Browse Source

adblock: 0.60.1

- fix possible race condition during startup
- fix duplicate logging during startup
- fix wget parms to prevent partitial downloads
- fix iptables rules to meet openwrt user chains
- added a rule in output chain to reject local ad related requests as
well
- changed default IPv4/IPv6 blackhole ip address to fix routing issues
with windows clients

Signed-off-by: Dirk Brenken <openwrt@brenken.org>
lilik-openwrt-22.03
Dirk Brenken 9 years ago
parent
commit
1b8358b1ab
5 changed files with 180 additions and 124 deletions
  1. +1
    -1
      net/adblock/Makefile
  2. +6
    -6
      net/adblock/files/README.md
  3. +140
    -99
      net/adblock/files/adblock-helper.sh
  4. +30
    -18
      net/adblock/files/adblock-update.sh
  5. +3
    -0
      net/adblock/files/adblock.conf

+ 1
- 1
net/adblock/Makefile View File

@ -7,7 +7,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=adblock
PKG_VERSION:=0.60.0
PKG_VERSION:=0.60.1
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0+
PKG_MAINTAINER:=Dirk Brenken <openwrt@brenken.org>


+ 6
- 6
net/adblock/files/README.md View File

@ -42,7 +42,7 @@ When the dns server on your router receives dns requests, you will sort out quer
* overall duplicate removal in separate adblock lists (will be automatically disabled on low memory systems)
* adblock source list parsing by fast & flexible regex rulesets
* additional white- and blacklist support for manual overrides
* quality checks during/after update of adblock lists to ensure a reliable dnsmasq service
* quality checks during & after update of adblock lists to ensure a reliable dnsmasq service
* wan update check, to wait for an active wan uplink before update
* basic adblock statistics via iptables packet counters
* status & error logging to stdout and syslog
@ -53,9 +53,9 @@ When the dns server on your router receives dns requests, you will sort out quer
## Prerequisites
* [openwrt](https://openwrt.org), tested with latest stable release (Chaos Calmer 15.05) and with current trunk (Designated Driver > r47025)
* required software packages:
* usual openwrt setup with 'iptables' & 'uhttpd', additional required software packages:
* wget
* optional for IPv6 support: kmod-ipt-nat6
* optional: 'kmod-ipt-nat6' for IPv6 support
* the above dependencies and requirements will be checked during package installation & script runtime, please check console output or *logread -e "adblock"* for errors
## Usage
@ -70,7 +70,7 @@ When the dns server on your router receives dns requests, you will sort out quer
* => see [openwrt wiki](https://wiki.openwrt.org/doc/uci/fstab) for further details
* add static, personal domain white- or blacklist entries, one domain per line (wildcards & regex are not allowed!), by default both lists are located in */etc/adblock*
* enable the backup/restore feature, to restore automatically the latest, stable backup of your adblock lists in case of any processing error
* enable the debug log feature for continuous logfile writing to monitor the adblock runs over a longer period
* enable the logging feature for continuous logfile writing to monitor the adblock runs over a longer period
## Distributed samples
* all sample configuration files stored in */etc/adblock/samples*
@ -82,8 +82,8 @@ When the dns server on your router receives dns requests, you will sort out quer
## Background
This adblock package is a dns/dnsmasq based adblock solution for openwrt.
Queries to ad/abuse domains are never forwarded and always replied with a local IP address which may be IPv4 or IPv6.
For that purpose adblock uses an ip address from the old reserved [class 'E'](https://tools.ietf.org/html/rfc1700) subnet (254.0.0.1 / ::ffff:fe00:0001) by default.
Furthermore all ad/abuse queries will be filtered by ip(6)tables and redirected to internal adblock pixel server (in PREROUTING chain) or rejected (in FORWARD chain).
For that purpose adblock uses an ip address from the private 'TEST-NET-1' subnet (192.0.2.1 / ::ffff:c000:0201) by default.
Furthermore all ad/abuse queries will be filtered by ip(6)tables and redirected to internal adblock pixel server (in PREROUTING chain) or rejected (in FORWARD and OUTPUT chain).
