unsender/dfca
unsender/dfca
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity
dfca/digital-feudalism-counter-action/UPGRADING/FROM_0.1.0/UPDATER.sh
Unsender 83e28b2536
Made repo 
- Tried to make the README.md instructions as user friendly as possible.
  - Covers the PGP aspect which did need explaining.
  - Mentions the need for software hygiene.
- Folder structure in git repo is better than current 'tar' file structure.
  - Git repo structure TO BE ADOPTED for any future version
2023-06-10 05:34:37 +09:30

739 lines
20 KiB
Bash
Raw Blame History

#!/bin/bash
## UPGRADING FROM dfca_0.1.0
## =========================
##
## Please mark this file as executable with:
# chmod +x UPDATER.sh
##
## ... and then update easily by running:
# . UPDATER.sh
##
## In this upgrade, we fix SPACEX' list of IP address ranges to not
## provide false positive warnings in the 8.0.0.0/9 range, let's
## thank a fediverse user at gnulinux.social for discovering this.
## We also add an icon to easily identify AKAMAI connection
## requests, add ALIBABA and TENCENT as DIGITAL FEUDALISTS (I came
## across ALIBABA's ASN by accident. They happen to serve
## 'tesla.io'), and apply the performance improvement to IPv6.
##
## Updating SPACEX IP ranges is trivial with instructions already
## written for such a predictable occurance. Adding ALIBABA and
## TENCENT is less trivial but still easy by using the following
## commands in your bash terminal. Some commands that start with
## 'sudo' will require (su)per user privileges.
##
## The easy steps to do it all...
##
secureFolder="/usr/bin/law-DFCA/"
## Checks that you are in the correct directory to start.
sleep 1
if [[ "$(shasum -a 256 notify-me-of-firewall-action.sh)" == *29c39494338284e7b3b6ed3339d1ea8012f129280e98d4c8534a8df5adca6d39* ]] ; then
echo "
### Version 0.2.0 found..."
sleep 1
else
echo -n "
### PLEASE RUN THIS SCRIPT FROM INSIDE THE FOLDER:
### dfca_0.2.0/UPGRADING_FROM_0.1.0/"
sleep 2
echo "
###
### Aborting"
return 1
fi
echo "
## 1. Replace old 0.1.0 instructions and add new Akamai icon
## ---------------------------------------------------------"
##
## - While in the folder with the updated txt file, backup the old...
mkdir /home/$USER/.law-DFCA/.OLD_0.1.0
mv /home/$USER/.law-DFCA/README_AND_INSTALL_INSTRUCTIONS.txt /home/$USER/.law-DFCA/.OLD_0.1.0/
## - ...and copy the new
cp ../*0.2.0* /home/$USER/.law-DFCA/README_AND_INSTALL_INSTRUCTIONS__0.2.0.txt
echo "
## - New (muted) AKAMAI icon into secure folder ($secureFolder)..."
sudo bash << EOF
echo '<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" version="1.1">
<path style="fill-opacity:1;fill:#6b7999;" d="M 8.24,2.071 A 4.975,4.979 0 0 0 3.82,7.551 4.975,4.979 0 0 0 9.042,11.984 4.144,4.147 0 0 1 6.221,8.498 4.144,4.147 0 0 1 9.902,3.934 4.144,4.147 0 0 1 13.434,5.3 4.975,4.979 0 0 0 8.24,2.071 Z" />
<path style="fill:none;stroke:#cb7e3f;stroke-width:2.1839;stroke-opacity:1" d="M 3.482,14.369 9.672,6.853 H 10.634 L 10.609,13.562" />
</svg>
' > "$secureFolder/akamai.svg"
EOF
statusCode=$? # the return value of above
if [ $statusCode -ne 0 ]; then
echo "
