DDWRT scripts

[PoorManQ45]

who's running ddwrt, and what scripts are you running?

Here are the two i'm using:

This one acts as a web filter. It blocks connections to every website on this list http://www.mvps.org/winhelp2002/hosts.txt

No matter what OS you're using it'll block traffic to those sites

Startup ScriptQuote »logger WAN UP Script Executingsleep 5test -s /tmp/dlhostsif [ $? == 1 ] ; then echo -e "#!/bin/sh\nwget -O - http://www.mvps.org/winhelp2002/hosts.txt | grep 127.0.0.1 | sed -e '2,\$s/127.0.0.1/0.0.0.0/g' -e 's/[[:space:]]*#.*$//' > /etc/hosts\nlogger DOWNLOADED http://www.mvps.org/winhelp2002/hosts.txt\nkillall -1 dnsmasq" > /tmp/dlhosts chmod 777 /tmp/dlhosts /tmp/dlhostsfiecho "45 23 * * 5 root /tmp/dlhosts" >> /tmp/crontab[/quote]This one basically tells the router to reject all incoming unsolicited requests for information. Or rather, it just drops them, so the requester doesn't even know it's there.

Firewall ScriptQuote »#!/bin/sh

#

# # Enjoy your enhanced security,#

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_allecho 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcastsecho 1 > /proc/sys/net/ipv4/ip_forward

# the following two parametes will break at least emule and are way too low to make sense.#echo 1024 > /proc/sys/net/ipv4/ipfrag_high_thresh#echo 512 > /proc/sys/net/ipv4/ipfrag_low_thresh echo 64000 > /proc/sys/net/ipv4/ipfrag_high_threshecho 48000 > /proc/sys/net/ipv4/ipfrag_low_thresh #

echo 10 > /proc/sys/net/ipv4/ipfrag_time echo 5 > /proc/sys/net/ipv4/icmp_ratelimitecho 1 > /proc/sys/net/ipv4/tcp_syncookiesecho 0 > /proc/sys/net/ipv4/conf/eth1/accept_source_routeecho 0 > /proc/sys/net/ipv4/conf/eth1/accept_redirects echo 1 > /proc/sys/net/ipv4/conf/eth1/log_martians echo 10 > /proc/sys/net/ipv4/neigh/eth1/locktimeecho 0 > /proc/sys/net/ipv4/conf/eth1/proxy_arpecho 50 > /proc/sys/net/ipv4/neigh/eth1/gc_stale_time

## The following entries secure the last bit and provide a# moderate protection against man-in-the-middle attacks.#

echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirectsecho 0 > /proc/sys/net/ipv4/conf/eth1/secure_redirectsecho 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responsesecho 5 > /proc/sys/net/ipv4/igmp_max_membershipsecho 2 > /proc/sys/net/ipv4/igmp_max_msfecho 1024 > /proc/sys/net/ipv4/tcp_max_orphansecho 2 > /proc/sys/net/ipv4/tcp_syn_retriesecho 2 > /proc/sys/net/ipv4/tcp_synack_retriesecho 1 > /proc/sys/net/ipv4/tcp_abort_on_overflowecho 10 > /proc/sys/net/ipv4/tcp_fin_timeoutecho 0 > /proc/sys/net/ipv4/route/redirect_numberecho 1 > /proc/sys/net/ipv4/conf/all/rp_filterecho 1 > /proc/sys/net/ipv4/conf/eth1/rp_filterecho 1 > /proc/sys/net/ipv4/tcp_syncookiesecho 0 > /proc/sys/net/ipv4/conf/all/accept_source_routeecho 61 > /proc/sys/net/ipv4/ip_default_ttl

# DoS protection by tweaking the timeoutsecho "1800" > /proc/sys/net/ipv4/tcp_keepalive_timeecho "0" > /proc/sys/net/ipv4/tcp_window_scalingecho "0" > /proc/sys/net/ipv4/tcp_sack

# We pretend to be a Checkpoint firewall on Windows XPecho 4096 87380 4194304 >/proc/sys/net/ipv4/tcp_rmemecho 4096 87380 4194304 >/proc/sys/net/ipv4/tcp_wmem

# Check network overload (explicit congestion notification)echo 1 > /proc/sys/net/ipv4/tcp_ecn

# Change port range for outgoing trafficecho "30000 60000" > /proc/sys/net/ipv4/ip_local_port_range

# Change default queue size# Modified for DD-WRT because of missing proc entries

echo 4096 > /proc/sys/net/ipv4/ip_conntrack_max

# LED signal feedback when script endssleep 1gpio enable 3sleep 1gpio disable 3sleep 1gpio enable 3sleep 1gpio disable 2sleep 1gpio enable 2sleep 1gpio disable 2

# If you'd like to disable the web interface uncomment# the following line#killall httpd[/quote]

[Infinitiguy19]

Now running DDWRT.

I added some of your scripts but how do I delete them if needed?

[PoorManQ45]

Click on edit right underneath the script you want to delete. Then highlight everything in the box and delete it.

Then click save on the corresponding button. Firewall or startup

[WOLFANATOR13]

im running ddwrt, but im running to to reprogram the router to be a repeater, and it connects to the strongest fastest wireless connection every 3 minutes.i live in philly where there are many unsecure wireless signals, and i "borrow" everyone elses internet, mainly from the business's across the street. been saving me money now for 2 years. ill get the auto script then.

[WOLFANATOR13]

running your scripts, but now when i runn the startup on, everytime i go to a web page all and any of them, i can a pop up window saying "alert" "the connection to the server was reset while the page was loading."
Modified by WOLFANATOR13 at 12:58 PM 4/23/2009

[PoorManQ45]

hahahah. That's funny.

I would only recommend running the second script. The first one connects to a nazi like blocking script