All iptables and uhttpd related adblock additions are non-destructive, no hard-coded changes in 'firewall.user', 'uhttpd' config or any other openwrt related config files.
## Removal


+ 140
- 99
net/adblock/files/adblock-helper.sh View File

@ -47,19 +47,14 @@ f_envload()
#
f_envparse()
{
# set the C locale, characters are single bytes, the charset is ASCII
# speeds up sort, grep etc.
#
LC_ALL=C
# set initial defaults,
# may be overwritten by setting appropriate adblock config options in global section of /etc/config/adblock
#
adb_wanif="wan"
adb_lanif="lan"
adb_port="65535"
adb_nullipv4="254.0.0.1"
adb_nullipv6="::ffff:fe00:0001"
adb_nullipv4="192.0.2.1"
adb_nullipv6="::ffff:c000:0201"
adb_maxtime="60"
adb_maxloop="20"
adb_blacklist="/etc/adblock/adblock.blacklist"
@ -136,14 +131,21 @@ f_envparse()
# set more script defaults (can't be overwritten by adblock config options)
#
adb_minspace="20000"
adb_unique="1"
adb_cnt=0
adb_minspace=20000
adb_unique=1
adb_tmpfile="$(mktemp -tu 2>/dev/null)"
adb_tmpdir="$(mktemp -p /tmp -d 2>/dev/null)"
adb_dnsdir="/tmp/dnsmasq.d"
adb_dnsprefix="adb_list"
unset adb_srcfind
unset adb_revsrcfind
adb_prechain_ipv4="prerouting_rule"
adb_fwdchain_ipv4="forwarding_rule"
adb_outchain_ipv4="output_rule"
adb_prechain_ipv6="PREROUTING"
adb_fwdchain_ipv6="forwarding_rule"
adb_outchain_ipv6="output_rule"
unset adb_srclist
unset adb_revsrclist
# set adblock source ruleset definitions
#
@ -164,21 +166,34 @@ f_envparse()
rset_yoyo="${rset_start} | sed 's/,/\n/g' | ${rset_end}"
rset_zeus="${rset_start} | ${rset_end}"
# get logical wan update interfaces
# get logical wan update interfaces (with default route) and their device names
#
network_find_wan adb_wanif4 2>/dev/null
network_find_wan6 adb_wanif6 2>/dev/null
if [ "${adb_wanif4}" = "${adb_lanif}" ] || [ "${adb_wanif6}" = "${adb_lanif}" ]
then
rc=125
f_log "LAN only (${adb_lanif}) network, no valid IPv4/IPv6 wan update interface found" "${rc}"
f_exit
elif [ -z "${adb_wanif4}" ] && [ -z "${adb_wanif6}" ]
then
rc=125
f_log "no valid IPv4/IPv6 wan update interface found" "${rc}"
f_exit
fi
while [ $((adb_cnt)) -le $((adb_maxloop)) ]
do
network_find_wan adb_wanif4 2>/dev/null
network_find_wan6 adb_wanif6 2>/dev/null
if [ -z "${adb_wanif4}" ] && [ -z "${adb_wanif6}" ]
then
network_flush_cache
elif [ "${adb_wanif4}" = "${adb_lanif}" ] || [ "${adb_wanif6}" = "${adb_lanif}" ]
then
rc=125
f_log "LAN only (${adb_lanif}) network, no valid IPv4/IPv6 wan update interface found" "${rc}"
f_exit
else
network_get_device adb_wandev4 "${adb_wanif4}" 2>/dev/null
network_get_device adb_wandev6 "${adb_wanif6}" 2>/dev/null
break
fi
if [ $((adb_cnt)) -ge $((adb_maxloop)) ]
then
rc=125
f_log "no valid IPv4/IPv6 wan update interface found" "${rc}"
f_exit
fi
adb_cnt=$((adb_cnt + 1))
sleep 1
done
# get lan ip addresses
#
@ -203,6 +218,7 @@ f_envcheck()
{
# check general package dependencies
#
f_depend "uhttpd"
f_depend "wget"
f_depend "iptables"
f_depend "kmod-ipt-nat"