## Updating does require sudo privileges. Please read the code, or
## check the cryptographic signature of the update to increase
## your personal trust. If version 0.1.0 was installed fully then
## this update should go swimmingly. If however you wish to step
## through each command individually, that is totally fine.
##
## In order to fight the DIGITAL FEUDALISTS it is best to run the
## latest version of DFCA.
##
## Please run this update again when you are ready.
##"
return 1
fi
sleep 1
echo "
## 2. Add ALIBABA and TENCENT as DIGITAL FEUDALISTS
## ------------------------------------------------
## - Copy updated script that generates on-screen notifications, so
## ALIBABA and TENCENT connection attempts are shown with an
## icon (requires restart):"
sudo cp -f notify-me-of-firewall-action.sh "$secureFolder/notify-me-of-firewall-action.sh"
echo "
## - Add folders for the feudalists..."
cd /home/$USER/.law-DFCA/ && mkdir Alibaba Tencent
## - Add the warnings
touch {Alibaba,Tencent}/ENSURE_ONLY_ONE-set-of-IPv4-and-v6-addresses-in-folder-or-iptables-will-get-slow
echo "
## - Add the collapsed IP Address Ranges (CIDR)..."
## First ALIBABA's IPv4 (a space is added so this multi-line
## command does not fill your bash history, if you choose to
## run each command individually.):
echo '5.181.224.0/23
8.128.0.0/10
8.208.0.0/12
14.1.112.0/22
39.96.0.0/13
39.104.0.0/14
39.108.0.0/16
42.96.128.0/17
42.120.0.0/15
42.156.128.0/17
43.0.0.0/9
43.227.188.0/22
43.230.32.0/22
43.242.168.0/22
43.250.12.0/22
45.112.208.0/20
45.113.40.0/22
45.158.183.0/24
45.196.28.0/24
45.199.179.0/24
47.52.0.0/16
47.56.0.0/15
47.74.0.0/15
47.76.0.0/14
47.80.0.0/12
47.99.0.0/16
47.100.0.0/14
47.104.0.0/13
47.112.0.0/12
47.235.0.0/16
47.236.0.0/14
47.240.0.0/14
47.244.0.0/15
47.246.0.0/16
47.250.0.0/15
47.252.0.0/15
47.254.0.0/16
59.82.0.0/16
59.110.0.0/16
60.205.0.0/16
62.128.96.0/22
72.254.0.0/16
89.219.0.0/22
91.192.106.0/23
101.37.0.0/16
101.132.0.0/15
101.200.0.0/15
103.15.96.0/22
103.38.56.0/22
103.41.140.0/22
103.47.4.0/22
103.49.76.0/22
103.52.72.0/21
103.52.80.0/21
103.52.196.0/22
103.81.186.0/23
103.142.8.0/23
103.142.100.0/23
103.145.72.0/24
103.151.206.0/23
103.183.154.0/23
103.206.40.0/22
103.212.44.0/22
103.216.108.0/22
106.11.0.0/16
106.14.0.0/15
110.75.128.0/17
110.76.0.0/18
110.173.192.0/19
112.74.0.0/16
112.124.0.0/14
114.55.0.0/16
114.215.0.0/16
115.28.0.0/15
115.124.16.0/20
116.62.0.0/16
116.251.64.0/18
117.49.0.0/16
118.31.0.0/16
118.178.0.0/16
118.190.0.0/16
119.23.0.0/16
119.38.208.0/20
119.38.224.0/20
119.42.224.0/19
120.24.0.0/14
120.55.0.0/16
120.76.0.0/14
121.0.16.0/20
121.40.0.0/14
121.89.0.0/16
121.196.0.0/14
122.254.76.0/23
123.56.0.0/15
139.5.160.0/22
139.95.0.0/16
139.129.0.0/16
139.196.0.0/16
139.224.0.0/16
140.205.0.0/16
147.139.0.0/16
149.129.0.0/16
154.89.65.0/24
154.89.66.0/23
154.89.68.0/22
