvmaqffp&fileformat=p2p&archiveformat=gz 42 | # exclusions http://list.iblocklist.com/?list=mtxmiireqmjzazcsoiem&fileformat=p2p&archiveformat=gz 43 | # HOSTS http://list.iblocklist.com/?list=qlprgwgdkojunfdlzsiv&fileformat=p2p&archiveformat=gz 44 | # DROP http://list.iblocklist.com/?list=zbdlwrqkabxbcppvrnos&fileformat=p2p&archiveformat=gz 45 | ZeuS http://list.iblocklist.com/?list=ynkdjqsjyfmilsgbogqf&fileformat=p2p&archiveformat=gz 46 | # Palevo http://list.iblocklist.com/?list=erqajhwrxiuvjxqrrwfj&fileformat=p2p&archiveformat=gz 47 | # CINS_Army http://list.iblocklist.com/?list=npkuuhuxcsllnhoamkvm&fileformat=p2p&archiveformat=gz 48 | malc0de http://list.iblocklist.com/?list=pbqcylkejciyhmwttify&fileformat=p2p&archiveformat=gz 49 | # adservers http://list.iblocklist.com/?list=zhogegszwduurnvsyhdf&fileformat=p2p&archiveformat=gz 50 | # bogon http://list.iblocklist.com/?list=lujdnbasfaaixitgmxpp&fileformat=p2p&archiveformat=gz 51 | # cruzit_web_attacks http://list.iblocklist.com/?list=czvaehmjpsnwwttrdoyl&fileformat=p2p&archiveformat=gz 52 | # malware_domain_list http://list.iblocklist.com/?list=cgbdjfsybgpgyjpqhsnd&fileformat=p2p&archiveformat=gz 53 | # The_Onion_Router http://list.iblocklist.com/?list=togdoptykrlolpddwbvz&fileformat=p2p&archiveformat=gz 54 | # Apple http://list.iblocklist.com/?list=aphcqvpxuqgrkgufjruj&fileformat=p2p&archiveformat=gz 55 | # LogMeIn http://list.iblocklist.com/?list=tgbankumtwtrzllndbmb&fileformat=p2p&archiveformat=gz 56 | # Steam http://list.iblocklist.com/?list=cnxkgiklecdaihzukrud&fileformat=p2p&archiveformat=gz 57 | # Xfire http://list.iblocklist.com/?list=ppqqnyihmcrryraaqsjo&fileformat=p2p&archiveformat=gz 58 | # Blizzard http://list.iblocklist.com/?list=ercbntshuthyykfkmhxc&fileformat=p2p&archiveformat=gz 59 | # Ubisoft http://list.iblocklist.com/?list=etmcrglomupyxtaebzht&fileformat=p2p&archiveformat=gz 60 | # Nintendo http://list.iblocklist.com/?list=pevkykuhgaegqyayzbnr&fileformat=p2p&archiveformat=gz 61 | # Activision http://list.iblocklist.com/?list=gfnxlhxsijzrcuxwzebb&fileformat=p2p&archiveformat=gz 62 | # Sony_Online_Entertainment http://list.iblocklist.com/?list=tukpvrvlubsputmkmiwg&fileformat=p2p&archiveformat=gz 63 | # Crowd_Control_Productions http://list.iblocklist.com/?list=eveiyhgmusglurfmjyag&fileformat=p2p&archiveformat=gz 64 | # Linden_Lab http://list.iblocklist.com/?list=qnjdimxnaupjmpqolxcv&fileformat=p2p&archiveformat=gz 65 | # Electronic_Arts http://list.iblocklist.com/?list=ejqebpcdmffinaetsvxj&fileformat=p2p&archiveformat=gz 66 | # Square_Enix http://list.iblocklist.com/?list=odyaqontcydnodrlyina&fileformat=p2p&archiveformat=gz 67 | # NCsoft http://list.iblocklist.com/?list=mwjuwmebrnzyyxpbezxu&fileformat=p2p&archiveformat=gz 68 | # Riot_Games http://list.iblocklist.com/?list=sdlvfabdjvrdttfjotcy&fileformat=p2p&archiveformat=gz 69 | # PunkBuster http://list.iblocklist.com/?list=zvwwndvzulqcltsicwdg&fileformat=p2p&archiveformat=gz 70 | # Pandora http://list.iblocklist.com/?list=aevzidimyvwybzkletsg&fileformat=p2p&archiveformat=gz 71 | # AOL http://list.iblocklist.com/?list=toboaiysofkflwgrttmb&fileformat=p2p&archiveformat=gz 72 | # Comcast http://list.iblocklist.com/?list=rsgyxvuklicibautguia&fileformat=p2p&archiveformat=gz 73 | # Cablevision http://list.iblocklist.com/?list=dwwbsmzirrykdlvpqozb&fileformat=p2p&archiveformat=gz 74 | # Verizon http://list.iblocklist.com/?list=cdmdbprvldivlqsaqjol&fileformat=p2p&archiveformat=gz 75 | # AT&T http://list.iblocklist.com/?list=grbtkzijgrowvobvessf&fileformat=p2p&archiveformat=gz 