Skip to content

Tips & Tricks

Jump to bottom
wifiBlocker EUROPE edited this page Apr 16, 2026 · 52 revisions

Switch to modem version

In case user wants to switch from Router to Modem version, he should run below script followed by reboot:

/var/www/localhost/cgi-bin/modem/switch_to_modem.sh

Create a limited user

sudo adduser limiteduser --shell=/bin/false --no-create-home

Add below lines in /etc/ssh/sshd_config

Match user limiteduser
   ForceCommand /bin/false

Resize the partition

apk add --no-cache e2fsprogs-extra

resize2fs /dev/mmcblk0p2

The partition will be resized to maximum size

----------------------------//-----------------------------

iptables and ip6tables

List:

iptables -t nat -v -L -n --line-number

ip6tables -t nat -v -L -n --line-number

Delete rule:

 iptables -t nat -D POSTROUTING 2

 ip6tables -t nat -D POSTROUTING 2

Enable IPv6 traffic on a Linux host attached to iBlocker Access Point:

ifconfig wlan0 inet6 add fdda:8765:4321:fdda::199/64    - replace wlan0 with Linux host interface and :199 with your desired number
ping6 fdda:8765:4321:fdda::1      - iBlocker wlan0 IPv6
ip -6 route list
ip -6 route add default via fdda:8765:4321:fdda::1
ping6 google.com

----------------------------//-----------------------------

Check eth0 status

cat /sys/class/net/eth0/operstate

Check since eth0 is up (in seconds):

expr $(echo $(date +%s) - $(date -d "`grep 'eth0: leased' /var/log/messages | tail -1 | awk '{print $1, $2, $3}'`" +%s))

----------------------------//-----------------------------

Alpine IMAGES

Backup the 2 partitions from SD card to .img files

 dd bs=4M if=/dev/sdb1 of=Alpine_sdb1.img

 dd bs=4M if=/dev/sdb2 of=Alpine_sdb2.img

Write the .img files to a new SD card, formatted with 2 partitions: sdb1=FAT32, 400 MB, and sdb2=ext4, the rest of the card

   dd if=Alpine_sdb1.img of=/dev/sdb1 bs=4M

   dd if=Alpine_sdb2.img of=/dev/sdb2 bs=4M

----------------------------//-----------------------------

Grep

grep -v '^#' hostapd.conf - print file without lines starting with #

----------------------------//-----------------------------

SSH

rm -rf /root/.ssh

rm -rf /home/iblocker/.ssh/

rm -rf /var/www/.ssh/

ssh-keygen -t rsa -q -f "/root/.ssh/id_rsa" -N ""

cp /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys

ssh -o StrictHostKeyChecking=no root@localhost "exit"

cp /root/.ssh /var/www -R

cp /root/.ssh /home/iblocker -R

chown iblocker:iblocker /home/iblocker/.ssh -R

chmod 755  /var/www/.ssh/

chmod 755  /var/www/.ssh/*

chown apache:apache /var/www/.ssh -R

chown root:root /var/www/.ssh/*

chmod 755  /var/www/.ssh/*

ssh-keyscan -H localhost  >> /var/www/.ssh/known_hosts

Check: ssh root@localhost

----------------------------//-----------------------------

Enable Auth Log

apk add --no-cache syslog-ng

Add below lines at the end of /etc/syslog-ng/syslog-ng.conf

filter f_auth { facility(auth); };
log { source(src); filter(f_auth); destination(auth_log); };

Change permissions and restart the service:

chmod 640 /var/log/auth.log
rc-service syslog restart

Verify log: tail -f /var/log/auth.log

----------------------------//----------------------------

DNS ISSUE - "request is not signed"

Solution:

systemctl stop named.service

rm -r /var/cache/bind/*

systemctl start named.service

----------------------------//-----------------------------

SET TIME

date --set="2024-08-14 10:07:00"

Wed Aug 14 10:07:00 CEST 2024

hwclock --systz

In case time is de-synchronized, comment out the below line from /etc/conf.d/syslog:

SYSLOGD_OPTS="-t"

or configure chrony as below: vi /etc/chrony/chrony.conf and add below lines:

 pool pool.ntp.org iburst
    initstepslew 10 pool.ntp.org
    driftfile /var/lib/chrony/chrony.drift
    rtcsync

and restart service: rc-service chronyd restart

add command chattr +i /etc/chrony/chrony.conf

----------------------------//-----------------------------

Disable service

 rc-update del acpid

----------------------------//-----------------------------

Enable service

apk add dhcpcd  - for IPv6 on eth0 or usb0

rc-update add dhcpcd

rc-service  dhcpcd start

rc-status

----------------------------//----------------------------

SED

sed -E '/(^$|^#)/d' input.file > input1.file - delete lines containing # as first character and empty lines

sed '/^$/d' <input-file> - delete empty lines from file

sed -i '/width/c\width 1920' /usr/local/etc/motion/motion.conf - replace line containing width... with line width 1920

sed -i '/EOF/d' /etc/network/interfaces - delete lines containing EOF

sed -i ‘/DAEMON_CONF/c\DAEMON_CONF=“/etc/hostapd/hostapd.conf”’ /etc/init.d/hostapd

sed -i ‘/#net.ipv4.ip_forward=1/c\net.ipv4.ip_forward=1’ /etc/sysctl.conf

----------------------------//----------------------------

ffmpeg

Convert .avi to .mp4

 ffmpeg -i single-cam.avi -c:v libx264 -crf 18 -c:a aac -b:a 128k single-cam.mp4

----------------------------//----------------------------

Enable https on iblocker


openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout server.key -out server.crt -subj '/C=XX/ST=XX/L=YYY/O=abcd.eu'

mv server.key  server.crt /etc/apache2/conf.d/

Add below lines to http.conf:

<VirtualHost *:443>
    DocumentRoot "/var/www/localhost/htdocs/"
    ServerName dev
    SSLEngine on
    SSLCertificateFile "/etc/apache2/conf.d/server.crt"
    SSLCertificateKeyFile "/etc/apache2/conf.d/server.key"
</VirtualHost>

Install apk add apache2-ssl

Restart Apache:

rc-service  apache2 restart

Check expiration:

openssl x509 -in server.crt -text -noout -dates

View the contents of our certificate in plain text:

openssl x509 -text -noout -in server.crt

----------------------------//----------------------------

Protect Apache access via user/pass

In order to restrict the access to an Apacher web page located for example in ..videos/folder, follow the below steps:

Install the apache2-utils: apk add apache2-utils

Add below lines in /etc/apache2/httpd.conf:

<Directory "/var/www/localhost/htdocs/dpnet/videos/folder">
  AuthType Basic
  AuthName "restricted area"
  AuthUserFile /var/www/localhost/htdocs/dpnet/videos/folder/.htpasswd
  require valid-user
</Directory>

Launch below command:

htpasswd -c /var/www/localhost/htdocs/dpnet/videos/folder/.htpasswd iblocker

File .htpasswd would be created, then restart Apache server: rc-service apache2 restart

----------------------------//----------------------------

Check hosts from NW Subnet

nmap -v -sn 192.168.100.0/24

----------------------------//----------------------------

Visitors counter

Add below lines in index.html, after footer:

<div id="counter"></div>
<script>
fetch("/cgi-bin/your_folder/counter.py")
  .then(r => r.text())
  .then(data => {
    document.getElementById("counter").innerHTML = data;
  });
</script>

Create counter.py as below:

#!/usr/bin/env python3

file = "/var/www/localhost/cgi-bin/your_folder/INSERTED/counter.txt"

try:
    with open(file, "r") as f:
        count = int(f.read().strip())
except:
    count = 0

count += 1

with open(file, "w") as f:
    f.write(str(count))

print("Content-Type: text/html\n")
print(f"Visitors: {count}")

and an empty counter.txt in ../your_folder/INSERTED/

Contact: office@2transfer.eu

Copyright © IBlocker.eu project. Proudly powered by Open Source software. Copyright Notice | Terms of Service | Privacy Policy

© Design: www.iblocker.eu

Clone this wiki locally