Voipblock for modem-router Technicolor: calls blacklist for several devices provided by italian ISP

Thanks to the joint effort of an entire community it has been possible to unlock many modems/routers produced by Technicolor and based on OpenWrt Chaos Calmer 15.05.1, including the Smart Modem Plus DGA4130 (AGTEF), the FastGate DGA4131, the TIM HUB DGA4132 (AGTHP) and also several other devices:

  • TG589vac
  • TG788vn v2
  • TG789vac v2 HP
  • TG789vac v1
  • TG789vac v2
  • TG789vac XTREAM 35B
  • TG799vac
  • TG799vac XTREAM
  • TG800vac

After unlocking it is also possible to install a GUI that allows access to all the features of the device.

More info can be found here, here and here.

The hard-working community has also proposed several implementations of a system to create a calls blacklist, some implementations use the iptables firewall, other implementations use asterisk.

Below is a new solution called Voipblock, which also uses the iptables firewall but is slightly different from the others:

  • fully integrated with the iptables firewall
  • completely manageable from the command line interface
  • does not alter the functionality of the phone book in the GUI
  • can use a blacklist of numbers entered manually in a specific local file
  • can use a blacklist of numbers retrieved online
  • can use both the local blacklist and the online blacklist
  • you can create a whitelist to "unlock" some number from the online blacklist

The implementation is really very simple, you need to create a new iptables firewall configuration file:

/etc/firewall.voipblock

#!/bin/sh
# License: GPL
#
# Author: Mentor <[email protected]>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
#SETTINGS
local_blacklist=on
online_blacklist=off

for number in `iptables --list INPUT | grep sip | awk '{print $10}' | sed 's/\"//g'`; do
  iptables -D INPUT -p udp --dport 5060 -m string --algo bm --string $number -j REJECT
done

if [ ! -z "$local_blacklist" ] && [ "$local_blacklist" = "on" ] && [ -f /etc/voipblock/voipblock.blacklist ]; then
  for number in `cat /etc/voipblock/voipblock.blacklist`; do
    iptables -I INPUT -p udp --dport 5060 -m string --algo bm --string $number -j REJECT
  done
fi

if [ ! -z "$online_blacklist" ] && [ "$online_blacklist" = "on" ]; then
  if [ ! -z "$local_blacklist" ] && [ "$local_blacklist" = "on" ] && [ -f /etc/voipblock/voipblock.blacklist ]; then
    for number in `curl https://www.xxx.xxx/voipblock.blacklist`; do
      if ! grep -q $number /etc/voipblock/voipblock.blacklist /etc/voipblock/voipblock.whitelist; then
        iptables -I INPUT -p udp --dport 5060 -m string --algo bm --string $number -j REJECT
      fi
    done
  else
    for number in `curl https://www.xxx.xxx/voipblock.blacklist`; do
      iptables -I INPUT -p udp --dport 5060 -m string --algo bm --string $number -j REJECT
    done
  fi
fi

and you have to make it executable with  chmod +x /etc/firewall.voipblock

This script retrieves the numbers from the online list and the two blacklist and whitelist files:

/etc/voipblock/voipblock.blacklist

/etc/voipblock/voipblock.whitelist

and it creates an iptables rule like this for every number(*):

iptables -I INPUT -p udp --dport 5060 -m string --algo bm --string NUMBER -j REJECT

By default it is active only the online list.

To integrate the new script into the firewall you need to edit the file /etc/config/firewall ed aggiungere:

config include
        option path '/etc/firewall.voipblock'
        option reload '1'

Finally, you can create a cronjob to automate the recovery of numbers:

0 4 * * * /etc/firewall.voipblock

Section: 

Comments

Add new comment