76 | # Cox_Communications http://list.iblocklist.com/?list=nlgdvmvfxvoimdunmuju&fileformat=p2p&archiveformat=gz 77 | # Time_Warner_Cable http://list.iblocklist.com/?list=aqtsnttnqmcucwrjmohd&fileformat=p2p&archiveformat=gz 78 | # Charter http://list.iblocklist.com/?list=htnzojgossawhpkbulqw&fileformat=p2p&archiveformat=gz 79 | # Embarq http://list.iblocklist.com/?list=twdblifaysaqtypevvdp&fileformat=p2p&archiveformat=gz 80 | # Suddenlink http://list.iblocklist.com/?list=psaoblrwylfrdsspfuiq&fileformat=p2p&archiveformat=gz 81 | # Sprint http://list.iblocklist.com/?list=hngtqrhhuadlceqxbrob&fileformat=p2p&archiveformat=gz 82 | 83 | # Country lists available here 84 | # http://www.iblocklist.com/lists.php?category=country 85 | # Browse the URL above and pick up the list you want to block (if any) 86 | # e.g. Aruba 87 | # Andorra http://list.iblocklist.com/?list=ad&fileformat=p2p&archiveformat=gz 88 | United_Arab_Emirates http://list.iblocklist.com/?list=ae&fileformat=p2p&archiveformat=gz 89 | # Afghanistan http://list.iblocklist.com/?list=af&fileformat=p2p&archiveformat=gz 90 | # Antigua_and_Barbuda http://list.iblocklist.com/?list=ag&fileformat=p2p&archiveformat=gz 91 | # Anguilla http://list.iblocklist.com/?list=ai&fileformat=p2p&archiveformat=gz 92 | # Albania http://list.iblocklist.com/?list=al&fileformat=p2p&archiveformat=gz 93 | # Armenia http://list.iblocklist.com/?list=am&fileformat=p2p&archiveformat=gz 94 | # Netherlands_Antilles http://list.iblocklist.com/?list=an&fileformat=p2p&archiveformat=gz 95 | # Angola http://list.iblocklist.com/?list=ao&fileformat=p2p&archiveformat=gz 96 | # Non-spec_Asia_Pas_Location http://list.iblocklist.com/?list=ap&fileformat=p2p&archiveformat=gz 97 | # Argentina http://list.iblocklist.com/?list=ar&fileformat=p2p&archiveformat=gz 98 | # American_Samoa http://list.iblocklist.com/?list=as&fileformat=p2p&archiveformat=gz 99 | # Austria http://list.iblocklist.com/?list=at&fileformat=p2p&archiveformat=gz 100 | Australia http://list.iblocklist.com/?list=au&fileformat=p2p&archiveformat=gz 101 | # Aruba http://list.iblocklist.com/?list=aw&fileformat=p2p&archiveformat=gz 102 | # Aland_Islands http://list.iblocklist.com/?list=ax&fileformat=p2p&archiveformat=gz 103 | # Azerbaijan http://list.iblocklist.com/?list=az&fileformat=p2p&archiveformat=gz 104 | # Bosnia_and_Herzegowina http://list.iblocklist.com/?list=ba&fileformat=p2p&archiveformat=gz 105 | # Barbados http://list.iblocklist.com/?list=bb&fileformat=p2p&archiveformat=gz 106 | # Bangladesh http://list.iblocklist.com/?list=bd&fileformat=p2p&archiveformat=gz 107 | # Belgium http://list.iblocklist.com/?list=be&fileformat=p2p&archiveformat=gz 108 | # Burkina_Faso http://list.iblocklist.com/?list=bf&fileformat=p2p&archiveformat=gz 109 | # Bulgaria http://list.iblocklist.com/?list=bg&fileformat=p2p&archiveformat=gz 110 | # Bahrain http://list.iblocklist.com/?list=bh&fileformat=p2p&archiveformat=gz 111 | # Burundi http://list.iblocklist.com/?list=bi&fileformat=p2p&archiveformat=gz 112 | # Benin http://list.iblocklist.com/?list=bj&fileformat=p2p&archiveformat=gz 113 | # Bermuda http://list.iblocklist.com/?list=bm&fileformat=p2p&archiveformat=gz 114 | # Brunei_Darussalam http://list.iblocklist.com/?list=bn&fileformat=p2p&archiveformat=gz 115 | # Bolivia http://list.iblocklist.com/?list=bo&fileformat=p2p&archiveformat=gz 116 | # Brazil http://list.iblocklist.com/?list=br&fileformat=p2p&archiveformat=gz 117 | # Bahamas http://list.iblocklist.com/?list=bs&fileformat=p2p&archiveformat=gz 