Geo filter gaming by Dopam (old files finish)

Hello everyone, I recently recreated a geofilter, but I lost the data from my router file. I've recovered some basics, but they are incomplete. I'm sharing them with you as best as I can...

Thank you

1er files place in hotplug.d/iface name : 13-nftables_custom

#!/bin/sh

# Vérifiez si la variable $DEVICE est définie (non vide)
[ -n "$DEVICE" ] || exit 0

# Si l'action est 'ifup', exécuter les commandes suivantes
[ "$ACTION" = ifup ] && {
    # Vérifiez si nftables_custom est activé dans la configuration UCI
    enabled=$(uci get nftables_custom.global.enabled 2>/dev/null)
    
    if [ "$enabled" = "1" ]; then
        # Activez le service nftables_custom au démarrage et redémarrez-le
        /etc/init.d/nftables_custom enable
        /etc/init.d/nftables_custom restart
        
        # Journaliser l'action effectuée
        logger -t nftables_custom "Reloading nftables_custom.sh due to $ACTION of $INTERFACE ($DEVICE)"
    else
        # Journaliser que nftables_custom est désactivé et aucune action n'a été prise
        logger -t nftables_custom "nftables_custom is disabled in the configuration. Not executing the script."
    fi
}

2nd files init.d name : nftables_custom

#!/bin/sh /etc/rc.common

START=99
STOP=15

start() {
    config_load nftables_custom
    
    # Appliquer les règles dans l'ordre
    config_foreach apply_rule rule
}

apply_rule() {
    local name ip_saddr ip_daddr udp_dport tcp_dport action enabled

    config_get name "$1" name
    config_get ip_saddr "$1" ip_saddr
    config_get ip_daddr "$1" ip_daddr
    config_get udp_dport "$1" udp_dport
    config_get tcp_dport "$1" tcp_dport
    config_get action "$1" action
    config_get enabled "$1" enabled

    [ "$enabled" = "1" ] || return

    # Construction de la règle
    local rule="ip saddr $ip_saddr"
    [ -n "$ip_daddr" ] && rule="$rule ip daddr $ip_daddr"
    [ -n "$udp_dport" ] && rule="$rule udp dport { $udp_dport }"
    [ -n "$tcp_dport" ] && rule="$rule tcp dport { $tcp_dport }"
    rule="$rule counter $action"

    # Insertion de la règle dans fw4
    nft insert rule inet fw4 forward_lan $rule
    logger -t nftables_custom "Added rule: $rule"
}
stop() {
    # Supprimer toutes les règles ajoutées dans la chaîne forward_lan
    nft flush chain inet fw4 forward_lan
    
    # Ajoutez les règles que vous souhaitez conserver dans la chaîne forward_lan
    nft insert rule inet fw4 forward_lan jump accept_to_lan
    nft insert rule inet fw4 forward_lan jump accept_to_wireguard
    nft insert rule inet fw4 forward_lan jump accept_to_vpn
    nft insert rule inet fw4 forward_lan jump accept_to_wan
    
}
    

   ### is important to place in orderthe rule lan because lost internet after my memories 
   


3rd files usr/share/luci/menu.d/luci-app-nftables_custom

{
    "admin/network/nftables_custom": {
        "title": "Geofilter DOPAM",
        "order": 80,
        "action": {
            "type": "firstchild"
        },
        "depends": {
            "acl": [ "luci-app-nftables_custom" ],
            "uci": { "nftables_custom": true }
        }
    },
    "admin/network/nftables_custom/rules": {
        "title": "Rules",
        "order": 10,
        "action": {
            "type": "view",
            "path": "nftables_custom/rules"
        }
    }
}

4eme files usr/share/rpcd/acl.d/luci-app-nftables_custom

{
    "luci-app-nftables_custom": {
        "description": "Grant access to nftables custom configuration",
        "read": {
            "ubus": {
                "luci.nftables_custom": [ "getNftablesStats", "listRules" ],
                "luci": [ "getInitList", "setInitAction", "getInitActionStatus", "exec" ]
            },
            "uci": [ "nftables_custom" ],
            "file": {
                "/etc/config/nftables_custom": [ "read" ],
                "/etc/init.d/nftables_custom": [ "read", "exec" ],
                "/etc/nftables_custom.sh": [ "read" ],
                "/etc/hotplug.d/iface/13-nftables_custom": [ "read" ],
                "/tmp/nftables_custom_output.txt": [ "read" ]
            }
        },
        "write": {
            "ubus": {
                "luci": [ "setInitAction", "exec" ]
            },
            "uci": [ "nftables_custom" ],
            "file": {
                "/etc/config/nftables_custom": [ "write" ],
                "/etc/init.d/nftables_custom": [ "write", "exec" ],
                "/etc/nftables_custom.sh": [ "write" ],
                "/etc/hotplug.d/iface/13-nftables_custom": [ "write" ]
            }
        }

