quakemachineX

这个脚本可以批量删除 NVRAM 中以某些字符串开头的内容：

#/bin/sh
#scriptname: nvram_unset_pro
for _TEMPVAR in `nvram show 2>/dev/null|grep "^$1"|cut -d'=' -f1`;
	do nvram unset $_TEMPVAR;
done

用法：

nvram_unset_pro bt_

这样就删除了所有 bt_ 开头的设置项。

记得删除完成后用

nvram commit

提交，否则路由器重启后又会生成。

一、下载源程序

git clone https://github.com/semigodking/redsocks.git

二、编译

cd redsocks-master
make

会出错：

parser.c: In function 'vp_in_addr':
parser.c:306: error: 'AI_ADDRCONFIG' undeclared (first use in this function)
parser.c:306: error: (Each undeclared identifier is reported only once
parser.c:306: error: for each function it appears in.)
make: *** [parser.o] Error 1

三、解决，在parser.c文件的第32行插入如下代码：

#ifndef AI_ADDRCONFIG
#define AI_ADDRCONFIG 0x0020
#endif

网上的都要用到 find -mtime，这个参数默认的 busybox 是不支持的，当然你可以下 findunti ,我这个脚本无需额外的程序支持：

#!/bin/sh
# optware backup
# Sun Feb 19 00:34:42 CST 2012
# by Punk

keep=3                                                #保留历史备份数
backup_source="opt"                            #需要备份的目录，不可有/开头
backup_dest="/cifs2/hdtv/!opt_bak/"      #备份文件存储目录
date=`date +%Y-%m-%d`
hostname=$(hostname -s)
prename="$hostname-optware"
filename="$prename-$date.tgz"

delete_old() {
echo Deleting old backup of Optware...
totalline=`find "$backup_dest" -name "$prename*.tgz" | wc -l`
if [ $totalline -ge $keep ];then
    dell=$(($totalline-$keep))
    find "$backup_dest" -name "$prename-*.tgz" | sort | head -n $dell | xargs rm -rf
fi
echo Deleting old backup of Optware Finished!
}

backup() {
echo "Backing Up Your Optware System..."
tar czf $backup_dest/$filename -C / $backup_source
echo "Optware Backup Finished!"
}
backup
delete_old

1478 for PPPoA/VC-MUX

1470 for PPPoA/LLC

1446 for PPPoE over ATM/LLC

2015.07.03 更新，更好的支持 Tomato ARM 版本：

#!/bin/sh

#USE AT YOUR OWN RISK.
#THIS SCRIPT DOES NOT COME WITH ANY WARRANTY WHATSOEVER.
#
#Backs up selected nvram variables in "nvram export --set" format.
#
#Correctly handles multi-line entries.
#
#Thanks to ryzhov_al for basic approach.
#
#Should work equally well with both MIPS and ARM builds.
#
#Looks for a list of items to export in $etc/scriptname.ini
#OR enter items to grep for below.
#
#The items list is a list of regular expressions to match against the
#nvram variable names.
#
#Script assumes all entries are at beginning of line(prefixed with ^).
#
#Leave items list blank to backup up all of nvram.  Resulting in essentially
#the same output as MIPS "nvram export --set"
#
#The items list below is only intended as example and is not complete or
#comprehensive. Customize for your own use.
#

#Edit list below if not using .ini file, it is ignored if .ini file is found
items='
DSCP_
atm_overhead
cifs[1-2]
ctf_
ct_
dhcp_
dhcpd_
ddnsx[0-2]
dnsmasq_
dns_
https_
http_enable
http_lanport
http_wanport
http_passwd
lan_hostname
lan_ipaddr
lan_proto
modem_ipaddr
ne_
new_qoslimit_
nf_
ntp_
portforward
ppp_
pppoe_
qos_
qosl_
router_name
rrule[0-9]
cstats_
rstats_
script_
smbd_
sch_
sshd_eas
sshd_forwarding
sshd_motd
sshd_pass
sshd_port
sshd_remote
sshd_rport
tm_
tomatoanon_
usb_
upnp_
wan_dns
wan_proto
wan_hostname
wan_domain
wan_hwaddr
wan_mtu
web_css
web_mx
wl[0-9]_security_mode
wl[0-9]_ssid
wl[0-9]_wpa_psk
'

