#!/bin/bash ## UPGRADING FROM dfca_0.1.0 ## ========================= ## ## Please mark this file as executable with: # chmod +x UPDATER.sh ## ## ... and then update easily by running: # . UPDATER.sh ## ## In this upgrade, we fix SPACEX' list of IP address ranges to not ## provide false positive warnings in the 8.0.0.0/9 range, let's ## thank a fediverse user at gnulinux.social for discovering this. ## We also add an icon to easily identify AKAMAI connection ## requests, add ALIBABA and TENCENT as DIGITAL FEUDALISTS (I came ## across ALIBABA's ASN by accident. They happen to serve ## 'tesla.io'), and apply the performance improvement to IPv6. ## ## Updating SPACEX IP ranges is trivial with instructions already ## written for such a predictable occurance. Adding ALIBABA and ## TENCENT is less trivial but still easy by using the following ## commands in your bash terminal. Some commands that start with ## 'sudo' will require (su)per user privileges. ## ## The easy steps to do it all... ## secureFolder="/usr/bin/law-DFCA/" ## Checks that you are in the correct directory to start. sleep 1 if [[ "$(shasum -a 256 notify-me-of-firewall-action.sh)" == *29c39494338284e7b3b6ed3339d1ea8012f129280e98d4c8534a8df5adca6d39* ]] ; then echo " ### Version 0.2.0 found..." sleep 1 else echo -n " ### PLEASE RUN THIS SCRIPT FROM INSIDE THE FOLDER: ### dfca_0.2.0/UPGRADING_FROM_0.1.0/" sleep 2 echo " ### ### Aborting" return 1 fi echo " ## 1. Replace old 0.1.0 instructions and add new Akamai icon ## ---------------------------------------------------------" ## ## - While in the folder with the updated txt file, backup the old... mkdir /home/$USER/.law-DFCA/.OLD_0.1.0 mv /home/$USER/.law-DFCA/README_AND_INSTALL_INSTRUCTIONS.txt /home/$USER/.law-DFCA/.OLD_0.1.0/ ## - ...and copy the new cp ../*0.2.0* /home/$USER/.law-DFCA/README_AND_INSTALL_INSTRUCTIONS__0.2.0.txt echo " ## - New (muted) AKAMAI icon into secure folder ($secureFolder)..." sudo bash << EOF echo ' ' > "$secureFolder/akamai.svg" EOF statusCode=$? # the return value of above if [ $statusCode -ne 0 ]; then echo " ## Updating does require sudo privileges. Please read the code, or ## check the cryptographic signature of the update to increase ## your personal trust. If version 0.1.0 was installed fully then ## this update should go swimmingly. If however you wish to step ## through each command individually, that is totally fine. ## ## In order to fight the DIGITAL FEUDALISTS it is best to run the ## latest version of DFCA. ## ## Please run this update again when you are ready. ##" return 1 fi sleep 1 echo " ## 2. Add ALIBABA and TENCENT as DIGITAL FEUDALISTS ## ------------------------------------------------ ## - Copy updated script that generates on-screen notifications, so ## ALIBABA and TENCENT connection attempts are shown with an ## icon (requires restart):" sudo cp -f notify-me-of-firewall-action.sh "$secureFolder/notify-me-of-firewall-action.sh" echo " ## - Add folders for the feudalists..." cd /home/$USER/.law-DFCA/ && mkdir Alibaba Tencent ## - Add the warnings touch {Alibaba,Tencent}/ENSURE_ONLY_ONE-set-of-IPv4-and-v6-addresses-in-folder-or-iptables-will-get-slow echo " ## - Add the