LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

Merge pull request #2386 from dibdot/adblock 

adblock: update to 0.70.0
lilik-openwrt-22.03
Hannu Nyman 9 years ago
parent
97df1dc2b3 7609da872d
commit
70e86e18a1
11 changed files with 329 additions and 354 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +7
    -24
      net/adblock/Makefile
  2. +44
    -34
      net/adblock/files/README.md
  3. +111
    -77
      net/adblock/files/adblock-helper.sh
  4. +96
    -61
      net/adblock/files/adblock-update.sh
  5. +12
    -3
      net/adblock/files/adblock.conf
  6. +59
    -0
      net/adblock/files/adblock.init
  7. +0
    -110
      net/adblock/files/samples/adblock.conf.sample
  8. +0
    -7
      net/adblock/files/samples/dhcp.config.sample
  9. +0
    -5
      net/adblock/files/samples/dnsmasq.conf.sample
  10. +0
    -26
      net/adblock/files/samples/rc.local.sample
  11. +0
    -7
      net/adblock/files/samples/root.crontab.sample

+ 7
- 24
net/adblock/Makefile View File

@ -7,7 +7,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=adblock PKG_NAME:=adblock
PKG_VERSION:=0.60.1
PKG_VERSION:=0.70.0
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0+ PKG_LICENSE:=GPL-3.0+
PKG_MAINTAINER:=Dirk Brenken <openwrt@brenken.org> PKG_MAINTAINER:=Dirk Brenken <openwrt@brenken.org>
@ -23,26 +23,8 @@ define Package/$(PKG_NAME)
endef endef
define Package/$(PKG_NAME)/description define Package/$(PKG_NAME)/description
Powerful adblock script to block ad/abuse domains
When the dns server on your router receives dns requests, we will sort out queries that ask for the resource
records of ad/abuse servers and return the local ip address of your router and the internal web server
delivers a transparent pixel instead.
The script supports the following domain blacklist sites:
https://adaway.org
https://disconnect.me
http://dshield.org
https://feodotracker.abuse.ch
http://malwaredomains.com
http://www.malwaredomainlist.com
https://palevotracker.abuse.ch
http://www.shallalist.de
http://www.spam404.com
http://someonewhocares.org
http://winhelp2002.mvps.org
http://pgl.yoyo.org/adservers
https://zeustracker.abuse.ch
Powerful adblock script to block ad/abuse domains.
Currently the script supports 15 domain blacklist sites plus manual black- and whitelist overrides.
Please see README.md in /etc/adblock for further information. Please see README.md in /etc/adblock for further information.
endef endef
@ -67,17 +49,18 @@ define Package/$(PKG_NAME)/install
$(INSTALL_BIN) ./files/adblock-update.sh $(1)/usr/bin/ $(INSTALL_BIN) ./files/adblock-update.sh $(1)/usr/bin/
$(INSTALL_DATA) ./files/adblock-helper.sh $(1)/usr/bin/ $(INSTALL_DATA) ./files/adblock-helper.sh $(1)/usr/bin/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/adblock.init $(1)/etc/init.d/adblock
$(INSTALL_DIR) $(1)/etc/config $(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/adblock.conf $(1)/etc/config/adblock $(INSTALL_CONF) ./files/adblock.conf $(1)/etc/config/adblock
$(INSTALL_DIR) $(1)/etc/adblock $(INSTALL_DIR) $(1)/etc/adblock
$(INSTALL_CONF) ./files/adblock.conf $(1)/etc/adblock/adblock.conf.default
$(INSTALL_CONF) ./files/adblock.blacklist $(1)/etc/adblock/ $(INSTALL_CONF) ./files/adblock.blacklist $(1)/etc/adblock/
$(INSTALL_CONF) ./files/adblock.whitelist $(1)/etc/adblock/ $(INSTALL_CONF) ./files/adblock.whitelist $(1)/etc/adblock/
$(INSTALL_CONF) ./files/README.md $(1)/etc/adblock/ $(INSTALL_CONF) ./files/README.md $(1)/etc/adblock/
$(INSTALL_DIR) $(1)/etc/adblock/samples
$(INSTALL_CONF) ./files/samples/*.sample $(1)/etc/adblock/samples/
$(INSTALL_DIR) $(1)/www/adblock $(INSTALL_DIR) $(1)/www/adblock
$(INSTALL_DATA) ./files/www/adblock/* $(1)/www/adblock/ $(INSTALL_DATA) ./files/www/adblock/* $(1)/www/adblock/
endef endef


+ 44
- 34
net/adblock/files/README.md View File

@ -2,38 +2,41 @@
## Description ## Description
A lot of people already use adblocker plugins within their desktop browsers, A lot of people already use adblocker plugins within their desktop browsers,
but what if you are using your (smart) phone, tablet, watch or any other wlan gadget...
...getting rid of annoying ads, trackers and other abuse sites (like facebook ;-) is simple: block them with your router.
but what if you are using your (smart) phone, tablet, watch or any other wlan gadget...getting rid of annoying ads, trackers and other abuse sites (like facebook ;-) is simple: block them with your router.
When the dns server on your router receives dns requests, you will sort out queries that ask for the resource records of ad servers and return the local ip address of your router and the internal web server delivers a transparent pixel instead. When the dns server on your router receives dns requests, you will sort out queries that ask for the resource records of ad servers and return the local ip address of your router and the internal web server delivers a transparent pixel instead.