5eme files www/luci-static/resources/view/nftables_custom/rules.js

'use strict';
'require view';
'require form';
'require uci';
'require rpc';
'require ui';

return view.extend({
    render: function() {
        var m, s, o;

        m = new form.Map('nftables_custom', _('Custom nftables Rules'), _('Manage custom nftables rules. Drag and drop to reorder.'));

        s = m.section(form.GridSection, 'rule', _('Traffic Rules'));
        s.addremove = true;
        s.anonymous = true;
        s.sortable = true;  // Activer le drag-and-drop

        // Ajouter la colonne avec les trois traits pour le drag-and-drop
        o = s.option(form.DummyValue, '_move', _('☰'));  // Symbole unicode représentant les trois traits
        o.rawhtml = true;
        o.cfgvalue = function() {
            return '☰';  // Affiche le symbole de trois traits pour drag-and-drop
        };

        // Nom de la règle
        o = s.option(form.Value, 'name', _('Name'));
        o.rmempty = false;  // Le champ ne doit pas être vide
        o.datatype = 'string';  // Assurez-vous que c'est du texte

        // Adresse IP source
        o = s.option(form.Value, 'ip_saddr', _('Source IP Address'));
        o.placeholder = '0.0.0.0/0';

        // Adresse IP destination
        o = s.option(form.Value, 'ip_daddr', _('Destination IP Address'));
        o.placeholder = '0.0.0.0/0';

        // Ports UDP
        o = s.option(form.Value, 'udp_dport', _('UDP Destination Port'));
        o.placeholder = '53, 80, 443, etc.';

        // Ports TCP
        o = s.option(form.Value, 'tcp_dport', _('TCP Destination Port'));
        o.placeholder = '53, 80, 443, etc.';

        // Action sur les règles
        o = s.option(form.ListValue, 'action', _('Action'));
        o.value('accept', _('Accept'));
        o.value('drop', _('Drop'));
        o.value('reject', _('Reject'));

        // Activer ou désactiver la règle
        o = s.option(form.Flag, 'enabled', _('Enabled'));
        o.default = '1';
        o.rmempty = false;

        return m.render();
    }
});

@W37 @Rafumfps

Hello dopam, greetings from Brazil, thank you very much for sharing, but I need to know if I need to configure something in your geoip, as we know that we are not from the same country

yes you can test in putty or other my other scripts for see the list of server in matchmaking do you want the share my script ?

is very simple in one files

1 Like

dopam I can't share your script without permission, and I don't even know how to use it yet. But I think you're a very intelligent guy here on the forum, I know you work with this, I can't share something that you have a means of earning from it.

1 Like

I live on the Swiss border, in case you want to know :wink: I'm going to share the script that analyzes servers during matchmaking; it's very functional and works well. You can use it on Putty or ttyd, whichever you prefer :wink:

1 Like

please check your console ip before to launch this script change ip and start the script then after

#!/bin/sh
############################################################

ipconsole="192.168.2.168" # ajoute ta console
port="3074"

nft add table inet dopam 2>/dev/null # autorise, ignore l'erreur si la table existe déjà

# Nettoie les anciennes règles et sets si existants
nft flush table inet dopam # nettoie les règles

# Supprimer les sets si existants
nft list set inet dopam udp_meter4 &> /dev/null && nft delete set inet dopam udp_meter4
nft list set inet dopam tcp_meter4 &> /dev/null && nft delete set inet dopam tcp_meter4

nft -f /dev/stdin <<EOF
table inet dopam {

   set udp_meter4 {
      type ipv4_addr . ipv4_addr . inet_service . inet_service;
      timeout 5m;
   }

   set tcp_meter4 {
      type ipv4_addr . ipv4_addr . inet_service . inet_service;
      timeout 5m;
   }

   chain dopam {
      type filter hook forward priority 0; policy accept;
      ip protocol tcp ip daddr $ipconsole add @tcp_meter4 {ip saddr . ip daddr . tcp sport . tcp dport}
      ip protocol udp ip daddr $ipconsole add @udp_meter4 {ip saddr . ip daddr . udp sport . udp dport}
   }
}
EOF