collapsed IP Address Ranges (CIDR)..." ## First ALIBABA's IPv4 (a space is added so this multi-line ## command does not fill your bash history, if you choose to ## run each command individually.): echo '5.181.224.0/23 8.128.0.0/10 8.208.0.0/12 14.1.112.0/22 39.96.0.0/13 39.104.0.0/14 39.108.0.0/16 42.96.128.0/17 42.120.0.0/15 42.156.128.0/17 43.0.0.0/9 43.227.188.0/22 43.230.32.0/22 43.242.168.0/22 43.250.12.0/22 45.112.208.0/20 45.113.40.0/22 45.158.183.0/24 45.196.28.0/24 45.199.179.0/24 47.52.0.0/16 47.56.0.0/15 47.74.0.0/15 47.76.0.0/14 47.80.0.0/12 47.99.0.0/16 47.100.0.0/14 47.104.0.0/13 47.112.0.0/12 47.235.0.0/16 47.236.0.0/14 47.240.0.0/14 47.244.0.0/15 47.246.0.0/16 47.250.0.0/15 47.252.0.0/15 47.254.0.0/16 59.82.0.0/16 59.110.0.0/16 60.205.0.0/16 62.128.96.0/22 72.254.0.0/16 89.219.0.0/22 91.192.106.0/23 101.37.0.0/16 101.132.0.0/15 101.200.0.0/15 103.15.96.0/22 103.38.56.0/22 103.41.140.0/22 103.47.4.0/22 103.49.76.0/22 103.52.72.0/21 103.52.80.0/21 103.52.196.0/22 103.81.186.0/23 103.142.8.0/23 103.142.100.0/23 103.145.72.0/24 103.151.206.0/23 103.183.154.0/23 103.206.40.0/22 103.212.44.0/22 103.216.108.0/22 106.11.0.0/16 106.14.0.0/15 110.75.128.0/17 110.76.0.0/18 110.173.192.0/19 112.74.0.0/16 112.124.0.0/14 114.55.0.0/16 114.215.0.0/16 115.28.0.0/15 115.124.16.0/20 116.62.0.0/16 116.251.64.0/18 117.49.0.0/16 118.31.0.0/16 118.178.0.0/16 118.190.0.0/16 119.23.0.0/16 119.38.208.0/20 119.38.224.0/20 119.42.224.0/19 120.24.0.0/14 120.55.0.0/16 120.76.0.0/14 121.0.16.0/20 121.40.0.0/14 121.89.0.0/16 121.196.0.0/14 122.254.76.0/23 123.56.0.0/15 139.5.160.0/22 139.95.0.0/16 139.129.0.0/16 139.196.0.0/16 139.224.0.0/16 140.205.0.0/16 147.139.0.0/16 149.129.0.0/16 154.89.65.0/24 154.89.66.0/23 154.89.68.0/22 154.89.72.0/21 154.89.80.0/20 154.89.96.0/19 154.212.168.0/21 154.212.176.0/20 154.212.192.0/18 154.220.64.0/18 155.102.0.0/16 156.224.138.0/24 156.225.132.0/22 156.225.136.0/21 156.225.144.0/20 156.226.24.0/21 156.226.32.0/19 156.227.20.0/24 156.236.12.0/24 156.236.17.0/24 156.240.76.0/23 156.244.64.0/18 156.245.1.0/24 156.245.32.0/19 156.250.4.0/22 156.250.8.0/21 156.250.16.0/20 157.119.192.0/22 157.119.240.0/22 161.117.0.0/16 163.181.0.0/16 170.33.0.0/16 182.92.0.0/16 185.78.106.0/23 185.218.176.0/22 198.11.128.0/18 198.44.244.0/22 202.61.84.0/22 202.144.199.0/24 203.107.0.0/17 203.119.128.0/17 203.209.224.0/19 205.204.96.0/19 218.244.128.0/19 223.4.0.0/14' > Alibaba/202305_02_ali-CIDRCollapsed.txt ## Then Alibaba's IPv6: echo '2400:3200::/32 2400:b200::/32 2401:2e00::/32 2401:8680::/32 2401:b180::/32 2403:28c0::/32 2404:2280::/32 2405:e000::/32 2406:1880::/32 2406:2880::/32 2407:bc00::/32 2408:4000::/22 240b:4000::/22 2600:3100::/28 2a0b:da40::/29' > Alibaba/202305_02_ali-IPv6-CIDRCollapsed.txt ## TENCENT ## ------- ## Investigations show that this DIGITAL FEUDALIST uses the following ## ASNs (see EXAMPLE INSTRUCTIONS in README to produce a list from ASNs): ## ## AS45090 (over 6 million IPv4) echo '1.12.0.0/14 1.116.0.0/15 42.187.128.0/17 42.192.0.0/15 42.194.128.0/17 43.136.0.0/13 43.144.0.0/15 43.176.0.0/12 43.242.252.0/22 43.247.196.0/22 45.40.192.0/18 49.232.0.0/14 58.87.64.0/18 62.234.0.0/16 81.68.0.0/14 82.156.0.0/15 