## Main Features ## Main Features
* support of the following domain blocklist sources (free for private usage, for commercial use please check their individual licenses): * support of the following domain blocklist sources (free for private usage, for commercial use please check their individual licenses):
* [adaway.org](https://adaway.org)
* [adaway](https://adaway.org)
* => infrequent updates, approx. 400 entries (enabled by default) * => infrequent updates, approx. 400 entries (enabled by default)
* [disconnect.me](https://disconnect.me)
* [disconnect](https://disconnect.me)
* => numerous updates on the same day, approx. 6.500 entries (enabled by default) * => numerous updates on the same day, approx. 6.500 entries (enabled by default)
* [dshield.org](http://dshield.org)
* [dshield](http://dshield.org)
* => daily updates, approx. 4.500 entries * => daily updates, approx. 4.500 entries
* [feodotracker.abuse.ch](https://feodotracker.abuse.ch)
* [feodotracker](https://feodotracker.abuse.ch)
* => daily updates, approx. 0-10 entries * => daily updates, approx. 0-10 entries
* [malwaredomains.com](http://malwaredomains.com)
* [malwaredomains](http://malwaredomains.com)
* => daily updates, approx. 16.000 entries * => daily updates, approx. 16.000 entries
* [malwaredomainlist.com](http://www.malwaredomainlist.com)
* [malwaredomainlist](http://www.malwaredomainlist.com)
* => daily updates, approx. 1.500 entries * => daily updates, approx. 1.500 entries
* [palevotracker.abuse.ch](https://palevotracker.abuse.ch)
* [openphish](https://openphish.com)
* => numerous updates on the same day, approx. 1.800 entries
* [palevotracker](https://palevotracker.abuse.ch)
* => daily updates, approx. 15 entries * => daily updates, approx. 15 entries
* [shallalist.de](http://www.shallalist.de) (categories "adv" "costtraps" "spyware" "tracker" "warez" enabled by default)
* [ruadlist+easylist](https://code.google.com/p/ruadlist)
* => weekly updates, approx. 2.000 entries (experimental support, may include false positives!)
* [shallalist](http://www.shallalist.de) (categories "adv" "costtraps" "spyware" "tracker" "warez" enabled by default)
* => daily updates, approx. 32.000 entries (a short description of all shallalist categories can be found [online](http://www.shallalist.de/categories.html)) * => daily updates, approx. 32.000 entries (a short description of all shallalist categories can be found [online](http://www.shallalist.de/categories.html))
* [spam404.com](http://www.spam404.com)
* [spam404](http://www.spam404.com)
* => infrequent updates, approx. 5.000 entries * => infrequent updates, approx. 5.000 entries
* [whocares.org](http://someonewhocares.org)
* [whocares](http://someonewhocares.org)
* => weekly updates, approx. 12.000 entries * => weekly updates, approx. 12.000 entries
* [winhelp2002.mvps.org](http://winhelp2002.mvps.org)
* [winhelp](http://winhelp2002.mvps.org)
* => infrequent updates, approx. 15.000 entries * => infrequent updates, approx. 15.000 entries
* [yoyo.org](http://pgl.yoyo.org/adservers)
* [yoyo](http://pgl.yoyo.org/adservers)
* => weekly updates, approx. 2.500 entries (enabled by default) * => weekly updates, approx. 2.500 entries (enabled by default)
* [zeustracker.abuse.ch](https://zeustracker.abuse.ch)
* [zeustracker](https://zeustracker.abuse.ch)
* => daily updates, approx. 440 entries * => daily updates, approx. 440 entries
* zero-conf like automatic installation & setup, usually no manual changes needed (i.e. ip address, network devices etc.) * zero-conf like automatic installation & setup, usually no manual changes needed (i.e. ip address, network devices etc.)
* full IPv4 and IPv6 support * full IPv4 and IPv6 support
@ -44,9 +47,10 @@ When the dns server on your router receives dns requests, you will sort out quer
* additional white- and blacklist support for manual overrides * additional white- and blacklist support for manual overrides
* quality checks during & after update of adblock lists to ensure a reliable dnsmasq service * quality checks during & after update of adblock lists to ensure a reliable dnsmasq service
* wan update check, to wait for an active wan uplink before update * wan update check, to wait for an active wan uplink before update
* basic adblock statistics via iptables packet counters
* basic adblock statistics via iptables packet counters for each chain
* status & error logging to stdout and syslog * status & error logging to stdout and syslog
* use of dynamic uhttpd instance as adblock pixel server * use of dynamic uhttpd instance as adblock pixel server
* openwrt init system support (start/stop/restart/reload)
* optional features (disabled by default): * optional features (disabled by default):
* adblock list backup/restore * adblock list backup/restore
* debug logging to separate file * debug logging to separate file
@ -56,42 +60,48 @@ When the dns server on your router receives dns requests, you will sort out quer
* usual openwrt setup with 'iptables' & 'uhttpd', additional required software packages: * usual openwrt setup with 'iptables' & 'uhttpd', additional required software packages:
* wget * wget
* optional: 'kmod-ipt-nat6' for IPv6 support * optional: 'kmod-ipt-nat6' for IPv6 support
* the above dependencies and requirements will be checked during package installation & script runtime, please check console output or *logread -e "adblock"* for errors
* the above dependencies and requirements will be checked during package installation & script runtime
## Usage ## Usage
* install the adblock package (*opkg install adblock*) * install the adblock package (*opkg install adblock*)
* optional: for an update installation please replace your existing */etc/config/adblock* with a copy of */etc/samples/adblock.conf.sample* to get the latest changes
* start the adblock service with */etc/init.d/adblock start* and check *logread -e "adblock"* for adblock related information
* optional: enable/disable your required adblock list sources in */etc/config/adblock* - 'adaway', 'disconnect' and 'yoyo' are enabled by default * optional: enable/disable your required adblock list sources in */etc/config/adblock* - 'adaway', 'disconnect' and 'yoyo' are enabled by default
* start */usr/bin/adblock-update.sh* and check console output or *logread -e "adblock"* for errors
* optional: maintain the adblock service in luci under 'System => Startup'
## Tweaks ## Tweaks
* there is no need to enable all blacklist sites at once, for normal use one to three adblock list sources should be sufficient * there is no need to enable all blacklist sites at once, for normal use one to three adblock list sources should be sufficient
* if you really need to handle all blacklists at once add an usb stick or any other storage device to supersize your /tmp directory with a swap partition
* => see [openwrt wiki](https://wiki.openwrt.org/doc/uci/fstab) for further details
* if you really need to handle all blacklists at once add an usb stick or any other storage device to supersize your temp directory with a swap partition => see [openwrt wiki](https://wiki.openwrt.org/doc/uci/fstab) for further details
* add static, personal domain white- or blacklist entries, one domain per line (wildcards & regex are not allowed!), by default both lists are located in */etc/adblock* * add static, personal domain white- or blacklist entries, one domain per line (wildcards & regex are not allowed!), by default both lists are located in */etc/adblock*
* enable the backup/restore feature, to restore automatically the latest, stable backup of your adblock lists in case of any processing error * enable the backup/restore feature, to restore automatically the latest, stable backup of your adblock lists in case of any processing error
* enable the logging feature for continuous logfile writing to monitor the adblock runs over a longer period * enable the logging feature for continuous logfile writing to monitor the adblock runs over a longer period
* for a scheduled call of the adblock service via */etc/init.d/adblock start* add an appropriate crontab entry
## Distributed samples
* all sample configuration files stored in */etc/adblock/samples*
* for a fully blown adblock configuration with all explained options see *adblock.conf.sample*
* for some dnsmasq tweaks see *dhcp.config.sample* and *dnsmasq.conf.sample*
* for rc.local based autostart and /tmp resizing on the fly see *rc.local.sample*
* for scheduled call of *adblock-update.sh* see *root.crontab.sample*
## Further adblock config options
* usually the adblock autodetection works quite well and no manual config overrides are needed, all options apply to 'global' adblock config section:
* adb\_enabled => main switch to enable/disable adblock service (default: '1' (enabled))
* adb\_cfgver => config version string (do not change!) - adblock checks this entry and automatically applies the current config, if none or an older revision was found.