118 | # Bhutan http://list.iblocklist.com/?list=bt&fileformat=p2p&archiveformat=gz 119 | # Botswana http://list.iblocklist.com/?list=bw&fileformat=p2p&archiveformat=gz 120 | # Belarus http://list.iblocklist.com/?list=by&fileformat=p2p&archiveformat=gz 121 | # Belize http://list.iblocklist.com/?list=bz&fileformat=p2p&archiveformat=gz 122 | # Canada http://list.iblocklist.com/?list=ca&fileformat=p2p&archiveformat=gz 123 | # The_Democratic_Republic_of_The_Congo http://list.iblocklist.com/?list=cd&fileformat=p2p&archiveformat=gz 124 | # Central_African_Republic http://list.iblocklist.com/?list=cf&fileformat=p2p&archiveformat=gz 125 | # Congo http://list.iblocklist.com/?list=cg&fileformat=p2p&archiveformat=gz 126 | # Switzerland http://list.iblocklist.com/?list=ch&fileformat=p2p&archiveformat=gz 127 | # Cote_D_ivoire http://list.iblocklist.com/?list=ci&fileformat=p2p&archiveformat=gz 128 | # Cook_Islands http://list.iblocklist.com/?list=ck&fileformat=p2p&archiveformat=gz 129 | # Chile http://list.iblocklist.com/?list=cl&fileformat=p2p&archiveformat=gz 130 | # Cameroon http://list.iblocklist.com/?list=cm&fileformat=p2p&archiveformat=gz 131 | China http://list.iblocklist.com/?list=cn&fileformat=p2p&archiveformat=gz 132 | # Colombia http://list.iblocklist.com/?list=co&fileformat=p2p&archiveformat=gz 133 | # Costa_Rica http://list.iblocklist.com/?list=cr&fileformat=p2p&archiveformat=gz 134 | # Serbia_and_Montenegro http://list.iblocklist.com/?list=cs&fileformat=p2p&archiveformat=gz 135 | # Cuba http://list.iblocklist.com/?list=cu&fileformat=p2p&archiveformat=gz 136 | # Cape_Verde http://list.iblocklist.com/?list=cv&fileformat=p2p&archiveformat=gz 137 | # Cyprus http://list.iblocklist.com/?list=cy&fileformat=p2p&archiveformat=gz 138 | # Czech_Republic http://list.iblocklist.com/?list=cz&fileformat=p2p&archiveformat=gz 139 | Germany http://list.iblocklist.com/?list=de&fileformat=p2p&archiveformat=gz 140 | # Djibouti http://list.iblocklist.com/?list=dj&fileformat=p2p&archiveformat=gz 141 | # Denmark http://list.iblocklist.com/?list=dk&fileformat=p2p&archiveformat=gz 142 | # Dominican_Republic http://list.iblocklist.com/?list=do&fileformat=p2p&archiveformat=gz 143 | # Algeria http://list.iblocklist.com/?list=dz&fileformat=p2p&archiveformat=gz 144 | # Ecuador http://list.iblocklist.com/?list=ec&fileformat=p2p&archiveformat=gz 145 | # Estonia http://list.iblocklist.com/?list=ee&fileformat=p2p&archiveformat=gz 146 | # Egypt http://list.iblocklist.com/?list=eg&fileformat=p2p&archiveformat=gz 147 | # Eritrea http://list.iblocklist.com/?list=er&fileformat=p2p&archiveformat=gz 148 | # Spain http://list.iblocklist.com/?list=es&fileformat=p2p&archiveformat=gz 149 | # Ethiopia http://list.iblocklist.com/?list=et&fileformat=p2p&archiveformat=gz 150 | # European_Union http://list.iblocklist.com/?list=eu&fileformat=p2p&archiveformat=gz 151 | Finland http://list.iblocklist.com/?list=fi&fileformat=p2p&archiveformat=gz 152 | # Fiji http://list.iblocklist.com/?list=fj&fileformat=p2p&archiveformat=gz 153 | # Federated_States_of_Micronesia http://list.iblocklist.com/?list=fm&fileformat=p2p&archiveformat=gz 154 | # Faroe_Islands http://list.iblocklist.com/?list=fo&fileformat=p2p&archiveformat=gz 155 | # France http://list.iblocklist.com/?list=fr&fileformat=p2p&archiveformat=gz 156 | # Gabon http://list.iblocklist.com/?list=ga&fileformat=p2p&archiveformat=gz 157 | United_Kingdom http://list.iblocklist.com/?list=gb&fileformat=p2p&archiveformat=gz 158 | # Grenada http://list.iblocklist.com/?list=gd&fileformat=p2p&archiveformat=gz 