94.191.0.0/17 101.33.128.0/17 101.34.0.0/15 101.42.0.0/15 103.38.116.0/22 103.238.16.0/22 106.52.0.0/14 109.244.0.0/16 110.40.128.0/17 110.42.128.0/17 111.30.128.0/21 111.30.136.0/24 111.30.139.0/24 111.30.140.0/23 111.229.0.0/16 111.230.0.0/15 114.117.0.0/16 114.132.0.0/16 115.159.0.0/16 118.24.0.0/15 118.89.0.0/16 118.126.64.0/18 118.195.128.0/17 119.27.160.0/19 119.28.28.0/24 119.29.0.0/16 119.45.0.0/16 119.91.0.0/16 120.53.0.0/16 121.4.0.0/15 121.51.0.0/16 122.51.0.0/16 122.152.192.0/18 123.206.0.0/15 124.220.0.0/14 128.108.0.0/16 129.28.0.0/16 129.204.0.0/16 129.211.0.0/16 132.232.0.0/16 134.175.0.0/16 139.155.0.0/16 139.186.0.0/16 139.199.0.0/16 140.143.0.0/16 146.56.192.0/18 148.70.0.0/16 150.158.0.0/16 152.136.0.0/16 154.8.128.0/17 159.75.0.0/16 162.14.0.0/16 172.81.192.0/18 175.24.0.0/16 175.27.0.0/16 175.178.0.0/16 182.254.0.0/16 188.131.128.0/17 192.144.128.0/17 193.112.0.0/16 203.195.128.0/17 203.205.128.0/17 210.73.160.0/19 211.159.128.0/17 212.64.0.0/17 212.129.128.0/17' > Tencent/202305_02_tenc-CIDRCollapsed.txt ## Tencent's IPv6 echo '2402:4e00::/32' > Tencent/202305_02_tenc-IPv6-CIDRCollapsed.txt echo " ## Determine whether you previously chose an on-screen ## notification burst of 2 or 3..." if [[ $(sudo iptables -t nat -L DFCA__LOGGING__MICROSOFT | grep "burst 2") ]]; then \ DFCA_ALERTS__limitBurst=2; \ else \ DFCA_ALERTS__limitBurst=3; \ fi echo " ## - Determining the insert positions..." ## ## TENCENT and ALIBABA are placed after SPACEX (127.1.66.66) but ## before FACEBOOK (127.1.66.67), so we (I)nsert the check at ## position where FACEBOOK is, thus pushing APPLE down. The `sed' ## part of the command clears everything after and including the ## 'space' character, as explained in the main txt file. insertPosn__natOutput=$(sudo iptables -t nat -L OUTPUT -n --line-numbers | grep "DFCA__FACEBOOK" | sed 's/ .*//g') insertPosn__output=$( sudo iptables -L OUTPUT -n --line-numbers | grep "127.1.66.67" | sed 's/ .*//g') echo " ## - Add the feudalists to the (first IPv4) firewall in reverse (insert) ## order..." ## Thus starting with ALIBABA. sudo iptables -t nat -N DFCA__ALIBABA sudo iptables -t nat -I OUTPUT $insertPosn__natOutput -j DFCA__ALIBABA sudo iptables -t nat -N DFCA__LOGGING__ALIBABA sudo iptables -t nat -F DFCA__ALIBABA # Ensure rule-set is (F)lushed/empty (will be on first run) sudo iptables -t nat -F DFCA__LOGGING__ALIBABA # '' grep -E -ho '([0-9]{1,3}\.){3}[0-9]{1,3}(/[0-9]{1,2})?' Alibaba/?*ali-CIDR?* | xargs echo | sed 's/ /, /g' | xargs -I{} sudo iptables -t nat -A DFCA__ALIBABA -d {} -j DFCA__LOGGING__ALIBABA sudo iptables -t nat -A DFCA__LOGGING__ALIBABA -m limit --limit 1/sec --limit-burst $DFCA_ALERTS__limitBurst -j LOG --log-uid --log-prefix "Alibaba outgoing blocked: " --log-level 4 sudo iptables -t nat -A DFCA__LOGGING__ALIBABA -j DNAT --to 127.1.66.69 sudo iptables -I OUTPUT $insertPosn__output -d 127.1.66.69 -j REJECT ## TENCENT sudo iptables -t nat -N DFCA__TENCENT sudo iptables -t nat -I OUTPUT $insertPosn__natOutput -j DFCA__TENCENT sudo iptables -t nat -N DFCA__LOGGING__TENCENT sudo iptables -t nat -F DFCA__TENCENT sudo iptables -t nat -F DFCA__LOGGING__TENCENT grep -E -ho '([0-9]{1,3}\.){3}[0-9]{1,3}(/[0-9]{1,2})?' Tencent/?