etc=/opt/etc
base=${0##*/}; base=${base%.*}
config=$etc/$base.ini

#file to output - default to stdout
filename="$1"
curr_date=$(date +"%Y-%m-%d")
if [ $# -eq 0 -o "$filename" = "" ]; then
    backupfile="/opt/etc/init.d/nvram_backup-${curr_date}.txt"
else
    backupfile="/opt/etc/init.d/${filename}-${curr_date}.txt"
fi

grepstr=$( { [ -r $config ] && cat $config || echo "$items" ; } | sed -e 's/[t ]//g;/^$/d' | sed ':a;N;$!ba;s/n/\|^/g')

{
echo "#Exporting $grepstr"
for item in $(nvram show 2>/dev/null | grep "^.*=" | grep "$grepstr" | grep -v "hwaddr" | awk -F= "{print $1}" | sort -u)
do
  item_value="$(nvram get $item | sed 's!([$\"`])!\1!g'; echo nvgetwasnull)"
  case $item_value in
  nvgetwasnull) ;;
  *) echo "nvram set ${item}=\"${item_value%
nvgetwasnull}\"" ;;
  esac
done
}>"$backupfile"

比较完美的解决了多行文本框内容的备份，例如脚本等处。

#!/bin/sh

#
#USE AT YOUR OWN RISK.
#THIS SCRIPT DOES NOT COME WITH ANY WARRANTY WHATSOEVER.
#

#file to output
backupfile='/mnt/optware/opt/etc/init.d/nvram_restore.sh'

#Enter strings to grep for here.
#
#Use heredocs to build grep from one entry per
#line for ease of maintenance.
#
#Could easily be changed to read external config file.
#
#sed is not my best skill - there may well be cleaner syntax, and
#admittedly this is some quick cut and paste from another script
grepstr=$(cat << EOF |  sed -e 's/[t ]//g;/^$/d' | sed ':a;N;$!ba;s/n/\|/g'
^dhcp_
^dhcpd_
^ddnsx
^dnsmasq
^dns_
^https_
^http_passwd
^lan_hostname
^lan_ipaddr
^wan_dns
^wan_proto
^wan_hostname
^wan_domain
^wan_hwaddr
^router_name
^modem_ipaddr
^rrule1
^cstats_
^rstats_
^qos
^new_qoslimit_
^ctf_
^ct_
^bt_
^ne_
^nf_
^ntp_
^smbd_
^usb_
^upnp_
^script_
^wl[0-9]_security_mode
^wl[0-9]_ssid
^wl[0-9]_wpa_psk
^cifs[0-9]
EOF
)

#uncomment next line if you want to see what above creates
#echo $grepstr
[ -e $backupfile ] && rm $backupfile

echo "echo Restoring NVRAM settings" > $backupfile
echo "echo Note: This will overwrite your current NVRAM settings in NVRAM," >> $backupfile
echo "echo but they will not be permanent unless you do a 'nvram commit'" >> $backupfile

echo "echo Restore NVRAM rules..." >> $backupfile
echo Exporting NVRAM rules to $backupfile

#Below mostly from ryzhov_al
#sed to escape chars is mine, may not be complete.

for item in $(nvram show | grep "$grepstr"  | awk -F= "{print $1}")
do
    item_value=$(nvram get ${item} | sed 's!([$\"`])!\1!g')
    echo "nvram set ${item}=\"$item_value\"" >> $backupfile
done

echo "echo Restore of NVRAM settings complete" >> $backupfile
echo "echo To make them permanent, do: nvram commit" >> $backupfile

chmod +x $backupfile

echo NVRAM settings have been exported to $backupfile
echo Now feel free to try new settings
echo To restore from backup, type: $backupfile