154.89.72.0/21
154.89.80.0/20
154.89.96.0/19
154.212.168.0/21
154.212.176.0/20
154.212.192.0/18
154.220.64.0/18
155.102.0.0/16
156.224.138.0/24
156.225.132.0/22
156.225.136.0/21
156.225.144.0/20
156.226.24.0/21
156.226.32.0/19
156.227.20.0/24
156.236.12.0/24
156.236.17.0/24
156.240.76.0/23
156.244.64.0/18
156.245.1.0/24
156.245.32.0/19
156.250.4.0/22
156.250.8.0/21
156.250.16.0/20
157.119.192.0/22
157.119.240.0/22
161.117.0.0/16
163.181.0.0/16
170.33.0.0/16
182.92.0.0/16
185.78.106.0/23
185.218.176.0/22
198.11.128.0/18
198.44.244.0/22
202.61.84.0/22
202.144.199.0/24
203.107.0.0/17
203.119.128.0/17
203.209.224.0/19
205.204.96.0/19
218.244.128.0/19
223.4.0.0/14' > Alibaba/202305_02_ali-CIDRCollapsed.txt
## Then Alibaba's IPv6:
echo '2400:3200::/32
2400:b200::/32
2401:2e00::/32
2401:8680::/32
2401:b180::/32
2403:28c0::/32
2404:2280::/32
2405:e000::/32
2406:1880::/32
2406:2880::/32
2407:bc00::/32
2408:4000::/22
240b:4000::/22
2600:3100::/28
2a0b:da40::/29' > Alibaba/202305_02_ali-IPv6-CIDRCollapsed.txt
## TENCENT
## -------
## Investigations show that this DIGITAL FEUDALIST uses the following
## ASNs (see EXAMPLE INSTRUCTIONS in README to produce a list from ASNs):
##
## AS45090 (over 6 million IPv4)
echo '1.12.0.0/14
1.116.0.0/15
42.187.128.0/17
42.192.0.0/15
42.194.128.0/17
43.136.0.0/13
43.144.0.0/15
43.176.0.0/12
43.242.252.0/22
43.247.196.0/22
45.40.192.0/18
49.232.0.0/14
58.87.64.0/18
62.234.0.0/16
81.68.0.0/14
82.156.0.0/15
94.191.0.0/17
101.33.128.0/17
101.34.0.0/15
101.42.0.0/15
103.38.116.0/22
103.238.16.0/22
106.52.0.0/14
109.244.0.0/16
110.40.128.0/17
110.42.128.0/17
111.30.128.0/21
111.30.136.0/24
111.30.139.0/24
111.30.140.0/23
111.229.0.0/16
111.230.0.0/15
114.117.0.0/16
114.132.0.0/16
115.159.0.0/16
118.24.0.0/15
118.89.0.0/16
118.126.64.0/18
118.195.128.0/17
119.27.160.0/19
119.28.28.0/24
119.29.0.0/16
119.45.0.0/16
119.91.0.0/16
120.53.0.0/16
121.4.0.0/15
121.51.0.0/16
122.51.0.0/16
122.152.192.0/18
123.206.0.0/15
124.220.0.0/14
128.108.0.0/16
129.28.0.0/16
129.204.0.0/16
129.211.0.0/16
132.232.0.0/16
134.175.0.0/16
139.155.0.0/16
139.186.0.0/16
139.199.0.0/16
140.143.0.0/16
146.56.192.0/18
148.70.0.0/16
150.158.0.0/16
152.136.0.0/16
154.8.128.0/17
159.75.0.0/16
162.14.0.0/16
172.81.192.0/18
175.24.0.0/16
175.27.0.0/16
175.178.0.0/16
182.254.0.0/16
188.131.128.0/17
192.144.128.0/17
193.112.0.0/16
203.195.128.0/17
203.205.128.0/17
210.73.160.0/19
211.159.128.0/17
212.64.0.0/17
212.129.128.0/17' > Tencent/202305_02_tenc-CIDRCollapsed.txt
## Tencent's IPv6
echo '2402:4e00::/32' > Tencent/202305_02_tenc-IPv6-CIDRCollapsed.txt
echo "
## Determine whether you previously chose an on-screen
## notification burst of 2 or 3..."
if [[ $(sudo iptables -t nat -L DFCA__LOGGING__MICROSOFT | grep "burst 2") ]]; then \
DFCA_ALERTS__limitBurst=2; \
else \
DFCA_ALERTS__limitBurst=3; \
fi
echo "