### Init Script ###
if [ ! -f "/etc/init.d/DOPAMSERVER" ]; then
cat << "INITSCRIPT" > /etc/init.d/DOPAMSERVER
#!/bin/sh /etc/rc.common

USE_PROCD=1

START=99
STOP=99

service_triggers() {
    procd_add_reload_trigger fw4
}

start_service() {
    /etc/init.d/DOPAMSERVER enabled || exit 0
    echo start
    procd_open_instance
    procd_set_param command /bin/sh "/root/DOPAMSERVER.sh"
    procd_set_param stdout 1
    procd_set_param stderr 1
    procd_close_instance
}

restart() {
    /etc/init.d/DOPAMSERVER enabled || exit 0
    echo restart
    /root/DOPAMSERVER.sh
}

stop_service() {
    echo stop

    ## Default warning settings
    uci -q get dhcp.odhcpd.loglevel | grep "4" > /dev/null 2>&1 || {
        uci set dhcp.odhcpd.loglevel="4"
        uci commit && reload_config
    }

    exit 0
}

reload_service() {
    start
}
INITSCRIPT
chmod 755 /etc/init.d/DOPAMSERVER > /dev/null 2>&1
/etc/init.d/DOPAMSERVER enable > /dev/null 2>&1
fi

### Hotplug ###
if [ ! -f "/etc/hotplug.d/iface/99-DOPAMSERVER" ]; then
cat << "HOTPLUG" > /etc/hotplug.d/iface/99-DOPAMSERVER
#!/bin/sh

[ "$ACTION" = ifup ] || [ "$ACTION" = ifupdate ] || exit 0
[ "$ACTION" = ifupdate ] && [ -z "$IFUPDATE_ADDRESSES" ] && [ -z "$IFUPDATE_DATA" ] && exit 0

# Ensure that the script is executable by Owner
if [ ! -x "/root/DOPAMSERVER.sh" ] || [ ! -x "/etc/init.d/DOPAMSERVER" ]; then
    chmod 755 /root/DOPAMSERVER.sh
    chmod 755 /etc/init.d/DOPAMSERVER
fi

# Check if the init script is enabled to reload the script
/etc/init.d/DOPAMSERVER enabled || exit 0

# Reloading the script
logger -t DOPAMSERVER "Reloading DOPAMSERVER.sh due to $ACTION of $INTERFACE ($DEVICE)"
sleep 10 && /etc/init.d/DOPAMSERVER restart
HOTPLUG
fi

go to putty and put

nft list ruleset | grep "table inet dopam" -A 80

you can see the adress ip udp and tcp who pass by console and see all server while this matchmaking example cod call of duty

enjoy my friends

my last game tonight with second beta of BLACK OPS 6 i just share now

I saw your last post on qosmate, I make content here in Brazil, and people are not happy with anything, I have a small community on WhatsApp where we talk about OpenWRT, but on my YouTube channel I delete all the criticism from people who want to attack our lives. I wish I had half the knowledge you have.

1 Like

i do'nt understand the translate

this in french i'm trnaslate like this but not really the true french language

mais pas mon canal YouTube pour tous les gens qui critiquent atacar a nossa vida. Je veux qu'il y ait une métade de la connaissance que vous les avez.

1 Like

I made a mistake when putting it in English lol

Dopam, I should first put the script you put in the post and then start doing this last one.