@ -231,9 +247,9 @@ f_envcheck()
check="$(printf "${pkg_list}" | grep "^ca-certificates -" 2>/dev/null)"
if [ -z "${check}" ]
then
wget_parm="--no-config --no-check-certificate --quiet"
wget_parm="--no-config --no-check-certificate --quiet --tries=1 --no-cache --no-cookies --max-redirect=0"
else
wget_parm="--no-config --quiet"
wget_parm="--no-config --quiet --tries=1 --no-cache --no-cookies --max-redirect=0"
fi
# check adblock blacklist/whitelist configuration
@ -254,10 +270,11 @@ f_envcheck()
#
if [ -n "${adb_tmpdir}" ] && [ -d "${adb_tmpdir}" ]
then
f_space "${adb_tmpdir}" "please supersize your /tmp directory"
f_space "${adb_tmpdir}"
if [ "${space_ok}" = "false" ]
then
rc=140
f_log "not enough space in '${adb_tmpdir}', please supersize your temp directory" "${rc}"
f_exit
fi
else
@ -274,19 +291,21 @@ f_envcheck()
if [ $((mem_total)) -le 64000 ] && [ $((swap_total)) -eq 0 ]
then
adb_unique=0
f_log "overall sort/unique processing will be disabled,"
f_log "please consider adding an external swap device to supersize your /tmp directory (total: ${mem_total}, free: ${mem_free}, swap: ${mem_swap})"
f_log "not enough memory, overall sort/unique processing will be disabled"
f_log "please consider adding an external swap device to supersize your temp directory (total: ${mem_total}, free: ${mem_free}, swap: ${mem_swap})"
fi
# check backup configuration
#
if [ -n "${adb_backupdir}" ] && [ -d "${adb_backupdir}" ]
then
f_space "${adb_backupdir}" "backup/restore will be disabled"
f_space "${adb_backupdir}"
if [ "${space_ok}" = "false" ]
then
f_log "backup/restore will be disabled"
backup_ok="false"
else
f_log "backup/restore will be enabled"
backup_ok="true"
fi
else
@ -294,41 +313,45 @@ f_envcheck()
f_log "backup/restore will be disabled"
fi
# check debug log configuration
# check log configuration
#
adb_logdir="${adb_logfile%/*}"
if [ -n "${adb_logdir}" ] && [ -d "${adb_logdir}" ]
then
f_space "${adb_logdir}" "debug logging will be disabled"
f_space "${adb_logdir}"
if [ "${space_ok}" = "false" ]
then
f_log "not enough space in '${adb_logdir}', logging will be disabled"
log_ok="false"
else
f_log "logging will be enabled"
log_ok="true"
fi
else
log_ok="false"
f_log "debug logging will be disabled"
f_log "logging will be disabled"
fi
# check ipv4/iptables configuration
#
if [ -n "${adb_wanif4}" ]
then
f_firewall "IPv4" "nat" "I" "PREROUTING" "adb-nat: tcp, port 80, DNAT" "-p tcp -d ${adb_nullipv4} --dport 80 -j DNAT --to-destination ${adb_ipv4}:${adb_port}"
f_firewall "IPv4" "nat" "A" "PREROUTING" "adb-dns: udp, port 53, DNAT" "-p udp --dport 53 -j DNAT --to-destination ${adb_ipv4}"
f_firewall "IPv4" "nat" "A" "PREROUTING" "adb-dns: tcp, port 53, DNAT" "-p tcp --dport 53 -j DNAT --to-destination ${adb_ipv4}"
f_firewall "IPv4" "filter" "I" "FORWARD" "adb-rej: all protocols, all ports, REJECT" "-d ${adb_nullipv4} -j REJECT"
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adblock-pre" "-p tcp -d ${adb_nullipv4} --dport 80 -j REDIRECT --to-ports ${adb_port}"