## - Determining the insert positions..."
##
## TENCENT and ALIBABA are placed after SPACEX (127.1.66.66) but
## before FACEBOOK (127.1.66.67), so we (I)nsert the check at
## position where FACEBOOK is, thus pushing APPLE down. The `sed'
## part of the command clears everything after and including the
## 'space' character, as explained in the main txt file.
insertPosn__natOutput=$(sudo iptables -t nat -L OUTPUT -n --line-numbers | grep "DFCA__FACEBOOK" | sed 's/ .*//g')
insertPosn__output=$( sudo iptables -L OUTPUT -n --line-numbers | grep "127.1.66.67" | sed 's/ .*//g')
echo "
## - Add the feudalists to the (first IPv4) firewall in reverse (insert)
## order..."
## Thus starting with ALIBABA.
sudo iptables -t nat -N DFCA__ALIBABA
sudo iptables -t nat -I OUTPUT $insertPosn__natOutput -j DFCA__ALIBABA
sudo iptables -t nat -N DFCA__LOGGING__ALIBABA
sudo iptables -t nat -F DFCA__ALIBABA # Ensure rule-set is (F)lushed/empty (will be on first run)
sudo iptables -t nat -F DFCA__LOGGING__ALIBABA # ''
grep -E -ho '([0-9]{1,3}\.){3}[0-9]{1,3}(/[0-9]{1,2})?' Alibaba/?*ali-CIDR?* | xargs echo | sed 's/ /, /g' | xargs -I{} sudo iptables -t nat -A DFCA__ALIBABA -d {} -j DFCA__LOGGING__ALIBABA
sudo iptables -t nat -A DFCA__LOGGING__ALIBABA -m limit --limit 1/sec --limit-burst $DFCA_ALERTS__limitBurst -j LOG --log-uid --log-prefix "Alibaba outgoing blocked: " --log-level 4
sudo iptables -t nat -A DFCA__LOGGING__ALIBABA -j DNAT --to 127.1.66.69
sudo iptables -I OUTPUT $insertPosn__output -d 127.1.66.69 -j REJECT
## TENCENT
sudo iptables -t nat -N DFCA__TENCENT
sudo iptables -t nat -I OUTPUT $insertPosn__natOutput -j DFCA__TENCENT
sudo iptables -t nat -N DFCA__LOGGING__TENCENT
sudo iptables -t nat -F DFCA__TENCENT
sudo iptables -t nat -F DFCA__LOGGING__TENCENT
grep -E -ho '([0-9]{1,3}\.){3}[0-9]{1,3}(/[0-9]{1,2})?' Tencent/?*tenc-CIDR?* | xargs echo | sed 's/ /, /g' | xargs -I{} sudo iptables -t nat -A DFCA__TENCENT -d {} -j DFCA__LOGGING__TENCENT
sudo iptables -t nat -A DFCA__LOGGING__TENCENT -m limit --limit 1/sec --limit-burst $DFCA_ALERTS__limitBurst -j LOG --log-uid --log-prefix "Tencent outgoing blocked: " --log-level 4
sudo iptables -t nat -A DFCA__LOGGING__TENCENT -j DNAT --to 127.16.66.10
sudo iptables -I OUTPUT $insertPosn__output -d 127.16.66.10 -j REJECT
echo -n "
## - Sanity check (ipv4) in case of (accidental) re-run of 'UPDATER.sh'..."
if (( $(sudo iptables -t nat -L OUTPUT -n --line-numbers | grep -c "DFCA__ALIBABA") > 1 )) ; then
echo " RE-RUN DETECTED.