* adb\_wanif => name of the logical wan interface (default: 'wan')
* adb\_lanif => name of the logical lan interface (default: 'lan')
* adb\_port => port of the adblock uhttpd instance (default: '65535')
* adb\_nullipv4 => IPv4 blackhole ip address (default: '192.0.2.1')
* adb\_nullipv6 => IPv6 blackhole ip address (default '::ffff:c000:0201')
* adb\_maxtime => download timeout limit in seconds (default: '60')
* adb\_maxloop => startup timeout limit in seconds to wait for an active wan interface (default: '20')
## Background ## Background
This adblock package is a dns/dnsmasq based adblock solution for openwrt. This adblock package is a dns/dnsmasq based adblock solution for openwrt.
Queries to ad/abuse domains are never forwarded and always replied with a local IP address which may be IPv4 or IPv6. Queries to ad/abuse domains are never forwarded and always replied with a local IP address which may be IPv4 or IPv6.
For that purpose adblock uses an ip address from the private 'TEST-NET-1' subnet (192.0.2.1 / ::ffff:c000:0201) by default. For that purpose adblock uses an ip address from the private 'TEST-NET-1' subnet (192.0.2.1 / ::ffff:c000:0201) by default.
Furthermore all ad/abuse queries will be filtered by ip(6)tables and redirected to internal adblock pixel server (in PREROUTING chain) or rejected (in FORWARD and OUTPUT chain).
All iptables and uhttpd related adblock additions are non-destructive, no hard-coded changes in 'firewall.user', 'uhttpd' config or any other openwrt related config files.
Furthermore all ad/abuse queries will be filtered by ip(6)tables and redirected to internal adblock pixel server (in PREROUTING chain) or rejected (in FORWARD or OUTPUT chain).
All iptables and uhttpd related adblock additions are non-destructive, no hard-coded changes in 'firewall.user', 'uhttpd' config or any other openwrt related config files.
There is *no* adblock background daemon running, the (scheduled) start of the adblock service keeps only the adblock lists up-to-date.
## Support
Please join the adblock discussion in this [openwrt forum thread](https://forum.openwrt.org/viewtopic.php?id=59803) or contact me by mail <openwrt@brenken.org>
## Removal ## Removal
* remove the adblock package (*opkg remove adblock*)
* remove all script generated adblock lists in */tmp/dnsmasq.d/*
* kill the running adblock uhttpd instance (ps | grep "[u]httpd.*\-h /www/adblock")
* run /etc/init.d/dnsmasq restart
* run /etc/init.d/firewall restart
* stop all adblock related services with */etc/init.d/adblock stop*
* optional: remove the adblock package (*opkg remove adblock*)
Have fun! Have fun!
Dirk Dirk

+ 111
- 77
net/adblock/files/adblock-helper.sh View File

@ -9,6 +9,31 @@
# #
f_envload() f_envload()
{ {
local cfg_version
# get version string from default adblock configuration file
#
cfg_version="$(/sbin/uci -q get adblock.global.adb_cfgver 2>/dev/null)"
cfg_enabled="$(/sbin/uci -q get adblock.global.adb_enabled 2>/dev/null)"
rc=$?
if [ $((rc)) -ne 0 ] || [ "${cfg_version}" != "${adb_scriptver%.*}" ]
then
cp -pf "/etc/adblock/adblock.conf.default" "/etc/config/adblock" >/dev/null 2>&1
rc=$?