It's more complicated than that. I had the interface in my last file, but I didn't save it. There's not much missing to recreate it, but I spent a lot of time on it. I have a config file where the order absolutely needs to be respected

1 Like




unfortunatly my interface doesnt appair now after flash my router

but i has the last files config than i saved

1 Like

It is very important for OpenWRT to follow the nftables rules; otherwise, you will lose internet access, especially in the forward_lan section. Here is the config file that I am sharing with the port numbers to maintain internet access and access games

config rule 'cod_strasbourg'
	option name 'cod_strasbourg'
	option ip_saddr '192.168.2.168'
	option ip_daddr '!=78.0.0.0/8'
	option action 'drop'
	option enabled '0'

config rule 'cod_allemagne'
	option name 'cod hesse allemagne'
	option ip_saddr '192.168.2.168'
	option ip_daddr '!=95.0.0.0/8'
	option action 'drop'
	option enabled '0'

config rule 'cod_paris'
	option name 'COD Paris'
	option ip_saddr '192.168.2.168'
	option ip_daddr '!= { 136.244.112.0/20, 95.179.208.0/20, 217.69.0.0/20  }'
	option action 'drop'
	option enabled '0'

config rule 'cod_suisse'
	option name 'cod_suisse'
	option ip_saddr '192.168.2.168'
	option ip_daddr '!= { 35.224.0.0/12, 35.240.0.0/13, 35.208.0.0/12 }'
	option action 'drop'
	option enabled '0'

config rule 'cod_italy_milan'
	option name 'cod_italy_milan'
	option ip_saddr '192.168.2.168'
	option ip_daddr '!= { 2.0.0.0/8, 178.0.0.0/8, 92.0.0.0/8, 109.0.0.0/8,  35.224.0.0/12, 35.240.0.0/13, 35.208.0.0/12, 136.244.112.0/20, 95.179.208.0/20, 217.69.0.0/20, 78.0.0.0/8, 95.0.0.0/8 }'
	option action 'drop'
	option enabled '1'

config rule 'xdefiant'
	option name 'XDefiant'
	option ip_daddr '{ 34.64.0.0/10, 35.208.0.0/12, 35.240.0.0/13, 35.224.0.0/12 }'
	option action 'accept'
	option enabled '0'
	option ip_saddr '192.168.2.168'

config rule 'cod_authentification'
	option name 'COD Authentification'
	option ip_saddr '192.168.2.168'
	option ip_daddr '185.0.0.0/8'
	option action 'accept'
	option enabled '1'

config rule 'autorize port UDP'
	option name 'PORT UDP'
	option ip_saddr '192.168.2.168'
	option udp_dport '{ 53, 80, 443, 3074, 3659, 9308, 3478-3479, 50000-65535 }'
	option action 'accept'
	option enabled '1'

config rule 'autorize port TCP'
	option name 'PORT TCP'
	option ip_saddr '192.168.2.168'
	option tcp_dport '{ 53, 80, 443, 1935-1936, 3478-3479 }'
	option action 'accept'
	option enabled '1'


1 Like

I will analyze everything you are sharing, I still have a lot to learn.

1 Like

hi rafumpfps i rework for you and try to make appair the geo filter in the interface

i keep informed if i succedd and i share with you :wink:

Great work, and quite some dedication!

Just out of curiosity, how do you actually detect the IP ranges for each location?
I guess you play the game capture the traffic and correlate the in game location (I assume games somehow report where the server is located) report with the captures IP addresses. Then you "simply" create a rule for the locations... I would naively interpret
option ip_daddr '!= { 136.244.112.0/20, 95.179.208.0/20, 217.69.0.0/20 }'
as drop anything (coming from the game client's IP address) going to addresses not in the defined set...
I wonder how does this woirk when e.g. using Discord for chatting while playing?

1 Like

Hi, thank you very much, I appreciate your comment. To detect the IP ranges, I copy all the IPs from the second script and paste them on this site

for the last example 217.

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2024, American Registry for Internet Numbers, Ltd.
#
NetRange:       217.0.0.0 - 217.255.255.255
CIDR:           217.0.0.0/8
NetName:        217-RIPE
NetHandle:      NET-217-0-0-0-1

copy the CIDR

I'm use chat party vocal via PlayStation and my mate speak and listen my voice he seems to use port 3478-3479

i'm work often on chatgpt is like this create the script

chatgpt moeller

It takes time, but it's worth it :wink:

1 Like

Hi friend, Congratulations on the great work!

Could you explain the path and command for installing your script?

I couldn't understand where and how I should place your scripts.

You could automate this if you can download and locally store ip ranges for all relevant countries. Then you could use a similar algorithm to the one here:

https://github.com/friendly-bits/geoip-shell/blob/46a6cae1da60b6e5744a6b7877eabc267fb63a26/check-ip-in-source.sh#L128