##
## - Removing previous additions to OUTPUT tables... "
## Ie. two FEUDALISTS per rulechain on this occasion.
sudo iptables -t nat -D OUTPUT $(( $insertPosn__natOutput - 2 ))
sudo iptables -t nat -D OUTPUT $(( $insertPosn__natOutput - 2 ))
sudo iptables -D OUTPUT $(( $insertPosn__output - 2 ))
sudo iptables -D OUTPUT $(( $insertPosn__output - 2 ))
else
echo " none detected."
fi
echo "
## - Now IPv6 (same methodology as v4)..."
## Let's make it obvious we're using ip6-(six)-tables
ipt6=ip6tables
## Determine insert positions as above
insertPosn__v6NatOutput=$(sudo $ipt6 -t nat -L OUTPUT -n --line-numbers | grep "DFCA__FACEBOOK" | sed 's/ .*//g')
insertPosn__v6Output=$( sudo $ipt6 -L OUTPUT -n --line-numbers | grep "fe80:666:7::" | sed 's/ .*//g')
## - Add to (IPv6) firewall, first ALIBABA...
sudo $ipt6 -t nat -N DFCA__ALIBABA
sudo $ipt6 -t nat -I OUTPUT $insertPosn__v6NatOutput -j DFCA__ALIBABA
sudo $ipt6 -t nat -N DFCA__LOGGING__ALIBABA
sudo $ipt6 -t nat -F DFCA__ALIBABA
sudo $ipt6 -t nat -F DFCA__LOGGING__ALIBABA
grep -E -ho "$(cat IPV6_REGEX.txt)" Alibaba/?*ali-IPv6-CIDR?* | xargs echo | sed 's/ /, /g' | xargs -I{} sudo $ipt6 -t nat -A DFCA__ALIBABA -d {} -j DFCA__LOGGING__ALIBABA
sudo $ipt6 -t nat -A DFCA__LOGGING__ALIBABA -m limit --limit 1/sec --limit-burst $DFCA_ALERTS__limitBurst -j LOG --log-uid --log-prefix "Alibaba IPv6 out blocked: " --log-level 4
sudo $ipt6 -t nat -A DFCA__LOGGING__ALIBABA -j DNAT --to fe80:666:9::
sudo $ipt6 -I OUTPUT $insertPosn__v6Output -d fe80:666:9:: -j REJECT
## - ...then TENCENT.
sudo $ipt6 -t nat -N DFCA__TENCENT
sudo $ipt6 -t nat -I OUTPUT $insertPosn__v6NatOutput -j DFCA__TENCENT
sudo $ipt6 -t nat -N DFCA__LOGGING__TENCENT
sudo $ipt6 -t nat -F DFCA__TENCENT
sudo $ipt6 -t nat -F DFCA__LOGGING__TENCENT
grep -E -ho "$(cat IPV6_REGEX.txt)" Tencent/?*tenc-IPv6-CIDR?* | xargs echo | sed 's/ /, /g' | xargs -I{} sudo $ipt6 -t nat -A DFCA__TENCENT -d {} -j DFCA__LOGGING__TENCENT
sudo $ipt6 -t nat -A DFCA__LOGGING__TENCENT -m limit --limit 1/sec --limit-burst $DFCA_ALERTS__limitBurst -j LOG --log-uid --log-prefix "Tencent IPv6 out blocked: " --log-level 4
sudo $ipt6 -t nat -A DFCA__LOGGING__TENCENT -j DNAT --to fe80:666:10::
sudo $ipt6 -I OUTPUT $insertPosn__v6Output -d fe80:666:10:: -j REJECT
echo -n "
## - Sanity check (ipv6) in case of accidental re-run of update..."
if (( $(sudo $ipt6 -t nat -L OUTPUT -n --line-numbers | grep -c "DFCA__ALIBABA") > 1 )) ; then
echo " RE-RUN DETECTED.