*tenc-CIDR?* | xargs echo | sed 's/ /, /g' | xargs -I{} sudo iptables -t nat -A DFCA__TENCENT -d {} -j DFCA__LOGGING__TENCENT sudo iptables -t nat -A DFCA__LOGGING__TENCENT -m limit --limit 1/sec --limit-burst $DFCA_ALERTS__limitBurst -j LOG --log-uid --log-prefix "Tencent outgoing blocked: " --log-level 4 sudo iptables -t nat -A DFCA__LOGGING__TENCENT -j DNAT --to 127.16.66.10 sudo iptables -I OUTPUT $insertPosn__output -d 127.16.66.10 -j REJECT echo -n " ## - Sanity check (ipv4) in case of (accidental) re-run of 'UPDATER.sh'..." if (( $(sudo iptables -t nat -L OUTPUT -n --line-numbers | grep -c "DFCA__ALIBABA") > 1 )) ; then echo " RE-RUN DETECTED. ## ## - Removing previous additions to OUTPUT tables... " ## Ie. two FEUDALISTS per rulechain on this occasion. sudo iptables -t nat -D OUTPUT $(( $insertPosn__natOutput - 2 )) sudo iptables -t nat -D OUTPUT $(( $insertPosn__natOutput - 2 )) sudo iptables -D OUTPUT $(( $insertPosn__output - 2 )) sudo iptables -D OUTPUT $(( $insertPosn__output - 2 )) else echo " none detected." fi echo " ## - Now IPv6 (same methodology as v4)..." ## Let's make it obvious we're using ip6-(six)-tables ipt6=ip6tables ## Determine insert positions as above insertPosn__v6NatOutput=$(sudo $ipt6 -t nat -L OUTPUT -n --line-numbers | grep "DFCA__FACEBOOK" | sed 's/ .*//g') insertPosn__v6Output=$( sudo $ipt6 -L OUTPUT -n --line-numbers | grep "fe80:666:7::" | sed 's/ .*//g') ## - Add to (IPv6) firewall, first ALIBABA... sudo $ipt6 -t nat -N DFCA__ALIBABA sudo $ipt6 -t nat -I OUTPUT $insertPosn__v6NatOutput -j DFCA__ALIBABA sudo $ipt6 -t nat -N DFCA__LOGGING__ALIBABA sudo $ipt6 -t nat -F DFCA__ALIBABA sudo $ipt6 -t nat -F DFCA__LOGGING__ALIBABA grep -E -ho "$(cat IPV6_REGEX.txt)" Alibaba/?*ali-IPv6-CIDR?* | xargs echo | sed 's/ /, /g' | xargs -I{} sudo $ipt6 -t nat -A DFCA__ALIBABA -d {} -j DFCA__LOGGING__ALIBABA sudo $ipt6 -t nat -A DFCA__LOGGING__ALIBABA -m limit --limit 1/sec --limit-burst $DFCA_ALERTS__limitBurst -j LOG --log-uid --log-prefix "Alibaba IPv6 out blocked: " --log-level 4 sudo $ipt6 -t nat -A DFCA__LOGGING__ALIBABA -j DNAT --to fe80:666:9:: sudo $ipt6 -I OUTPUT $insertPosn__v6Output -d fe80:666:9:: -j REJECT ## - ...then TENCENT. sudo $ipt6 -t nat -N DFCA__TENCENT sudo $ipt6 -t nat -I OUTPUT $insertPosn__v6NatOutput -j DFCA__TENCENT sudo $ipt6 -t nat -N DFCA__LOGGING__TENCENT sudo $ipt6 -t nat -F DFCA__TENCENT sudo $ipt6 -t nat -F DFCA__LOGGING__TENCENT grep -E -ho "$(cat IPV6_REGEX.txt)" Tencent/?*tenc-IPv6-CIDR?* | xargs echo | sed 's/ /, /g' | xargs -I{} sudo $ipt6 -t nat -A DFCA__TENCENT -d {} -j DFCA__LOGGING__TENCENT sudo $ipt6 -t nat -A DFCA__LOGGING__TENCENT -m limit --limit 1/sec --limit-burst $DFCA_ALERTS__limitBurst -j LOG --log-uid --log-prefix "Tencent IPv6 out blocked: " --log-level 4 sudo $ipt6 -t nat -A DFCA__LOGGING__TENCENT -j DNAT --to fe80:666:10:: sudo $ipt6 -I OUTPUT $insertPosn__v6Output -d fe80:666:10:: -j REJECT echo -n " ## - Sanity check (ipv6) in case of accidental re-run of update..." if (( $(sudo $ipt6 -t nat -L OUTPUT -n --line-numbers | grep -c "DFCA__ALIBABA") > 1 )) ; then echo " RE-RUN DETECTED. ## ## - Removing previous additions