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adblock-dns" "-p udp --dport 53 -j REDIRECT"
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adblock-dns" "-p tcp --dport 53 -j REDIRECT"
f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adblock-fwd" "-d ${adb_nullipv4} -j REJECT"
f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adblock-out" "-d ${adb_nullipv4} -j REJECT"
fi
# check ipv6/ip6tables configuration
#
if [ -n "${adb_wanif6}" ]
then
f_firewall "IPv6" "nat" "I" "PREROUTING" "adb-nat: tcp, port 80, DNAT" "-p tcp -d ${adb_nullipv6} --dport 80 -j DNAT --to-destination [${adb_ipv6}]:${adb_port}"
f_firewall "IPv6" "nat" "A" "PREROUTING" "adb-dns: udp, port 53, DNAT" "-p udp --dport 53 -j DNAT --to-destination ${adb_ipv6}"
f_firewall "IPv6" "nat" "A" "PREROUTING" "adb-dns: tcp, port 53, DNAT" "-p tcp --dport 53 -j DNAT --to-destination ${adb_ipv6}"
f_firewall "IPv6" "filter" "I" "FORWARD" "adb-rej: all protocols, all ports, REJECT" "-d ${adb_nullipv6} -j REJECT"
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adblock-pre" "-p tcp -d ${adb_nullipv6} --dport 80 -j REDIRECT --to-ports ${adb_port}"
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adblock-dns" "-p udp --dport 53 -j REDIRECT"
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adblock-dns" "-p tcp --dport 53 -j REDIRECT"
f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adblock-fwd" "-d ${adb_nullipv6} -j REJECT"
f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adblock-out" "-d ${adb_nullipv6} -j REJECT"
fi
# check volatile adblock uhttpd instance configuration
@ -374,19 +397,18 @@ f_envcheck()
# wait for active wan update interface
#
cnt=0
while [ $((cnt)) -le $((adb_maxloop)) ]
while [ $((adb_cnt)) -le $((adb_maxloop)) ]
do
for interface in ${adb_wanif}
do
network_get_device adb_wandev "${interface}" 2>/dev/null
if [ -z "${adb_wandev}" ] || [ ! -d "/sys/class/net/${adb_wandev}" ]
then
if [ -n "${adb_wanif4}" ]
if [ -n "${adb_wandev4}" ]
then
network_get_device adb_wandev "${adb_wanif4}" 2>/dev/null
adb_wandev="${adb_wandev4}"
else
network_get_device adb_wandev "${adb_wanif6}" 2>/dev/null
adb_wandev="${adb_wandev6}"
fi
if [ -z "${adb_wandev}" ] || [ ! -d "/sys/class/net/${adb_wandev}" ]
then
@ -398,15 +420,15 @@ f_envcheck()
check="$(cat /sys/class/net/${adb_wandev}/operstate 2>/dev/null)"
if [ "${check}" = "up" ]
then
f_log "get active wan update interface/device (${adb_wanif}/${adb_wandev}) after ${cnt} loops"
f_log "get active wan update interface/device (${adb_wanif}/${adb_wandev})"
break 2
elif [ $((cnt)) -eq $((adb_maxloop)) ]
elif [ $((adb_cnt)) -eq $((adb_maxloop)) ]
then
rc=145
f_log "wan update interface/device not running (${adb_wanif}/${adb_wandev}) after ${cnt} loops" "${rc}"
f_log "wan update interface/device not running (${adb_wanif}/${adb_wandev})" "${rc}"
f_restore
fi
cnt=$((cnt + 1))
adb_cnt=$((adb_cnt + 1))
sleep 1
done
done
@ -415,7 +437,6 @@ f_envcheck()
#
if [ -n "${adb_ntpsrv}" ]