##
## - Removing previous additions to OUTPUT tables... "
sudo $ipt6 -t nat -D OUTPUT $(( $insertPosn__v6NatOutput - 2 ))
sudo $ipt6 -t nat -D OUTPUT $(( $insertPosn__v6NatOutput - 2 ))
sudo $ipt6 -D OUTPUT $(( $insertPosn__v6Output - 2 ))
sudo $ipt6 -D OUTPUT $(( $insertPosn__v6Output - 2 ))
else
echo " none detected."
fi
echo "
## 3. Update SPACEX
## ----------------"
## - Find the updated list in:
## <Torrent_folder>/UPGRADING_FROM_V0.1.0/202302_02_spacex-CIDRCollapsed.txt
## - Notice that we have not updated the month because we are still
## using February data - just using it properly. Follow the UPDATING
## section in the README to easily update. ````````
## - But if you are feeling lazy...
echo '8.21.14.0/24
8.25.194.0/23
8.25.196.0/23
8.45.124.0/24
8.47.24.0/24
8.244.0.0/14
12.0.0.0/8
31.40.130.0/24
31.130.128.0/19
45.146.40.0/24
45.151.60.0/22
62.67.197.0/24
64.63.0.0/18
65.181.0.0/19
69.195.160.0/24
69.195.162.0/23
69.195.164.0/23
69.195.166.0/24
69.195.168.0/23
69.195.171.0/24
69.195.172.0/24
69.195.174.0/23
69.195.176.0/23
69.195.179.0/24
69.195.180.0/22
69.195.184.0/22
77.50.0.0/16
77.233.192.0/19
77.243.96.0/20
81.17.144.0/20
83.150.204.0/24
91.102.180.0/22
91.204.128.0/22
91.221.43.0/24
94.141.160.0/19
98.97.0.0/18
98.97.64.0/21
98.97.72.0/22
98.97.76.0/23
98.97.80.0/20
98.97.96.0/19
98.97.128.0/18
102.215.56.0/23
102.215.58.0/24
103.152.126.0/23
103.171.118.0/24
103.235.92.0/22
103.252.112.0/22
104.244.40.0/23
104.244.42.0/24
104.244.44.0/22
113.29.1.176/30
113.29.105.136/30
129.222.0.0/16
135.129.0.0/18
135.129.120.0/23
138.84.32.0/19
143.131.0.0/20
145.224.64.0/18
149.19.108.0/23
149.19.164.0/22
149.19.168.0/21
149.106.192.0/19
162.43.192.0/22
168.195.100.0/22
169.155.224.0/19
170.203.64.0/19
170.203.192.0/19
176.116.124.0/23
177.55.224.0/20
185.45.4.0/22
185.135.182.0/24
185.185.140.0/22
188.64.224.0/21
188.92.248.0/21
188.95.144.0/23
190.109.64.0/22
192.44.69.0/24
192.95.64.0/24
192.133.76.0/22
193.105.70.0/24
198.54.100.0/22
199.16.156.0/22
199.43.255.0/24
199.59.148.0/22
199.66.8.0/22
199.96.56.0/21
199.120.32.0/20
199.120.48.0/21
199.120.56.0/23
202.160.128.0/22
203.31.23.0/24
204.48.8.0/24
205.234.11.0/24
206.83.96.0/19
206.214.224.0/20
206.224.64.0/20
206.224.80.0/21
206.224.88.0/22
206.224.95.0/24
207.140.0.0/15
209.133.79.0/24
209.198.128.0/21
209.198.136.0/23
209.198.138.0/24
209.198.140.0/23
209.237.192.0/21
209.237.200.0/22
209.237.220.0/23
209.237.222.0/24
213.19.141.0/24
213.244.145.0/24
216.128.0.0/19
216.147.120.0/21
217.65.136.0/21' > SpaceX/202302_02_spacex-CIDRCollapsed.txt
echo "
## - (F)lush the old SPACEX rules out of the firewall..."
sudo iptables -t nat -F DFCA__SPACEX
echo "
## ...and re-add the correct ones (this command is explained in the README)..."
grep -E -ho '([0-9]{1,3}\.){3}[0-9]{1,3}(/[0-9]{1,2})?' SpaceX/?*spacex-CIDR?* | xargs echo | sed 's/ /, /g' | xargs -I{} sudo iptables -t nat -A DFCA__SPACEX -d {} -j DFCA__LOGGING__SPACEX
echo "
## 4. Apply performance improvement to IPv6
## ----------------------------------------"
echo -n "