if [ $((rc)) -eq 0 ]
then
f_log "new default adblock configuration applied, please check your settings in '/etc/config/adblock'"
else
f_log "original adblock configuration not found, please (re-)install the adblock package via 'opkg install adblock --force-maintainer'" "${rc}"
f_exit
fi
elif [ $((rc)) -eq 0 ] && [ $((cfg_enabled)) -ne 1 ]
then
rc=-1
f_log "adblock is currently disabled, please run 'uci set adblock.global.adb_enabled=1' and 'uci commit adblock' to enable this service"
f_exit
fi
# source in openwrt function library # source in openwrt function library
# #
if [ -r "/lib/functions.sh" ] if [ -r "/lib/functions.sh" ]
@ -31,8 +56,14 @@ f_envload()
f_exit f_exit
fi fi
# get list with all installed openwrt packages
# check opkg availability and get list with all installed openwrt packages
# #
if [ -r "/var/lock/opkg.lock" ]
then
rc=-1
f_log "adblock installation finished, 'opkg' currently locked by package installer"
f_exit
fi
pkg_list="$(opkg list-installed 2>/dev/null)" pkg_list="$(opkg list-installed 2>/dev/null)"
if [ -z "${pkg_list}" ] if [ -z "${pkg_list}" ]
then then
@ -146,11 +177,12 @@ f_envparse()
adb_outchain_ipv6="output_rule" adb_outchain_ipv6="output_rule"
unset adb_srclist unset adb_srclist
unset adb_revsrclist unset adb_revsrclist
unset adb_errsrclist
# set adblock source ruleset definitions # set adblock source ruleset definitions
# #
rset_start="sed -r 's/[[:space:]]|[\[!#/:;_].*|[0-9\.]*localhost.*//g; s/[\^#/:;_\.\t ]*$//g'" rset_start="sed -r 's/[[:space:]]|[\[!#/:;_].*|[0-9\.]*localhost.*//g; s/[\^#/:;_\.\t ]*$//g'"
rset_end="sed '/^[#/:;_\s]*$/d'"
rset_end="tr -cd '[0-9a-z\.\-]\n' | sed -r 's/^[ \.\-].*$|^[a-z0-9]*[ \.\-]*$//g; /^[#/:;_\s]*$/d'"
rset_adaway="${rset_start} | sed 's/\([0-9]\{1,3\}\.\)\{3\}[0-1]\{1,1\}//g' | ${rset_end}" rset_adaway="${rset_start} | sed 's/\([0-9]\{1,3\}\.\)\{3\}[0-1]\{1,1\}//g' | ${rset_end}"
rset_blacklist="${rset_start} | ${rset_end}" rset_blacklist="${rset_start} | ${rset_end}"
rset_disconnect="${rset_start} | ${rset_end}" rset_disconnect="${rset_start} | ${rset_end}"
@ -158,7 +190,9 @@ f_envparse()
rset_feodo="${rset_start} | ${rset_end}" rset_feodo="${rset_start} | ${rset_end}"
rset_malware="${rset_start} | ${rset_end}" rset_malware="${rset_start} | ${rset_end}"
rset_malwarelist="${rset_start} | sed 's/\([0-9]\{1,3\}\.\)\{3\}[0-1]\{1,1\}//g' | ${rset_end}" rset_malwarelist="${rset_start} | sed 's/\([0-9]\{1,3\}\.\)\{3\}[0-1]\{1,1\}//g' | ${rset_end}"
rset_openphish="sed -e 's|^[^/]*//||' -e 's|/.*$||'"
rset_palevo="${rset_start} | ${rset_end}" rset_palevo="${rset_start} | ${rset_end}"
rset_ruadlist="sed -e '/^\|\|/! s/.*//; /\^$/! s/.*//; s/\^$//g; /[\.]/! s/.*//; s/^[\|]\{1,2\}//g' | ${rset_end}"
rset_shalla="${rset_start} | sed 's/\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}$//g' | ${rset_end}" rset_shalla="${rset_start} | sed 's/\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}$//g' | ${rset_end}"
rset_spam404="${rset_start} | sed 's/^\|\|//g' | ${rset_end}" rset_spam404="${rset_start} | sed 's/^\|\|//g' | ${rset_end}"
rset_whocares="${rset_start} | sed 's/\([0-9]\{1,3\}\.\)\{3\}[0-1]\{1,1\}//g' | ${rset_end}" rset_whocares="${rset_start} | sed 's/\([0-9]\{1,3\}\.\)\{3\}[0-1]\{1,1\}//g' | ${rset_end}"
@ -216,6 +250,8 @@ f_envparse()
# #
f_envcheck() f_envcheck()
{ {
local check
# check general package dependencies # check general package dependencies
# #
f_depend "uhttpd" f_depend "uhttpd"
@ -247,9 +283,9 @@ f_envcheck()
check="$(printf "${pkg_list}" | grep "^ca-certificates -" 2>/dev/null)" check="$(printf "${pkg_list}" | grep "^ca-certificates -" 2>/dev/null)"
if [ -z "${check}" ] if [ -z "${check}" ]
then then
wget_parm="--no-config --no-check-certificate --quiet --tries=1 --no-cache --no-cookies --max-redirect=0"
wget_parm="--no-config --no-check-certificate --quiet --tries=1 --no-cache --no-cookies --max-redirect=0 --dns-timeout=5"
else else
wget_parm="--no-config --quiet --tries=1 --no-cache --no-cookies --max-redirect=0"
wget_parm="--no-config --quiet --tries=1 --no-cache --no-cookies --max-redirect=0 --dns-timeout=5"
fi fi
# check adblock blacklist/whitelist configuration # check adblock blacklist/whitelist configuration
@ -302,7 +338,7 @@ f_envcheck()
f_space "${adb_backupdir}" f_space "${adb_backupdir}"
if [ "${space_ok}" = "false" ] if [ "${space_ok}" = "false" ]
then then
f_log "backup/restore will be disabled"
f_log "not enough space in '${adb_backupdir}', backup/restore will be disabled"
backup_ok="false" backup_ok="false"
else else
f_log "backup/restore will be enabled" f_log "backup/restore will be enabled"
@ -336,22 +372,36 @@ f_envcheck()
# #
if [ -n "${adb_wanif4}" ] if [ -n "${adb_wanif4}" ]
then then
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adblock-pre" "-p tcp -d ${adb_nullipv4} --dport 80 -j REDIRECT --to-ports ${adb_port}"
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adblock-dns" "-p udp --dport 53 -j REDIRECT"
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adblock-dns" "-p tcp --dport 53 -j REDIRECT"
f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adblock-fwd" "-d ${adb_nullipv4} -j REJECT"
f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adblock-out" "-d ${adb_nullipv4} -j REJECT"