then
cnt=0
unset ntp_pool
for srv in ${adb_ntpsrv}
do
@ -425,11 +446,9 @@ f_envcheck()
rc=${?}
if [ $((rc)) -eq 0 ]
then
ntp_ok="true"
f_log "get ntp time sync"
else
rc=0
ntp_ok="false"
f_log "ntp time sync failed"
fi
fi
@ -457,14 +476,13 @@ f_envcheck()
#
f_depend()
{
local rc_func
local package="${1}"
check="$(printf "${pkg_list}" | grep "^${package} -" 2>/dev/null)"
if [ -z "${check}" ]
then
rc_func=150
f_log "package '${package}' not found" "${rc_func}"
rc=150
f_log "package '${package}' not found" "${rc}"
f_exit
fi
}
@ -474,7 +492,6 @@ f_depend()
#
f_firewall()
{
local rc_func
local ipt
local iptv4="/usr/sbin/iptables"
local iptv6="/usr/sbin/ip6tables"
@ -496,16 +513,16 @@ f_firewall()
# check whether iptables rule already applied and proceed accordingly
#
rc_func="$("${ipt}" -w -t "${table}" -C "${chain}" -m comment --comment "${notes}" ${rules} >/dev/null 2>&1; printf ${?})"
if [ $((rc_func)) -ne 0 ]
rc="$("${ipt}" -w -t "${table}" -C "${chain}" -m comment --comment "${notes}" ${rules} >/dev/null 2>&1; printf ${?})"
if [ $((rc)) -ne 0 ]
then
"${ipt}" -w -t "${table}" -"${ctype}" "${chain}" -m comment --comment "${notes}" ${rules} >/dev/null 2>&1
rc_func=${?}
if [ $((rc_func)) -eq 0 ]
rc=${?}
if [ $((rc)) -eq 0 ]
then
f_log "created volatile ${proto} firewall rule in '${chain}' chain (${notes})"
else
f_log "failed to initialize volatile ${proto} firewall rule in '${chain}' chain (${notes})" "${rc_func}"
f_log "failed to initialize volatile ${proto} firewall rule in '${chain}' chain (${notes})" "${rc}"
f_restore
fi
fi
@ -530,8 +547,12 @@ f_log()
log_rc=", rc: ${log_rc}"
log_msg="${log_msg}${log_rc}"
fi
/usr/bin/logger -s -t "adblock[${pid}] ${class}" "${log_msg}"
if [ "${log_ok}" = "true" ] && [ "${ntp_ok}" = "true" ]
/usr/bin/logger -t "adblock[${pid}] ${class}" "${log_msg}"
if [ -t 1 ]
then
printf "%s\n" "adblock[${pid}] ${class}: ${log_msg}"
fi
if [ "${log_ok}" = "true" ]
then
printf "%s\n" "$(/bin/date "+%d.%m.%Y %H:%M:%S") adblock[${pid}] ${class}: ${log_msg}" >> "${adb_logfile}"
fi
@ -543,9 +564,7 @@ f_log()
#
f_space()
{
local rc_func
local mp="${1}"
local notes="${2}"
# check relevant mount points in a subshell
#
@ -558,22 +577,23 @@ f_space()
av_space="${available}"
if [ $((av_space)) -eq 0 ]
then
rc_func=155
f_log "no space left on device/not mounted (${mp}), ${notes}"
exit ${rc_func}
rc=155
f_log "no space left on device/not mounted (${mp})"
exit ${rc}
elif [ $((av_space)) -lt $((adb_minspace)) ]
then
rc_func=155
f_log "not enough space left on device (${mp}), ${notes}"
exit ${rc_func}
rc=155
f_log "not enough space left on device (${mp})"
exit ${rc}
fi
done
# subshell return code handling, set space trigger accordingly
#
rc_func=${?}
if [ $((rc_func)) -ne 0 ]
rc=${?}
if [ $((rc)) -ne 0 ]
then
rc=0
space_ok="false"
fi
fi
@ -584,7 +604,6 @@ f_space()
#
f_restore()
{
local rc_func
local removal_done
local restore_done
@ -592,11 +611,11 @@ f_restore()
#
if [ -n "${adb_revsrclist}" ]
then