感谢 linksysinfo 的高手们！

ASUS RT-N16 可谓好玩又不容易死的一款路由，内存大闪存大就是 NVRAM 尺寸太小，才 32k 。（新的 Linksys 路由器都是 64k）

我的16还加了 5G 网卡，又多了一堆设置，开机就剩余 8k 不到，这样的话，多写几个脚本，加多几个静态 IP 就不够用，G 了一下，DD-WRT Wiki 有答案，随意改一下 Tomato 就能用：

test -f /tmp/nvramshow && rm /tmp/nvramshow
nvram show >> /tmp/nvramshow
i=0
while read -r line; do
val=${line#*=}
var=${line%*=}
if [[ "$val" == "" ]] && [[ "$var" != "wl_wpa_psk" ]]; then
nvram unset $var
fi
i=`expr $i + 1`
if [[ $i == 50 ]]; then
sleep 2
i=0
fi
done < /tmp/nvramshow
exit 0

原理就是把 NVRAM 设置里面那些值为空的全部删掉，这样大约能节省出 3-5k 出来～

简化版：(会丢失无线密码，请重设！)

for line in $(nvram show | grep =$); do var=${line%*=}; nvram unset $var;
done
nvram commit

iptables -N dnsfilter -t mangle
iptables -t mangle -I dnsfilter -p udp -m udp -m u32 --u32 "0&0x0F000000=0x05000000 && 22&0xFFFF@16=0x042442b2,0x0807c62d,0x253d369e,0x2e52ae44,0x3b1803ad,0x402158a1,0x4021632f,0x4042a3fb,0x4168cafc,0x41a0db71" -j DROP
iptables -t mangle -I dnsfilter -p udp -m udp -m u32 --u32 "0&0x0F000000=0x05000000 && 22&0xFFFF@16=0x422dfced,0x480ecd63,0x480ecd68,0x4e10310f,0x5d2e0859,0x80797e8b,0x9f6a794b,0xa9840d67,0xc043c606,0xca6a0102" -j DROP
iptables -t mangle -I dnsfilter -p udp -m udp -m u32 --u32 "0&0x0F000000=0x05000000 && 22&0xFFFF@16=0xcab50755,0xcb620741,0xcba1e6ab,0xcf0c5862,0xd0381f2b,0xd1244921,0xd1913632,0xd1dc1eae,0xd35e4293,0xd5a9fb23" -j DROP
iptables -t mangle -I dnsfilter -p udp -m udp -m u32 --u32 "0&0x0F000000=0x05000000 && 22&0xFFFF@16=0xd8ddbcb6,0xd8eab30d,0xf3b9bb27,0x4a7d7f66,0x4a7d9b66,0x4a7d2771,0x4a7d2766,0xd155e58a" -j DROP
iptables -t mangle -I PREROUTING -m udp -p udp --sport 53 -j dnsfilter

适用于基于 Linux 系统的路由器，Tomato，DD-WRT，OpenWRT 等，把脚本丢到路由器启动脚本里面即可。

家中或者公司使用了 Tomato 或者 DD-WRT 固件路由器的同学可能想分享他们的“私密” Hosts 文件，但是又不方便拷贝到每台机器，那么把这个 Hosts 文件内容放到路由器上是最方便的，不过 DNSMasq 的 Hosts 文件与 Windows 的 Hosts 文件格式不同，需要做一个转换，于是有了下面这个 HTML 文件，其实就是一个简单的 Javascript 转换。复制所有内容，存为任意命名的 HTML 文件，用浏览器打开，然后点击转换按钮，把转换后的数据贴到路由器 DNS 设置界面就行了。