## - Probably pointless sanity check for \"IPv6 performance\" tweaks in
## case of (accidental) re-run of this script..."
sleep 1
if (( $(sudo $ipt6 -L OUTPUT -n --line-numbers | \
grep -ce "^1 .*ACCEPT .*0 .*-- .*::/0 .*::/0 [[:space:]]*$") > 0 && $(sudo $ipt6 -L OUTPUT -n --line-numbers | \
grep -ce "^2 .*ACCEPT .*0 .*-- .*::/0 .*::/0 .*state RELATED,ESTABLISHED$") > 0 )) ; then
echo " RE-RUN DETECTED (doing nothing)."
else
echo " success."
if (( $(sudo $ipt6 -L OUTPUT -n --line-numbers | \
grep -ce "^1 .*REJECT .*0 .*-- .*::/0 .*fe80:666:: .*reject-with icmp6-port-unreachable$") < 1 )) ; then
echo -n "
## - Deviation from expected firewall rule-chain detected...
## - Expected first line from command 'sudo ip6tables -L OUTPUT -n --line-numbers' is:
1 REJECT 0 -- ::/0 fe80:666:: reject-with icmp6-port-unreachable
##
## ...but another result was detected.
##
## - PROCEEDING WITH UNCONTROVERSIAL ADDITION/UPDATE ANYWAY BUT IT MAY BE
## WISE TO CHECK YOUR ip6tables RULE-CHAIN.
## **************************************************************
##"
sleep 5
fi
# Add the actual basic rules :P
sudo $ipt6 -I OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo $ipt6 -I OUTPUT -o lo -j ACCEPT
fi
echo "
## - Save firewall settings for startup..."
sudo iptables-save -f /etc/iptables/iptables.rules # Archlinux/Gentoo saving method, or
sudo service iptables save # Debian saving method
sudo $ipt6-save -f /etc/iptables/$ipt6.rules # Archlinux/Gentoo saving method, or
sudo service $ipt6 save # Debian saving method
sleep 1
echo "
## Congrats on your upgrade!
## -------------------------
## Together we can blacklist the DIGITAL FEUDALISTS into oblivion!"
echo "
## IMPORTANT: You'll need to logout and in again (or restart) to get the full
## benefit of this update. Although it will begin blocking ALIBABA and
## TENCENT immediately, the on-screen notifications process will not
## display the chosen icons for them until you re-login or reset."
sleep 4
echo "
## Testing that it is working (both blocking and showing an alert)..."
wget https://81.68.0.123 # ...to test TENCENT.
wget https://119.38.224.0 # Test ALIBABA (again, you'll need to reset to see better icons.)
statusCode=$? # the return value of above
if [ $statusCode -eq 0 ]; then
echo "
## **************************************************************************
## WARNING: Test request to DIGITAL FEUDALIST **not** refused!
##
## Please try:
sudo iptables -t nat -L OUTPUT -n --line-numbers # see a (j)ump to DFCA_TENCENT and ALIBABA rules here?
sudo iptables -L OUTPUT -n --line-numbers # see 127.1.66.69 and 127.16.66.10 rejected here?
sudo iptables -L DFCA_TENCENT -n --line-numbers # see blocked TENCENT IP Address Ranges here?
## If you answered no to any of the questions please find help.
## **************************************************************************
##"
else
echo "
## - Success!
##"
fi
sleep 3
echo "
## - Open the README using your favourite text editor and share it with
## your friends and family. If you have any trouble and start afresh
## follow these instructions.
"
sleep 8
nautilus /home/$USER/.law-DFCA/README_AND_INSTALL_INSTRUCTIONS__0.2.0.txt &
thunar /home/$USER/.law-DFCA/README_AND_INSTALL_INSTRUCTIONS__0.2.0.txt &
dolphin /home/$USER/.law-DFCA/README_AND_INSTALL_INSTRUCTIONS__0.2.0.txt &
nemo /home/$USER/.law-DFCA/README_AND_INSTALL_INSTRUCTIONS__0.2.0.txt &
Reference in a new issue View git blame Copy permalink