to OUTPUT tables... " sudo $ipt6 -t nat -D OUTPUT $(( $insertPosn__v6NatOutput - 2 )) sudo $ipt6 -t nat -D OUTPUT $(( $insertPosn__v6NatOutput - 2 )) sudo $ipt6 -D OUTPUT $(( $insertPosn__v6Output - 2 )) sudo $ipt6 -D OUTPUT $(( $insertPosn__v6Output - 2 )) else echo " none detected." fi echo " ## 3. Update SPACEX ## ----------------" ## - Find the updated list in: ## /UPGRADING_FROM_V0.1.0/202302_02_spacex-CIDRCollapsed.txt ## - Notice that we have not updated the month because we are still ## using February data - just using it properly. Follow the UPDATING ## section in the README to easily update. ```````` ## - But if you are feeling lazy... echo '8.21.14.0/24 8.25.194.0/23 8.25.196.0/23 8.45.124.0/24 8.47.24.0/24 8.244.0.0/14 12.0.0.0/8 31.40.130.0/24 31.130.128.0/19 45.146.40.0/24 45.151.60.0/22 62.67.197.0/24 64.63.0.0/18 65.181.0.0/19 69.195.160.0/24 69.195.162.0/23 69.195.164.0/23 69.195.166.0/24 69.195.168.0/23 69.195.171.0/24 69.195.172.0/24 69.195.174.0/23 69.195.176.0/23 69.195.179.0/24 69.195.180.0/22 69.195.184.0/22 77.50.0.0/16 77.233.192.0/19 77.243.96.0/20 81.17.144.0/20 83.150.204.0/24 91.102.180.0/22 91.204.128.0/22 91.221.43.0/24 94.141.160.0/19 98.97.0.0/18 98.97.64.0/21 98.97.72.0/22 98.97.76.0/23 98.97.80.0/20 98.97.96.0/19 98.97.128.0/18 102.215.56.0/23 102.215.58.0/24 103.152.126.0/23 103.171.118.0/24 103.235.92.0/22 103.252.112.0/22 104.244.40.0/23 104.244.42.0/24 104.244.44.0/22 113.29.1.176/30 113.29.105.136/30 129.222.0.0/16 135.129.0.0/18 135.129.120.0/23 138.84.32.0/19 143.131.0.0/20 145.224.64.0/18 149.19.108.0/23 149.19.164.0/22 149.19.168.0/21 149.106.192.0/19 162.43.192.0/22 168.195.100.0/22 169.155.224.0/19 170.203.64.0/19 170.203.192.0/19 176.116.124.0/23 177.55.224.0/20 185.45.4.0/22 185.135.182.0/24 185.185.140.0/22 188.64.224.0/21 188.92.248.0/21 188.95.144.0/23 190.109.64.0/22 192.44.69.0/24 192.95.64.0/24 192.133.76.0/22 193.105.70.0/24 198.54.100.0/22 199.16.156.0/22 199.43.255.0/24 199.59.148.0/22 199.66.8.0/22 199.96.56.0/21 199.120.32.0/20 199.120.48.0/21 199.120.56.0/23 202.160.128.0/22 203.31.23.0/24 204.48.8.0/24 205.234.11.0/24 206.83.96.0/19 206.214.224.0/20 206.224.64.0/20 206.224.80.0/21 206.224.88.0/22 206.224.95.0/24 207.140.0.0/15 209.133.79.0/24 209.198.128.0/21 209.198.136.0/23 209.198.138.0/24 209.198.140.0/23 209.237.192.0/21 209.237.200.0/22 209.237.220.0/23 209.237.222.0/24 213.19.141.0/24 213.244.145.0/24 216.128.0.0/19 216.147.120.0/21 217.65.136.0/21' > SpaceX/202302_02_spacex-CIDRCollapsed.txt echo " ## - (F)lush the old SPACEX rules out of the firewall..." sudo iptables -t nat -F DFCA__SPACEX echo " ## ...and re-add the correct ones (this command is explained in the README)..." grep -E -ho '([0-9]{1,3}\.){3}[0-9]{1,3}(/[0-9]{1,2})?' SpaceX/?*spacex-CIDR?* | xargs echo | sed 's/ /, /g' | xargs -I{} sudo iptables -t nat -A DFCA__SPACEX -d {} -j DFCA__LOGGING__SPACEX echo " ## 4. Apply performance improvement to IPv6 ## ----------------------------------------" echo -n " ## - Probably pointless sanity check for \"IPv6 performance\" tweaks in ## case of (accidental) re-run of this script..." sleep 1 if (( $(sudo $ipt6 -L OUTPUT -n --line-numbers | \ grep -ce "^1 .