find "${adb_dnsdir}" -maxdepth 1 -type f \( ${adb_revsrcfind} \) -exec rm -f "{}" \; 2>/dev/null
rc_func=${?}
if [ $((rc_func)) -ne 0 ]
find "${adb_dnsdir}" -maxdepth 1 -type f \( ${adb_revsrclist} \) -exec rm -f "{}" \; 2>/dev/null
rc=${?}
if [ $((rc)) -ne 0 ]
then
f_log "error during removal of bogus adblock lists" "${rc_func}"
f_log "error during removal of bogus adblock lists" "${rc}"
f_exit
else
removal_done="true"
@ -612,10 +631,10 @@ f_restore()
do
filename="${file##*/}"
cp -pf "${file}" "${adb_dnsdir}" 2>/dev/null
rc_func=${?}
if [ $((rc_func)) -ne 0 ]
rc=${?}
if [ $((rc)) -ne 0 ]
then
f_log "error during restore of adblock list (${filename})" "${rc_func}"
f_log "error during restore of adblock list (${filename})" "${rc}"
f_exit
fi
restore_done="true"
@ -635,10 +654,16 @@ f_restore()
if [ -n "${dns_status}" ]
then
rc=0
if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ]
then
adb_count="$(($(head -qn -4 "${adb_dnsdir}/${adb_dnsprefix}."* 2>/dev/null | wc -l) / 2))"
else
adb_count="$(head -qn -4 "${adb_dnsdir}/${adb_dnsprefix}."* 2>/dev/null | wc -l)"
fi
f_log "adblock lists with overall ${adb_count} domains loaded"
else
rc=160
f_log "dnsmasq restart failed, please check 'logread' output" "${rc}"
f_restore
fi
fi
f_exit
@ -650,10 +675,14 @@ f_restore()
#
f_exit()
{
local ipv4_nat
local ipv4_rej
local ipv6_nat
local ipv6_rej
local ipv4_prerouting
local ipv4_forward
local ipv4_output
local ipv6_prerouting
local ipv6_forward
local ipv6_output
local iptv4="/usr/sbin/iptables"
local iptv6="/usr/sbin/ip6tables"
# delete temporary files & directories
#
@ -670,23 +699,35 @@ f_exit()
#
if [ $((rc)) -eq 0 ]
then
if [ -n "${adb_wanif4}" ]
then
ipv4_prerouting="$(${iptv4} -t nat -vnL | grep -F "adblock-pre" | grep -Eo "[0-9]+" | head -n1)"
ipv4_forward="$(${iptv4} -vnL | grep -F "adblock-fwd" | grep -Eo "[0-9]+" | head -n1)"
ipv4_output="$(${iptv4} -vnL | grep -F "adblock-out" | grep -Eo "[0-9]+" | head -n1)"
fi
if [ -n "${adb_wanif6}" ]
then
ipv6_prerouting="$(${iptv6} -t nat -vnL | grep -F "adblock-pre" | grep -Eo "[0-9]+" | head -n1)"
ipv6_forward="$(${iptv6} -vnL | grep -F "adblock-fwd" | grep -Eo "[0-9]+" | head -n1)"
ipv6_output="$(${iptv6} -vnL | grep -F "adblock-out" | grep -Eo "[0-9]+" | head -n1)"
fi
if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ]
then
ipv4_nat="$(iptables -t nat -vnL | grep -F "adb-nat" | grep -Eo "[0-9]+" | head -n1)"
ipv4_rej="$(iptables -vnL | grep -F "adb-rej" | grep -Eo "[0-9]+" | head -n1)"
ipv6_nat="$(ip6tables -t nat -vnL | grep -F "adb-nat" | grep -Eo "[0-9]+" | head -n1)"
ipv6_rej="$(ip6tables -vnL | grep -F "adb-rej" | grep -Eo "[0-9]+" | head -n1)"
f_log "adblock firewall statistics (IPv4/IPv6): ${ipv4_nat}/${ipv6_nat} packets redirected in PREROUTING chain, ${ipv4_rej}/${ipv6_rej} packets rejected in FORWARD chain"
f_log "adblock firewall statistics (IPv4/IPv6):"
f_log "${ipv4_prerouting}/${ipv6_prerouting} packets redirected in PREROUTING chain"
f_log "${ipv4_forward}/${ipv6_forward} packets rejected in FORWARD chain"