159 | # Georgia http://list.iblocklist.com/?list=ge&fileformat=p2p&archiveformat=gz 160 | # French_Guiana http://list.iblocklist.com/?list=gf&fileformat=p2p&archiveformat=gz 161 | # Guernsey http://list.iblocklist.com/?list=gg&fileformat=p2p&archiveformat=gz 162 | # Ghana http://list.iblocklist.com/?list=gh&fileformat=p2p&archiveformat=gz 163 | # Gibraltar http://list.iblocklist.com/?list=gi&fileformat=p2p&archiveformat=gz 164 | # Greenland http://list.iblocklist.com/?list=gl&fileformat=p2p&archiveformat=gz 165 | # Gambia http://list.iblocklist.com/?list=gm&fileformat=p2p&archiveformat=gz 166 | # Guinea http://list.iblocklist.com/?list=gn&fileformat=p2p&archiveformat=gz 167 | # Guadeloupe http://list.iblocklist.com/?list=gp&fileformat=p2p&archiveformat=gz 168 | # Equatorial_Guinea http://list.iblocklist.com/?list=gq&fileformat=p2p&archiveformat=gz 169 | # Greece http://list.iblocklist.com/?list=gr&fileformat=p2p&archiveformat=gz 170 | # Guatemala http://list.iblocklist.com/?list=gt&fileformat=p2p&archiveformat=gz 171 | # Guam http://list.iblocklist.com/?list=gu&fileformat=p2p&archiveformat=gz 172 | # Guinea-bissau http://list.iblocklist.com/?list=gw&fileformat=p2p&archiveformat=gz 173 | # Guyana http://list.iblocklist.com/?list=gy&fileformat=p2p&archiveformat=gz 174 | # Hong_Kong http://list.iblocklist.com/?list=hk&fileformat=p2p&archiveformat=gz 175 | # Honduras http://list.iblocklist.com/?list=hn&fileformat=p2p&archiveformat=gz 176 | # Croatia http://list.iblocklist.com/?list=hr&fileformat=p2p&archiveformat=gz 177 | # Haiti http://list.iblocklist.com/?list=ht&fileformat=p2p&archiveformat=gz 178 | # Hungary http://list.iblocklist.com/?list=hu&fileformat=p2p&archiveformat=gz 179 | # Indonesia http://list.iblocklist.com/?list=id&fileformat=p2p&archiveformat=gz 180 | # Ireland http://list.iblocklist.com/?list=ie&fileformat=p2p&archiveformat=gz 181 | # Israel http://list.iblocklist.com/?list=il&fileformat=p2p&archiveformat=gz 182 | # Isle_of_Man http://list.iblocklist.com/?list=im&fileformat=p2p&archiveformat=gz 183 | # India http://list.iblocklist.com/?list=in&fileformat=p2p&archiveformat=gz 184 | # British_Indian_Ocean_Territory http://list.iblocklist.com/?list=io&fileformat=p2p&archiveformat=gz 185 | # Iraq http://list.iblocklist.com/?list=iq&fileformat=p2p&archiveformat=gz 186 | # Iran http://list.iblocklist.com/?list=ir&fileformat=p2p&archiveformat=gz 187 | # Iceland http://list.iblocklist.com/?list=is&fileformat=p2p&archiveformat=gz 188 | Italy http://list.iblocklist.com/?list=it&fileformat=p2p&archiveformat=gz 189 | # Jersey http://list.iblocklist.com/?list=je&fileformat=p2p&archiveformat=gz 190 | # Jamaica http://list.iblocklist.com/?list=jm&fileformat=p2p&archiveformat=gz 191 | # Jordan http://list.iblocklist.com/?list=jo&fileformat=p2p&archiveformat=gz 192 | Japan http://list.iblocklist.com/?list=jp&fileformat=p2p&archiveformat=gz 193 | # Kenya http://list.iblocklist.com/?list=ke&fileformat=p2p&archiveformat=gz 194 | # Kyrgyzstan http://list.iblocklist.com/?list=kg&fileformat=p2p&archiveformat=gz 195 | # Cambodia http://list.iblocklist.com/?list=kh&fileformat=p2p&archiveformat=gz 196 | # Kiribati http://list.iblocklist.com/?list=ki&fileformat=p2p&archiveformat=gz 197 | # Saint_Kitts_and_Nevis http://list.iblocklist.com/?list=kn&fileformat=p2p&archiveformat=gz 198 | # Democratic_People_s_Republic_of_Korea http://list.iblocklist.com/?list=kp&fileformat=p2p&archiveformat=gz 199 | # Republic_of_Korea http://list.iblocklist.com/?list=kr&fileformat=p2p&archiveformat=gz 