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Hosts2DNSMasq</title>
<script type="text/javascript">
//类似 PHP 中的 trim
    function trim(str) {
        var str = str.replace(/^\s\s*/, ''),
            ws = /\s/,
            i = str.length;
        while (ws.test(str.charAt(--i)));
        return str.slice(0, i + 1);
    }
//转换 Hosts 文件格式到 DNSMasq 的格式
    function htol(el) {
        var i;
        var localz = new Array();
        var hosts = document.getElementById(el).value;
        var localzs='';
        hostdomain = hosts.split("\n");
        for (i=0;i<hostdomain.length;i++) {
            if (trim(hostdomain[i]) != '') {
                localz[i] = hostdomain[i].split("\t");
                if (localz[i][1] != undefined && localz[i][0].indexOf("#") == -1) {
                    localzs += 'address=/'+localz[i][1]+'/'+localz[i][0]+'\n';
                } else {
                    localzs += hostdomain[i]+'\n';
                }
            }
        }
        document.getElementById(el).value = localzs;
    }
</script>
</head>
<body>
    <div style="width:1024px; margin:0 auto;">
            <h2>HOSTS</h2>
            <div style="margin: 5px auto; display: block;">
            <button type="button" id="hosttolocal" onclick="htol('hostsMap');">ConventerToDNSMASQ</button>
            </div>
            <textarea id="hostsMap" onclick="this.focus();this.select()" style="width:98%;height:550px;margin:0;padding:3px;display:block;"></textarea>
    </div>
</body>
</html>

例如以下的 Hosts 数据：

203.208.45.200	base0.googlehosted.com
203.208.45.200	base1.googlehosted.com
203.208.45.200	base2.googlehosted.com
203.208.45.200	base3.googlehosted.com
203.208.45.200	base4.googlehosted.com
203.208.45.200	base5.googlehosted.com
203.208.45.200	bks0.books.google.com
203.208.45.200	bks1.books.google.com

会被转换成：

address=/base0.googlehosted.com/203.208.45.200
address=/base1.googlehosted.com/203.208.45.200
address=/base2.googlehosted.com/203.208.45.200
address=/base3.googlehosted.com/203.208.45.200
address=/base4.googlehosted.com/203.208.45.200
address=/base5.googlehosted.com/203.208.45.200
address=/bks0.books.google.com/203.208.45.200
address=/bks1.books.google.com/203.208.45.200

注意，只是做了简单的格式转换，没有利用 DNSMasq 的（泛域名）特性优化。

Samba 支持的 NTLM 版本低，nt6 系统要求支持 NTLMv2 。

运行里输入secpol.msc，进入-本地策略-安全选项里，选中：网络安全：LAN管理器身份验证级别,选择:发送LM和NTLM,如果已协商，使用ntlmv2回话，立即生效。

关于无线灯，也就是 WLED ，用 telnet 登录路由器，输入以下指令：

nvram set wl0gpio0=8
nvram commit
reboot

(wl0gpio0=8 是指无线开启LED不亮，有流量闪动，无线关闭LED常亮，这好象是 Linksys 以及 DD-WRT 默认的设置；如果设为136，则无线开启 LED 就亮，有流量闪动，无线关闭 LED 就不亮，这是我目前的设置）

关于那个 WPS 灯，也就是 SES LED(或者叫 WPS LED 什么的都行，反正就是 WPS 加密按钮上面那个灯），加入以下启动脚本：

while sleep 1; do if [ `nvram get security_mode` = "disabled" ]; then gpio disable 3; else gpio enable 3; fi; done &

实现的效果是，如果打开无线加密，灯是绿色，如果关闭就是黄色。

这玩意折磨我最久，关键是 security_mode 这个参数，网络上找到的基本都是 wl0_security_mode，而这个参数在我的 WRT54G2 上，无论设置无线加密与否它都是 psk2 不变！所以脚本根本不起作用。通过不停的开关无线加密，然后用 nvram show|grep 查看参数，最后找到了这个适用于表示 WRT54G2 的无线加密切换参数。

参考资料：

Security LED Script WRT300n v1.1

WZR-G300N gpio

Useful Scripts

Linksys WRT54G2 V1 with DD-WRT (Fixing WPS lights)