~primalmotion/facefuck

An elegantly named simple script to generate OpenWRT firewall rules to block entire ASNs
b87962e4 — primalmotion 2 years ago 
update README
256f0c4f — primalmotion 2 years ago 
new: better everything
0fc8539b — primalmotion 2 years ago 
update readme

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~primalmotion/facefuck
read/write
git@git.sr.ht:~primalmotion/facefuck

You can also use your local clone with git send-email.

#Facefuck

A very elegant name for a script that I use to generate OpenWRT firewall rules to block AS numbers. Originally made to nuke Facebook from my Internet, this can be used to block any AS number.

#Usage

#Resolve ASNs

First, you need to put the ASN you want to generate blocking rules for into the config file. The format is one ASN per line and lines starting with a # are ignored.

Example:

# Facebook
AS63293
AS32934

This will generate files in ./subnets, one per ASN, containing the list of resolved subnets. You should not edit these files manually.

#Upload new rules to OpenWRT

Then you can apply these rules to a running OpenWRT instance by running:

facefuck.sh apply user@router

This will:

  • remove any previous facefuck rules using uci commands via ssh
  • retrieve the router's /etc/config/firewall file locally using scp
  • append the newly generated rules
  • upload the new file to /etc/config/firewall using scp
  • restart the firewall service via ssh

#Cleanup rules from OpenWRT

You can cleanup the OpenWRT firewall rules by running:

facefuck.sh clean user@router
Do not follow this link