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-prerouting" "-p tcp -d ${adb_nullipv4} --dport 80 -j REDIRECT --to-ports ${adb_port}"
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-dns1" "-p udp --dport 53 -j REDIRECT"
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-dns2" "-p tcp --dport 53 -j REDIRECT"
f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adb-forward1" "-p tcp -d ${adb_nullipv4} -j REJECT --reject-with tcp-reset"
f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adb-forward2" "-d ${adb_nullipv4} -j REJECT --reject-with icmp-port-unreachable"
f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adb-output1" "-p tcp -d ${adb_nullipv4} -j REJECT --reject-with tcp-reset"
f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adb-output2" "-d ${adb_nullipv4} -j REJECT --reject-with icmp-port-unreachable"
if [ "${fw_done}" = "true" ]
then
f_log "created volatile IPv4 firewall ruleset for adblock"
fw_done="false"
fi
fi fi
# check ipv6/ip6tables configuration # check ipv6/ip6tables configuration
# #
if [ -n "${adb_wanif6}" ] if [ -n "${adb_wanif6}" ]
then then
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adblock-pre" "-p tcp -d ${adb_nullipv6} --dport 80 -j REDIRECT --to-ports ${adb_port}"
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adblock-dns" "-p udp --dport 53 -j REDIRECT"
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adblock-dns" "-p tcp --dport 53 -j REDIRECT"
f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adblock-fwd" "-d ${adb_nullipv6} -j REJECT"
f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adblock-out" "-d ${adb_nullipv6} -j REJECT"
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-prerouting" "-p tcp -d ${adb_nullipv6} --dport 80 -j REDIRECT --to-ports ${adb_port}"
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-dns1" "-p udp --dport 53 -j REDIRECT"
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-dns2" "-p tcp --dport 53 -j REDIRECT"
f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adb-forward1" "-p tcp -d ${adb_nullipv6} -j REJECT --reject-with tcp-reset"
f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adb-forward2" "-d ${adb_nullipv6} -j REJECT --reject-with icmp-port-unreachable"
f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adb-output1" "-p tcp -d ${adb_nullipv6} -j REJECT --reject-with tcp-reset"
f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adb-output2" "-d ${adb_nullipv6} -j REJECT --reject-with icmp-port-unreachable"
if [ "${fw_done}" = "true" ]
then
f_log "created volatile IPv6 firewall ruleset for adblock"
fw_done="false"
fi
fi fi
# check volatile adblock uhttpd instance configuration # check volatile adblock uhttpd instance configuration
@ -433,7 +483,7 @@ f_envcheck()
done done
done done
# wait for ntp sync
# ntp time sync
# #
if [ -n "${adb_ntpsrv}" ] if [ -n "${adb_ntpsrv}" ]
then then
@ -520,9 +570,9 @@ f_firewall()
rc=${?} rc=${?}
if [ $((rc)) -eq 0 ] if [ $((rc)) -eq 0 ]
then then
f_log "created volatile ${proto} firewall rule in '${chain}' chain (${notes})"
fw_done="true"
else else
f_log "failed to initialize volatile ${proto} firewall rule in '${chain}' chain (${notes})" "${rc}"
f_log "failed to initialize volatile ${proto} firewall rule '${notes}'" "${rc}"
f_restore f_restore
fi fi
fi fi
@ -533,28 +583,32 @@ f_firewall()
# #
f_log() f_log()
{ {
local log_term
local log_msg="${1}" local log_msg="${1}"
local log_rc="${2}" local log_rc="${2}"
local class="info " local class="info "
# check for terminal session
#
if [ -t 1 ]
then
log_term="-s"
fi
# log to different output devices, set log class accordingly # log to different output devices, set log class accordingly
# #
if [ -n "${log_msg}" ] if [ -n "${log_msg}" ]
then then
if [ $((log_rc)) -ne 0 ]
if [ $((log_rc)) -gt 0 ]
then then
class="error" class="error"
log_rc=", rc: ${log_rc}" log_rc=", rc: ${log_rc}"
log_msg="${log_msg}${log_rc}" log_msg="${log_msg}${log_rc}"
fi fi
/usr/bin/logger -t "adblock[${pid}] ${class}" "${log_msg}"
if [ -t 1 ]
then
printf "%s\n" "adblock[${pid}] ${class}: ${log_msg}"
fi
/usr/bin/logger ${log_term} -t "adblock[${adb_pid}] ${class}" "${log_msg}"
if [ "${log_ok}" = "true" ] if [ "${log_ok}" = "true" ]
then then
printf "%s\n" "$(/bin/date "+%d.%m.%Y %H:%M:%S") adblock[${pid}] ${class}: ${log_msg}" >> "${adb_logfile}"
printf "%s\n" "$(/bin/date "+%d.%m.%Y %H:%M:%S") adblock[${adb_pid}] ${class}: ${log_msg}" >> "${adb_logfile}"
fi fi
fi fi
} }
@ -570,30 +624,9 @@ f_space()
# #
if [ -d "${mp}" ] if [ -d "${mp}" ]
then then
df "${mp}" 2>/dev/null |\
tail -n1 2>/dev/null |\
while read filesystem overall used available scrap
do
av_space="${available}"
if [ $((av_space)) -eq 0 ]
then
rc=155
f_log "no space left on device/not mounted (${mp})"
exit ${rc}
elif [ $((av_space)) -lt $((adb_minspace)) ]
then
rc=155
f_log "not enough space left on device (${mp})"
exit ${rc}
fi
done
# subshell return code handling, set space trigger accordingly
#
rc=${?}
if [ $((rc)) -ne 0 ]
av_space="$(df "${mp}" 2>/dev/null | tail -n1 2>/dev/null | awk '{print $4}')"
if [ $((av_space)) -lt $((adb_minspace)) ]
then then
rc=0
space_ok="false" space_ok="false"
fi fi
fi fi
@ -604,49 +637,46 @@ f_space()