f_log "${ipv4_output}/${ipv6_output} packets rejected in OUTPUT chain"
elif [ -n "${adb_wanif4}" ]
then
ipv4_nat="$(iptables -t nat -vnL | grep -F "adb-nat" | grep -Eo "[0-9]+" | head -n1)"
ipv4_rej="$(iptables -vnL | grep -F "adb-rej" | grep -Eo "[0-9]+" | head -n1)"
f_log "adblock firewall statistics (IPv4): ${ipv4_nat} packets redirected in PREROUTING chain, ${ipv4_rej} packets rejected in FORWARD chain"
f_log "adblock firewall statistics (IPv4):"
f_log "${ipv4_prerouting} packets redirected in PREROUTING chain"
f_log "${ipv4_forward} packets rejected in FORWARD chain"
f_log "${ipv4_output} packets rejected in OUTPUT chain"
elif [ -n "${adb_wanif6}" ]
then
ipv6_nat="$(ip6tables -t nat -vnL | grep -F "adb-nat" | grep -Eo "[0-9]+" | head -n1)"
ipv6_rej="$(ip6tables -vnL | grep -F "adb-rej" | grep -Eo "[0-9]+" | head -n1)"
f_log "adblock firewall statistics (IPv6): ${ipv6_nat} packets redirected in PREROUTING chain, ${ipv6_rej} packets rejected in FORWARD chain"
f_log "${ipv6_prerouting} packets redirected in PREROUTING chain"
f_log "${ipv6_forward} packets rejected in FORWARD chain"
f_log "${ipv6_output} packets rejected in OUTPUT chain"
fi
f_log "domain adblock processing finished successfully (${adb_version}, ${openwrt_version}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))"
else


+ 30
- 18
net/adblock/files/adblock-update.sh View File

@ -23,9 +23,14 @@
# environment #
###############
# set the C locale, characters are single bytes, the charset is ASCII
# speeds up things like sort, grep etc.
#
LC_ALL=C
# set script version
#
adb_version="0.60.0"
adb_version="0.60.1"
# get current pid, script directory and openwrt version
#
@ -48,9 +53,9 @@ fi
# main program #
################
# call restore function on trap signals (HUP, INT, QUIT, BUS, SEGV, TERM)
# call exit function on trap signals (HUP, INT, QUIT, BUS, SEGV, TERM)
#
trap "rc=255; f_log 'trap error' '${rc}'; f_restore" 1 2 3 10 11 15
trap "rc=255; f_log 'error signal received/trapped' '${rc}'; f_exit" 1 2 3 10 11 15
# start logging
#
@ -94,7 +99,7 @@ then
fi
if [ -z "${list_time}" ] || [ "${list_time}" != "${shalla_time}" ]
then
wget ${wget_parm} --timeout="${adb_maxtime}" --tries=1 --output-document="${shalla_archive}" "${adb_arc_shalla}" 2>/dev/null
wget ${wget_parm} --timeout="${adb_maxtime}" --output-document="${shalla_archive}" "${adb_arc_shalla}" 2>/dev/null
rc=${?}
if [ $((rc)) -eq 0 ]
then
@ -126,7 +131,7 @@ then
rc=0
fi
else
adb_srcfind="! -name ${adb_dnsprefix}.${src_name}"
adb_srclist="! -name ${adb_dnsprefix}.${src_name}"
f_log " source archive doesn't change, no update required"
fi
fi
@ -152,11 +157,11 @@ do
# prepare find statement with active adblock list sources
#
if [ -z "${adb_srcfind}" ]
if [ -z "${adb_srclist}" ]
then
adb_srcfind="! -name ${adb_dnsprefix}.${src_name}"
adb_srclist="! -name ${adb_dnsprefix}.${src_name}"
else
adb_srcfind="${adb_srcfind} -a ! -name ${adb_dnsprefix}.${src_name}"