200 | # Kuwait http://list.iblocklist.com/?list=kw&fileformat=p2p&archiveformat=gz 201 | # Cayman_Islands http://list.iblocklist.com/?list=ky&fileformat=p2p&archiveformat=gz 202 | # Kazakhstan http://list.iblocklist.com/?list=kz&fileformat=p2p&archiveformat=gz 203 | # Lao_People_s_Democratic_Republic http://list.iblocklist.com/?list=la&fileformat=p2p&archiveformat=gz 204 | # Lebanon http://list.iblocklist.com/?list=lb&fileformat=p2p&archiveformat=gz 205 | # Saint_Lucia http://list.iblocklist.com/?list=lc&fileformat=p2p&archiveformat=gz 206 | # Liechtenstein http://list.iblocklist.com/?list=li&fileformat=p2p&archiveformat=gz 207 | # Sri_Lanka http://list.iblocklist.com/?list=lk&fileformat=p2p&archiveformat=gz 208 | # Liberia http://list.iblocklist.com/?list=lr&fileformat=p2p&archiveformat=gz 209 | # Lesotho http://list.iblocklist.com/?list=ls&fileformat=p2p&archiveformat=gz 210 | # Lithuania http://list.iblocklist.com/?list=lt&fileformat=p2p&archiveformat=gz 211 | # Luxembourg http://list.iblocklist.com/?list=lu&fileformat=p2p&archiveformat=gz 212 | Latvia http://list.iblocklist.com/?list=lv&fileformat=p2p&archiveformat=gz 213 | # Libyan_Arab_Jamahiriya http://list.iblocklist.com/?list=ly&fileformat=p2p&archiveformat=gz 214 | # Morocco http://list.iblocklist.com/?list=ma&fileformat=p2p&archiveformat=gz 215 | # Monaco http://list.iblocklist.com/?list=mc&fileformat=p2p&archiveformat=gz 216 | # Moldova_Republic_of http://list.iblocklist.com/?list=md&fileformat=p2p&archiveformat=gz 217 | # Montenegro http://list.iblocklist.com/?list=me&fileformat=p2p&archiveformat=gz 218 | # Saint_Martin http://list.iblocklist.com/?list=mf&fileformat=p2p&archiveformat=gz 219 | # Madagascar http://list.iblocklist.com/?list=mg&fileformat=p2p&archiveformat=gz 220 | # Marshall_Islands http://list.iblocklist.com/?list=mh&fileformat=p2p&archiveformat=gz 221 | # Macedonia http://list.iblocklist.com/?list=mk&fileformat=p2p&archiveformat=gz 222 | # Mali http://list.iblocklist.com/?list=ml&fileformat=p2p&archiveformat=gz 223 | # Myanmar http://list.iblocklist.com/?list=mm&fileformat=p2p&archiveformat=gz 224 | # Mongolia http://list.iblocklist.com/?list=mn&fileformat=p2p&archiveformat=gz 225 | # Macau http://list.iblocklist.com/?list=mo&fileformat=p2p&archiveformat=gz 226 | # Northern_Mariana_Islands http://list.iblocklist.com/?list=mp&fileformat=p2p&archiveformat=gz 227 | # Mauritania http://list.iblocklist.com/?list=mr&fileformat=p2p&archiveformat=gz 228 | # Montserrat http://list.iblocklist.com/?list=ms&fileformat=p2p&archiveformat=gz 229 | # Malta http://list.iblocklist.com/?list=mt&fileformat=p2p&archiveformat=gz 230 | # Mauritius http://list.iblocklist.com/?list=mu&fileformat=p2p&archiveformat=gz 231 | # Maldives http://list.iblocklist.com/?list=mv&fileformat=p2p&archiveformat=gz 232 | # Malawi http://list.iblocklist.com/?list=mw&fileformat=p2p&archiveformat=gz 233 | # Mexico http://list.iblocklist.com/?list=mx&fileformat=p2p&archiveformat=gz 234 | Malaysia http://list.iblocklist.com/?list=my&fileformat=p2p&archiveformat=gz 235 | # Mozambique http://list.iblocklist.com/?list=mz&fileformat=p2p&archiveformat=gz 236 | # Namibia http://list.iblocklist.com/?list=na&fileformat=p2p&archiveformat=gz 237 | # New_Caledonia http://list.iblocklist.com/?list=nc&fileformat=p2p&archiveformat=gz 238 | # Niger http://list.iblocklist.com/?list=ne&fileformat=p2p&archiveformat=gz 239 | # Norfolk_Island http://list.iblocklist.com/?list=nf&fileformat=p2p&archiveformat=gz 240 | # Nigeria