# #
f_restore() f_restore()
{ {
local removal_done
local rm_done
local restore_done local restore_done
# remove bogus adblock lists # remove bogus adblock lists
# #
if [ -n "${adb_revsrclist}" ] if [ -n "${adb_revsrclist}" ]
then then
find "${adb_dnsdir}" -maxdepth 1 -type f \( ${adb_revsrclist} \) -exec rm -f "{}" \; 2>/dev/null
rm_done="$(find "${adb_dnsdir}" -maxdepth 1 -type f \( ${adb_revsrclist} \) -print -exec rm -f "{}" \; 2>/dev/null)"
rc=${?} rc=${?}
if [ $((rc)) -ne 0 ]
if [ $((rc)) -eq 0 ] && [ -n "${rm_done}" ]
then
f_log "all bogus adblock lists removed"
elif [ $((rc)) -ne 0 ]
then then
f_log "error during removal of bogus adblock lists" "${rc}" f_log "error during removal of bogus adblock lists" "${rc}"
f_exit f_exit
else
removal_done="true"
f_log "all bogus adblock lists removed"
fi fi
fi fi
# restore backups # restore backups
# #
if [ "${backup_ok}" = "true" ] && [ -d "${adb_backupdir}" ] && [ "$(printf "${adb_backupdir}/${adb_dnsprefix}."*)" != "${adb_backupdir}/${adb_dnsprefix}.*" ]
if [ "${backup_ok}" = "true" ] && [ "$(printf "${adb_backupdir}/${adb_dnsprefix}."*)" != "${adb_backupdir}/${adb_dnsprefix}.*" ]
then then
for file in ${adb_backupdir}/${adb_dnsprefix}.*
do
filename="${file##*/}"
cp -pf "${file}" "${adb_dnsdir}" 2>/dev/null
rc=${?}
if [ $((rc)) -ne 0 ]
then
f_log "error during restore of adblock list (${filename})" "${rc}"
f_exit
fi
restore_done="true"
done
f_log "all available backups restored"
restore_done="$(find "${adb_backupdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" -print -exec cp -pf "{}" "${adb_dnsdir}" \; 2>/dev/null)"
rc=${?}
if [ $((rc)) -eq 0 ] && [ -n "${restore_done}" ]
then
f_log "all available backups restored"
elif [ $((rc)) -ne 0 ]
then
f_log "error during restore of adblock lists" "${rc}"
f_exit
fi
else else
f_log "no backups found, nothing to restore" f_log "no backups found, nothing to restore"
fi fi
# (re-)try dnsmasq restart without bogus adblock lists / with backups # (re-)try dnsmasq restart without bogus adblock lists / with backups
# #
if [ "${restore_done}" = "true" ] || [ "${removal_done}" = "true" ]
if [ -n "${restore_done}" ] || [ -n "${rm_done}" ]
then then
/etc/init.d/dnsmasq restart >/dev/null 2>&1 /etc/init.d/dnsmasq restart >/dev/null 2>&1
sleep 2 sleep 2
@ -701,15 +731,15 @@ f_exit()
then then
if [ -n "${adb_wanif4}" ] if [ -n "${adb_wanif4}" ]
then then
ipv4_prerouting="$(${iptv4} -t nat -vnL | grep -F "adblock-pre" | grep -Eo "[0-9]+" | head -n1)"
ipv4_forward="$(${iptv4} -vnL | grep -F "adblock-fwd" | grep -Eo "[0-9]+" | head -n1)"
ipv4_output="$(${iptv4} -vnL | grep -F "adblock-out" | grep -Eo "[0-9]+" | head -n1)"
ipv4_prerouting="$(${iptv4} -t nat -vnL | awk '$11 ~ /^adb-prerouting$/ {sum += $1} END {print sum}')"
ipv4_forward="$(${iptv4} -vnL | awk '$11 ~ /^adb-forward[12]$/ {sum += $1} END {print sum}')"
ipv4_output="$(${iptv4} -vnL | awk '$11 ~ /^adb-output[12]$/ {sum += $1} END {print sum}')"
fi fi
if [ -n "${adb_wanif6}" ] if [ -n "${adb_wanif6}" ]
then then
ipv6_prerouting="$(${iptv6} -t nat -vnL | grep -F "adblock-pre" | grep -Eo "[0-9]+" | head -n1)"
ipv6_forward="$(${iptv6} -vnL | grep -F "adblock-fwd" | grep -Eo "[0-9]+" | head -n1)"
ipv6_output="$(${iptv6} -vnL | grep -F "adblock-out" | grep -Eo "[0-9]+" | head -n1)"
ipv6_prerouting="$(${iptv6} -t nat -vnL | awk '$11 ~ /^adb-prerouting$/ {sum += $1} END {print sum}')"
ipv6_forward="$(${iptv6} -vnL | awk '$11 ~ /^adb-forward[12]$/ {sum += $1} END {print sum}')"
ipv6_output="$(${iptv6} -vnL | awk '$11 ~ /^adb-output[12]$/ {sum += $1} END {print sum}')"
fi fi
if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ] if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ]
then then
@ -729,9 +759,13 @@ f_exit()
f_log "${ipv6_forward} packets rejected in FORWARD chain" f_log "${ipv6_forward} packets rejected in FORWARD chain"
f_log "${ipv6_output} packets rejected in OUTPUT chain" f_log "${ipv6_output} packets rejected in OUTPUT chain"
fi fi
f_log "domain adblock processing finished successfully (${adb_version}, ${openwrt_version}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))"
f_log "domain adblock processing finished successfully (${adb_scriptver}, ${openwrt_version}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))"
elif [ $((rc)) -gt 0 ]
then
f_log "domain adblock processing failed (${adb_scriptver}, ${openwrt_version}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))"
else else
f_log "domain adblock processing failed (${adb_version}, ${openwrt_version}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))"
rc=0
fi fi
rm -f "${adb_pidfile}" >/dev/null 2>&1
exit ${rc} exit ${rc}
} }

+ 96
- 61
net/adblock/files/adblock-update.sh View File

@ -28,14 +28,24 @@
# #
LC_ALL=C LC_ALL=C
# set script version
# pid handling
# #
adb_version="0.60.1"
adb_pid="${$}"
adb_pidfile="/var/run/adblock.pid"
# get current pid, script directory and openwrt version
if [ -r "${adb_pidfile}" ]
then
rc=255
/usr/bin/logger -t "adblock[${adb_pid}] error" "adblock service already running ($(cat ${adb_pidfile} 2>/dev/null))"
exit ${rc}
else
printf "${adb_pid}" > "${adb_pidfile}"
fi
# get current directory, script- and openwrt version
# #
pid=${$}