adb_srclist="${adb_srclist} -a ! -name ${adb_dnsprefix}.${src_name}"
fi
# only download adblock list with newer/updated timestamp
@ -187,7 +192,7 @@ do
tmp_domains="$(cat "${shalla_file}" 2>/dev/null)"
rc=${?}
else
tmp_domains="$(wget ${wget_parm} --timeout="${adb_maxtime}" --tries=1 --output-document=- "${url}" 2>/dev/null)"
tmp_domains="$(wget ${wget_parm} --timeout="${adb_maxtime}" --output-document=- "${url}" 2>/dev/null)"
rc=${?}
fi
else
@ -212,8 +217,8 @@ do
f_log " empty source download finished"
continue
else
f_log " source download failed"
rc=0
f_log " source download failed"
continue
fi
@ -233,11 +238,11 @@ do
# prepare find statement with revised adblock list sources
#
if [ -z "${adb_revsrcfind}" ]
if [ -z "${adb_revsrclist}" ]
then
adb_revsrcfind="-name ${adb_dnsprefix}.${src_name}"
adb_revsrclist="-name ${adb_dnsprefix}.${src_name}"
else
adb_revsrcfind="${adb_revsrcfind} -o -name ${adb_dnsprefix}.${src_name}"
adb_revsrclist="${adb_revsrclist} -o -name ${adb_dnsprefix}.${src_name}"
fi
# write preliminary adblock list footer
@ -267,9 +272,9 @@ done
# remove old adblock lists and their backups
#
if [ -n "${adb_srcfind}" ]
if [ -n "${adb_srclist}" ]
then
adb_rmfind="$(find "${adb_dnsdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" \( ${adb_srcfind} \) -print -exec rm -f "{}" \; 2>/dev/null)"
adb_rmfind="$(find "${adb_dnsdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" \( ${adb_srclist} \) -print -exec rm -f "{}" \; 2>/dev/null)"
if [ $((rc)) -eq 0 ] && [ -n "${adb_rmfind}" ]
then
f_log "no longer used adblock lists removed" "${rc}"
@ -280,7 +285,7 @@ then
fi
if [ "${backup_ok}" = "true" ]
then
find "${adb_backupdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" \( ${adb_srcfind} \) -exec rm -f "{}" \; 2>/dev/null
find "${adb_backupdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" \( ${adb_srclist} \) -exec rm -f "{}" \; 2>/dev/null
if [ $((rc)) -ne 0 ]
then
f_log "error during removal of old backups" "${rc}"
@ -302,7 +307,7 @@ fi
#
if [ $((adb_unique)) -eq 1 ]
then
if [ -n "${adb_revsrcfind}" ]
if [ -n "${adb_revsrclist}" ]
then
f_log "remove duplicates in separate adblock lists"
@ -352,10 +357,17 @@ else
adb_count="$(head -qn -4 "${adb_dnsdir}/${adb_dnsprefix}."* 2>/dev/null | wc -l)"
fi
# restore adblock lists if overall count is null (i.e. all downloads failed)
#
if [ "${backup_ok}" = "true" ] && [ $((adb_count)) -eq 0 ]
then
f_restore
fi
# restart dnsmasq with newly generated or deleted adblock lists,
# check dnsmasq startup afterwards
#
if [ -n "${adb_revsrcfind}" ] || [ -n "${adb_rmfind}" ]
if [ -n "${adb_revsrclist}" ] || [ -n "${adb_rmfind}" ]
then
/etc/init.d/dnsmasq restart >/dev/null 2>&1
sleep 2


+ 3
- 0
net/adblock/files/adblock.conf View File

@ -1,3 +1,6 @@
# adblock configuration, for further information
# please see /etc/adblock/samples/adblock.conf.sample
# and /etc/adblock/README.md
config adblock "global"
option adb_blacklist "/etc/adblock/adblock.blacklist"


Loading…
Cancel
Save