http://list.iblocklist.com/?list=ng&fileformat=p2p&archiveformat=gz 241 | # Nicaragua http://list.iblocklist.com/?list=ni&fileformat=p2p&archiveformat=gz 242 | # Netherlands http://list.iblocklist.com/?list=nl&fileformat=p2p&archiveformat=gz 243 | # Norway http://list.iblocklist.com/?list=no&fileformat=p2p&archiveformat=gz 244 | # Nepal http://list.iblocklist.com/?list=np&fileformat=p2p&archiveformat=gz 245 | # Nauru http://list.iblocklist.com/?list=nr&fileformat=p2p&archiveformat=gz 246 | # Niue http://list.iblocklist.com/?list=nu&fileformat=p2p&archiveformat=gz 247 | # New_Zealand http://list.iblocklist.com/?list=nz&fileformat=p2p&archiveformat=gz 248 | # Oman http://list.iblocklist.com/?list=om&fileformat=p2p&archiveformat=gz 249 | # Panama http://list.iblocklist.com/?list=pa&fileformat=p2p&archiveformat=gz 250 | # Peru http://list.iblocklist.com/?list=pe&fileformat=p2p&archiveformat=gz 251 | # French_Polynesia http://list.iblocklist.com/?list=pf&fileformat=p2p&archiveformat=gz 252 | # Papua_New_Guinea http://list.iblocklist.com/?list=pg&fileformat=p2p&archiveformat=gz 253 | # Philippines http://list.iblocklist.com/?list=ph&fileformat=p2p&archiveformat=gz 254 | # Pakistan http://list.iblocklist.com/?list=pk&fileformat=p2p&archiveformat=gz 255 | # Poland http://list.iblocklist.com/?list=pl&fileformat=p2p&archiveformat=gz 256 | # St_Pierre_and_Miquelon http://list.iblocklist.com/?list=pm&fileformat=p2p&archiveformat=gz 257 | # Puerto_Rico http://list.iblocklist.com/?list=pr&fileformat=p2p&archiveformat=gz 258 | # Palestinian_Territory_Occupied http://list.iblocklist.com/?list=ps&fileformat=p2p&archiveformat=gz 259 | Portugal http://list.iblocklist.com/?list=pt&fileformat=p2p&archiveformat=gz 260 | # Palau http://list.iblocklist.com/?list=pw&fileformat=p2p&archiveformat=gz 261 | # Paraguay http://list.iblocklist.com/?list=py&fileformat=p2p&archiveformat=gz 262 | # Qatar http://list.iblocklist.com/?list=qa&fileformat=p2p&archiveformat=gz 263 | # Reunion http://list.iblocklist.com/?list=re&fileformat=p2p&archiveformat=gz 264 | # Romania http://list.iblocklist.com/?list=ro&fileformat=p2p&archiveformat=gz 265 | # Serbia http://list.iblocklist.com/?list=rs&fileformat=p2p&archiveformat=gz 266 | Russia http://list.iblocklist.com/?list=ru&fileformat=p2p&archiveformat=gz 267 | # Rwanda http://list.iblocklist.com/?list=rw&fileformat=p2p&archiveformat=gz 268 | # Saudi_Arabia http://list.iblocklist.com/?list=sa&fileformat=p2p&archiveformat=gz 269 | # Solomon_Islands http://list.iblocklist.com/?list=sb&fileformat=p2p&archiveformat=gz 270 | # Seychelles http://list.iblocklist.com/?list=sc&fileformat=p2p&archiveformat=gz 271 | # Sudan http://list.iblocklist.com/?list=sd&fileformat=p2p&archiveformat=gz 272 | # Sweden http://list.iblocklist.com/?list=se&fileformat=p2p&archiveformat=gz 273 | # Singapore http://list.iblocklist.com/?list=sg&fileformat=p2p&archiveformat=gz 274 | # Slovenia http://list.iblocklist.com/?list=si&fileformat=p2p&archiveformat=gz 275 | # Slovakia_SLOVAK_Republic http://list.iblocklist.com/?list=sk&fileformat=p2p&archiveformat=gz 276 | # Sierra_Leone http://list.iblocklist.com/?list=sl&fileformat=p2p&archiveformat=gz 277 | # San_Marino http://list.iblocklist.com/?list=sm&fileformat=p2p&archiveformat=gz 278 | # Senegal http://list.iblocklist.com/?list=sn&fileformat=p2p&archiveformat=gz 279 | # Suriname http://list.iblocklist.com/?list=sr&fileformat=p2p&archiveformat=gz 280 | # El_Salvador http://list.iblocklist.com/?list=sv&fileformat=p2p&archiveformat=gz 281 | # Syrian_Arab_Republic http://list.iblocklist.com/?list=sy&fileformat=p2p&archiveformat=gz 282 | # Swaziland http://list.iblocklist.com/?list=sz&fileformat=p2p&archiveformat=gz 283 | # Turks_and_Caicos_Islands http://list.iblocklist.com/?list=tc&fileformat=p2p&archiveformat=gz 284 | # Togo http://list.iblocklist.com/?list=tg&fileformat=p2p&archiveformat=gz 285 | # Thailand http://list.iblocklist.com/?list=th&fileformat=p2p&archiveformat=gz 286 | # Tajikistan http://list.iblocklist.com/?list=tj&fileformat=p2p&archiveformat=gz 287 | # Timor-leste http://list.iblocklist.com/?list=tl&fileformat=p2p&archiveformat=gz 288 | # Turkmenistan http://list.iblocklist.com/?list=tm&fileformat=p2p&archiveformat=gz 289 | # Tunisia http://list.iblocklist.com/?list=tn&fileformat=p2p&archiveformat=gz 290 | # Tonga http://list.iblocklist.com/?list=to&fileformat=p2p&archiveformat=gz 291 | # Turkey http://list.iblocklist.com/?list=tr&fileformat=p2p&archiveformat=gz 292 | # Trinidad_and_Tobago http://list.iblocklist.com/?list=tt&fileformat=p2p&archiveformat=gz 293 | # Tuvalu http://list.iblocklist.com/?list=tv&fileformat=p2p&archiveformat=gz 294 | # Taiwan http://list.iblocklist.com/?list=tw&fileformat=p2p&archiveformat=gz 295 | # Tanzania_United_Republic_of http://list.iblocklist.com/?list=tz&fileformat=p2p&archiveformat=gz 296 | # Ukraine http://list.iblocklist.com/?list=ua&fileformat=p2p&archiveformat=gz 297 | # Uganda http://list.iblocklist.com/?list=ug&fileformat=p2p&archiveformat=gz 298 | United_States http://list.iblocklist.com/?list=us&fileformat=p2p&archiveformat=gz 299 | # Uruguay http://list.iblocklist.com/?list=uy&fileformat=p2p&archiveformat=gz 300 | # Uzbekistan http://list.iblocklist.com/?list=uz&fileformat=p2p&archiveformat=gz 301 | # Holy_See_VATICAN_City_State http://list.iblocklist.com/?list=va&fileformat=p2p&archiveformat=gz 302 | # Saint_Vincent_and_The_Grenadines http://list.iblocklist.com/?list=vc&fileformat=p2p&archiveformat=gz 303 | # Venezuela http://list.iblocklist.com/?list=ve&fileformat=p2p&archiveformat=gz 304 | # Virgin_Islands_BRITISH http://list.iblocklist.com/?list=vg&fileformat=p2p&archiveformat=gz 305 | # Virgin_Islands_US http://list.iblocklist.com/?list=vi&fileformat=p2p&archiveformat=gz 306 | # Vietnam http://list.iblocklist.com/?list=vn&fileformat=p2p&archiveformat=gz 307 | # Vanuatu http://list.iblocklist.com/?list=vu&fileformat=p2p&archiveformat=gz 308 | # Wallis_and_Futuna_Islands http://list.iblocklist.com/?list=wf&fileformat=p2p&archiveformat=gz 309 | # Samoa http://list.iblocklist.com/?list=ws&fileformat=p2p&archiveformat=gz 310 | # Yemen http://list.iblocklist.com/?list=ye&fileformat=p2p&archiveformat=gz 311 | South_Africa http://list.iblocklist.com/?list=za&fileformat=p2p&archiveformat=gz 312 | # Zambia http://list.iblocklist.com/?list=zm&fileformat=p2p&archiveformat=gz 313 | # Zimbabwe http://list.iblocklist.com/?list=zw&fileformat=p2p&archiveformat=gz 314 | -------------------------------------------------------------------------------- /root/TEMPLATEs/p2partisan/greylist.txt.tmpl: -------------------------------------------------------------------------------- 1 | # shellcheck shell=bash 2 | ###################################### 3 | # IP Greylist, mix and match any of the following formats 4 | # Single: "X.X.X.X" 5 | # Range: "FIRSTIP-LASTIP" 6 | # FQDN: "bbc.com" 7 | # CIDR: "X.X.X.X/YY" 8 | # NOTE: BOTH PRIVATE & PUBLIC IP ADDRESSES WILL BE CONSIDERED HERE 9 | ###################################### 10 | 11 | #10.0.0.0-10.255.255.255 12 | #172.16.0.0-172.31.255.255 13 | #192.168.0.0-192.168.255.255 14 | #100.64.0.0-100.127.255.255 15 | 16 | #192.168.0.55 17 | #192.168.0.55-192.168.0.58 18 | #192.168.0.55/29 19 | -------------------------------------------------------------------------------- /root/TEMPLATEs/p2partisan/whitelist.txt.tmpl: -------------------------------------------------------------------------------- 1 | ###################################### 2 | # IP Whitelist, mix and match any of the following formats 3 | # Single: "X.X.X.X" 4 | # Range: "FIRSTIP-LASTIP" 5 | # FQDN: "bbc.com" 6 | # CIDR: "X.X.X.X/YY" 7 | # Public whitelist: "name http://URL/file.gz" 8 | # NOTE: BOTH PRIVATE & PUBLIC IP ADDRESSES WILL BE CONSIDERED HERE 9 | ###################################### 10 | 11 | # Common hostnames 12 | update.code.visualstudio.com 13 | code.visualstudio.com 14 | vscode.blob.core.windows.net 15 | marketplace.visualstudio.com 16 | vscode.search.windows.net 17 | go.microsoft.com 18 | github.com 19 | raw.githubusercontent.com 20 | vsmarketplacebadge.apphb.com 21 | 22 | # LAN 23 | #192.168.0.0/24 24 | 192.168.1.0/24 25 | #192.168.254.0/24 26 | 27 | # OpenVPN 28 | #10.0.0.0/24 29 | #10.0.1.0/24 30 | #10.0.2.0/24 31 | -------------------------------------------------------------------------------- /root/TEMPLATEs/vars.tmpl: -------------------------------------------------------------------------------- 1 | # shellcheck shell=bash 2 | ######################################## 3 | #### USB Disk 4 | gsUsbFileSystem="ext4" 5 | gsUsbOptUuid="" 6 | 7 | ######################################## 8 | #### Global 9 | # Locales 10 | gsLocales="en_US" # ex: "fr_FR", check /opt/usr/share/i18n/locales/ 11 | gsTimezone="Europe/Paris" # https://github.com/Entware/Entware/wiki/Using-time-zones 12 | 13 | ######################################## 14 | #### Services 15 | # P2P Artisan 16 | # https://www.linksysinfo.org/index.php?threads/p2partisan-v5-14-v6-08-mass-ip-blocking-peerblock-peerguardian-for-tomato.69128/ 17 | # - Line 7 in p2partisan.sh should be automatically adjusted to your custom path but double check for your peace of mind 18 | # - You might want to have a look at the other parameters set at the beginning of the file just to make sure you're happy with them 19 | # - Edit the whiteports_tcp & whiteports_udp if needed 20 | # - Edit the greyports_tcp & greyports_udp if needed 21 | # - Edit the blacklists file if needed 22 | # - Edit the blacklist-custom if needed 23 | # - Edit the whitelist file if needed 24 | gbP2Partisan_Enable=1 # Off = 0 / On = 1 25 | # All system services ports are already added to whitelist (nvram show 2>/dev/null | grep 'port=') 26 | gsP2Partisan_UdpPorts="" # Whitelist UDP ports separated by commas 27 | gsP2Partisan_TcpPorts="" # Whitelist TCP ports separated by commas 28 | 29 | # DNScrypt-proxy 30 | gbDNScrypt_Enable=1 # Off = 0 / On = 1 31 | gsWan1_DNS="84.200.69.80 84.200.70.40" 32 | gsExternalDns="" 33 | 34 | # Upgrade MyTomato from GitHub repository 35 | gbRepoUpgrade_Enable=1 # Off = 0 / On = 1 36 | 37 | #### Export 38 | export gbP2Partisan_Enable gbDNScrypt_Enable gbRepoUpgrade_Enable 39 | export gsUsbFileSystem gsUsbOptUuid gsLocales gsTimezone gsWan1_DNS gsExternalDns gsP2Partisan_UdpPorts gsP2Partisan_TcpPorts 40 | -------------------------------------------------------------------------------- /version: -------------------------------------------------------------------------------- 1 | v1.0.12 2 | --------------------------------------------------------------------------------