*ACCEPT .*0 .*-- .*::/0 .*::/0 [[:space:]]*$") > 0 && $(sudo $ipt6 -L OUTPUT -n --line-numbers | \ grep -ce "^2 .*ACCEPT .*0 .*-- .*::/0 .*::/0 .*state RELATED,ESTABLISHED$") > 0 )) ; then echo " RE-RUN DETECTED (doing nothing)." else echo " success." if (( $(sudo $ipt6 -L OUTPUT -n --line-numbers | \ grep -ce "^1 .*REJECT .*0 .*-- .*::/0 .*fe80:666:: .*reject-with icmp6-port-unreachable$") < 1 )) ; then echo -n " ## - Deviation from expected firewall rule-chain detected... ## - Expected first line from command 'sudo ip6tables -L OUTPUT -n --line-numbers' is: 1 REJECT 0 -- ::/0 fe80:666:: reject-with icmp6-port-unreachable ## ## ...but another result was detected. ## ## - PROCEEDING WITH UNCONTROVERSIAL ADDITION/UPDATE ANYWAY BUT IT MAY BE ## WISE TO CHECK YOUR ip6tables RULE-CHAIN. ## ************************************************************** ##" sleep 5 fi # Add the actual basic rules :P sudo $ipt6 -I OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT sudo $ipt6 -I OUTPUT -o lo -j ACCEPT fi echo " ## - Save firewall settings for startup..." sudo iptables-save -f /etc/iptables/iptables.rules # Archlinux/Gentoo saving method, or sudo service iptables save # Debian saving method sudo $ipt6-save -f /etc/iptables/$ipt6.rules # Archlinux/Gentoo saving method, or sudo service $ipt6 save # Debian saving method sleep 1 echo " ## Congrats on your upgrade! ## ------------------------- ## Together we can blacklist the DIGITAL FEUDALISTS into oblivion!" echo " ## IMPORTANT: You'll need to logout and in again (or restart) to get the full ## benefit of this update. Although it will begin blocking ALIBABA and ## TENCENT immediately, the on-screen notifications process will not ## display the chosen icons for them until you re-login or reset." sleep 4 echo " ## Testing that it is working (both blocking and showing an alert)..." wget https://81.68.0.123 # ...to test TENCENT. wget https://119.38.224.0 # Test ALIBABA (again, you'll need to reset to see better icons.) statusCode=$? # the return value of above if [ $statusCode -eq 0 ]; then echo " ## ************************************************************************** ## WARNING: Test request to DIGITAL FEUDALIST **not** refused! ## ## Please try: sudo iptables -t nat -L OUTPUT -n --line-numbers # see a (j)ump to DFCA_TENCENT and ALIBABA rules here? sudo iptables -L OUTPUT -n --line-numbers # see 127.1.66.69 and 127.16.66.10 rejected here? sudo iptables -L DFCA_TENCENT -n --line-numbers # see blocked TENCENT IP Address Ranges here? ## If you answered no to any of the questions please find help. ## ************************************************************************** ##" else echo " ## - Success! ##" fi sleep 3 echo " ## - Open the README using your favourite text editor and share it with ## your friends and family. If you have any trouble and start afresh ## follow these instructions. " sleep 8 nautilus /home/$USER/.law-DFCA/README_AND_INSTALL_INSTRUCTIONS__0.2.0.txt & thunar /home/$USER/.law-DFCA/README_AND_INSTALL_INSTRUCTIONS__0.2.0.txt & dolphin /home/$USER/.law-DFCA/README_AND_INSTALL_INSTRUCTIONS__0.2.0.txt & nemo /home/$USER/.law-DFCA/README_AND_INSTALL_INSTRUCTIONS__0.2.0.txt &