adb_scriptdir="${0%/*}" adb_scriptdir="${0%/*}"
adb_scriptver="0.70.0"
openwrt_version="$(cat /etc/openwrt_version 2>/dev/null)" openwrt_version="$(cat /etc/openwrt_version 2>/dev/null)"
# source in adblock function library # source in adblock function library
@ -44,8 +54,8 @@ if [ -r "${adb_scriptdir}/adblock-helper.sh" ]
then then
. "${adb_scriptdir}/adblock-helper.sh" 2>/dev/null . "${adb_scriptdir}/adblock-helper.sh" 2>/dev/null
else else
rc=100
/usr/bin/logger -s -t "adblock[${pid}] error" "adblock function library not found, rc: ${rc}"
rc=254
/usr/bin/logger -t "adblock[${adb_pid}] error" "adblock function library not found"
exit ${rc} exit ${rc}
fi fi
@ -53,18 +63,18 @@ fi
# main program # # main program #
################ ################
# call exit function on trap signals (HUP, INT, QUIT, BUS, SEGV, TERM)
#
trap "rc=255; f_log 'error signal received/trapped' '${rc}'; f_exit" 1 2 3 10 11 15
# start logging
# call trap function on error signals (HUP, INT, QUIT, BUS, SEGV, TERM)
# #
f_log "domain adblock processing started (${adb_version}, ${openwrt_version}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))"
trap "rc=253; f_log 'error signal received/trapped' '${rc}'; f_exit" 1 2 3 10 11 15
# load environment # load environment
# #
f_envload f_envload
# start logging
#
f_log "domain adblock processing started (${adb_scriptver}, ${openwrt_version}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))"
# parse environment # parse environment
# #
f_envparse f_envparse
@ -90,7 +100,7 @@ then
# only process shallalist archive with updated timestamp, # only process shallalist archive with updated timestamp,
# extract and merge only domains of selected shallalist categories # extract and merge only domains of selected shallalist categories
# #
shalla_time="$(wget ${wget_parm} --timeout=5 --server-response --spider "${adb_arc_shalla}" 2>&1 | grep -F "Last-Modified: " 2>/dev/null | tr -d '\r' 2>/dev/null)"
shalla_time="$(wget ${wget_parm} --timeout=10 --server-response --spider "${adb_arc_shalla}" 2>&1 | grep -F "Last-Modified: " 2>/dev/null | tr -d '\r' 2>/dev/null)"
shalla_time="${shalla_time/*: /}" shalla_time="${shalla_time/*: /}"
if [ -z "${shalla_time}" ] if [ -z "${shalla_time}" ]
then then
@ -127,8 +137,9 @@ then
rc=0 rc=0
fi fi
else else
f_log " source archive download failed"
rc=0 rc=0
adb_errsrclist="-name ${adb_dnsprefix}.${src_name}"
f_log " source archive download failed"
fi fi
else else
adb_srclist="! -name ${adb_dnsprefix}.${src_name}" adb_srclist="! -name ${adb_dnsprefix}.${src_name}"
@ -173,7 +184,7 @@ do
then then
url_time="${shalla_time}" url_time="${shalla_time}"
else else
url_time="$(wget ${wget_parm} --timeout=5 --server-response --spider "${url}" 2>&1 | grep -F "Last-Modified: " 2>/dev/null | tr -d '\r' 2>/dev/null)"
url_time="$(wget ${wget_parm} --timeout=10 --server-response --spider "${url}" 2>&1 | grep -F "Last-Modified: " 2>/dev/null | tr -d '\r' 2>/dev/null)"
url_time="${url_time/*: /}" url_time="${url_time/*: /}"
fi fi
if [ -z "${url_time}" ] if [ -z "${url_time}" ]
@ -218,6 +229,12 @@ do
continue continue
else else
rc=0 rc=0
if [ -z "${adb_errsrclist}" ]
then
adb_errsrclist="-name ${adb_dnsprefix}.${src_name}"
else
adb_errsrclist="${adb_errsrclist} -o -name ${adb_dnsprefix}.${src_name}"
fi
f_log " source download failed" f_log " source download failed"
continue continue
fi fi
@ -256,7 +273,7 @@ do
count="$(wc -l < "${adb_dnsdir}/${adb_dnsprefix}.${src_name}")" count="$(wc -l < "${adb_dnsdir}/${adb_dnsprefix}.${src_name}")"
fi fi
printf "%s\n" "#------------------------------------------------------------------" >> "${adb_dnsfile}" printf "%s\n" "#------------------------------------------------------------------" >> "${adb_dnsfile}"
printf "%s\n" "# ${0##*/} (${adb_version}) - ${count} ad/abuse domains blocked" >> "${adb_dnsfile}"
printf "%s\n" "# ${0##*/} (${adb_scriptver}) - ${count} ad/abuse domains blocked" >> "${adb_dnsfile}"
printf "%s\n" "# source: ${url}" >> "${adb_dnsfile}" printf "%s\n" "# source: ${url}" >> "${adb_dnsfile}"
printf "%s\n" "# last modified: ${url_time}" >> "${adb_dnsfile}" printf "%s\n" "# last modified: ${url_time}" >> "${adb_dnsfile}"
f_log " domain merging finished" f_log " domain merging finished"
@ -270,36 +287,72 @@ do
fi fi
done done
# remove old adblock lists and their backups
# remove disabled adblock lists and their backups
# #
if [ -n "${adb_srclist}" ] if [ -n "${adb_srclist}" ]
then then
adb_rmfind="$(find "${adb_dnsdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" \( ${adb_srclist} \) -print -exec rm -f "{}" \; 2>/dev/null)"
if [ $((rc)) -eq 0 ] && [ -n "${adb_rmfind}" ]
rm_done="$(find "${adb_dnsdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" \( ${adb_srclist} \) -print -exec rm -f "{}" \; 2>/dev/null)"
rc=${?}
if [ $((rc)) -eq 0 ] && [ -n "${rm_done}" ]
then then
f_log "no longer used adblock lists removed" "${rc}"
f_log "disabled adblock lists removed"
if [ "${backup_ok}" = "true" ]
then
rm_done="$(find "${adb_backupdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" \( ${adb_srclist} \) -print -exec rm -f "{}" \; 2>/dev/null)"
rc=${?}
if [ $((rc)) -eq 0 ] && [ -n "${rm_done}" ]
then
f_log "disabled adblock list backups removed"
elif [ $((rc)) -ne 0 ]
then
f_log "error during removal of disabled adblock list backups" "${rc}"
f_exit
fi
fi
elif [ $((rc)) -ne 0 ] elif [ $((rc)) -ne 0 ]
then then
f_log "error during removal of old adblock lists" "${rc}"
f_log "error during removal of disabled adblock lists" "${rc}"
f_exit f_exit
fi fi
if [ "${backup_ok}" = "true" ]
else
rm_done="$(find "${adb_dnsdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" -print -exec rm -f "{}" \; 2>/dev/null)"
rc=${?}
if [ $((rc)) -eq 0 ] && [ -n "${rm_done}" ]
then then
find "${adb_backupdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" \( ${adb_srclist} \) -exec rm -f "{}" \; 2>/dev/null
if [ $((rc)) -ne 0 ]
f_log "all adblock lists removed"
if [ "${backup_ok}" = "true" ]
then then
f_log "error during removal of old backups" "${rc}"
f_exit
rm_done="$(find "${adb_backupdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" -print -exec rm -f "{}" \; 2>/dev/null)"
rc=${?}
if [ $((rc)) -eq 0 ] && [ -n "${rm_done}" ]
then
f_log "all adblock list backups removed"
elif [ $((rc)) -ne 0 ]
then
f_log "error during removal of all adblock list backups" "${rc}"
f_exit
fi
fi fi
elif [ $((rc)) -ne 0 ]
then
f_log "error during removal of all adblock lists" "${rc}"
f_exit
fi fi
else
rm -f "${adb_dnsdir}/${adb_dnsprefix}."* >/dev/null 2>&1
if [ "${backup_ok}" = "true" ]
fi
# partial restore of adblock lists in case of download errors
#
if [ "${backup_ok}" = "true" ] && [ -n "${adb_errsrclist}" ]
then
restore_done="$(find "${adb_backupdir}" -maxdepth 1 -type f \( ${adb_errsrclist} \) -print -exec cp -pf "{}" "${adb_dnsdir}" \; 2>/dev/null)"
rc=${?}
if [ $((rc)) -eq 0 ] && [ -n "${restore_done}" ]
then then
rm -f "${adb_backupdir}/${adb_dnsprefix}."* >/dev/null 2>&1
f_log "all available adblock lists and backups removed"
else
f_log "all available adblock lists removed"
f_log "partial restore done"
elif [ $((rc)) -ne 0 ]
then
f_log "error during partial restore" "${rc}"
f_exit
fi fi
fi fi
@ -340,7 +393,7 @@ then
count="$(wc -l < "${adb_dnsdir}/tmp.${list}")" count="$(wc -l < "${adb_dnsdir}/tmp.${list}")"
fi fi
printf "%s\n" "#------------------------------------------------------------------" >> "${adb_dnsdir}/tmp.${list}" printf "%s\n" "#------------------------------------------------------------------" >> "${adb_dnsdir}/tmp.${list}"
printf "%s\n" "# ${0##*/} (${adb_version}) - ${count} ad/abuse domains blocked" >> "${adb_dnsdir}/tmp.${list}"
printf "%s\n" "# ${0##*/} (${adb_scriptver}) - ${count} ad/abuse domains blocked" >> "${adb_dnsdir}/tmp.${list}"
tail -qn -2 "${adb_dnsdir}/$adb_dnsprefix.${list}" 2>/dev/null >> "${adb_dnsdir}/tmp.${list}" tail -qn -2 "${adb_dnsdir}/$adb_dnsprefix.${list}" 2>/dev/null >> "${adb_dnsdir}/tmp.${list}"
mv -f "${adb_dnsdir}/tmp.${list}" "${adb_dnsdir}/${adb_dnsprefix}.${list}" >/dev/null 2>&1 mv -f "${adb_dnsdir}/tmp.${list}" "${adb_dnsdir}/${adb_dnsprefix}.${list}" >/dev/null 2>&1
done done
@ -357,17 +410,10 @@ else
adb_count="$(head -qn -4 "${adb_dnsdir}/${adb_dnsprefix}."* 2>/dev/null | wc -l)" adb_count="$(head -qn -4 "${adb_dnsdir}/${adb_dnsprefix}."* 2>/dev/null | wc -l)"
fi fi
# restore adblock lists if overall count is null (i.e. all downloads failed)
#
if [ "${backup_ok}" = "true" ] && [ $((adb_count)) -eq 0 ]
then
f_restore
fi
# restart dnsmasq with newly generated or deleted adblock lists, # restart dnsmasq with newly generated or deleted adblock lists,
# check dnsmasq startup afterwards # check dnsmasq startup afterwards
# #
if [ -n "${adb_revsrclist}" ] || [ -n "${adb_rmfind}" ]
if [ -n "${adb_revsrclist}" ] || [ -n "${rm_done}" ]
then then
/etc/init.d/dnsmasq restart >/dev/null 2>&1 /etc/init.d/dnsmasq restart >/dev/null 2>&1
sleep 2 sleep 2
@ -386,28 +432,17 @@ fi
# create adblock list backups # create adblock list backups
# #
if [ "${backup_ok}" = "true" ] && [ "$(printf "${adb_dnsdir}/${adb_dnsprefix}."*)" != "${adb_dnsdir}/${adb_dnsprefix}.*" ]
if [ "${backup_ok}" = "true" ] && [ -n "${adb_revsrclist}" ] && [ "$(printf "${adb_dnsdir}/${adb_dnsprefix}."*)" != "${adb_dnsdir}/${adb_dnsprefix}.*" ]
then then
for file in ${adb_dnsdir}/${adb_dnsprefix}.*
do
filename="${file##*/}"
if [ ! -f "${adb_backupdir}/${filename}" ] || [ "${file}" -nt "${adb_backupdir}/${filename}" ]
then
cp -pf "${file}" "${adb_backupdir}" 2>/dev/null
rc=${?}
if [ $((rc)) -ne 0 ]
then
f_log "error during backup of adblock list (${filename})" "${rc}"
f_exit
fi
backup_done="true"
fi
done
if [ "${backup_done}" = "true" ]
backup_done="$(find "${adb_dnsdir}" -maxdepth 1 -type f \( ${adb_revsrclist} \) -print -exec cp -pf "{}" "${adb_backupdir}" \; 2>/dev/null)"
rc=${?}
if [ $((rc)) -eq 0 ] && [ -n "${backup_done}" ]
then then
f_log "new adblock list backups generated" f_log "new adblock list backups generated"
else
f_log "adblock list backups are still valid, no new backups required"
elif [ $((rc)) -ne 0 ]
then
f_log "error during backup of adblock lists" "${rc}"
f_exit
fi fi
fi fi


+ 12
- 3
net/adblock/files/adblock.conf View File

@ -1,8 +1,9 @@
# adblock configuration, for further information # adblock configuration, for further information
# please see /etc/adblock/samples/adblock.conf.sample
# and /etc/adblock/README.md
# see '/etc/adblock/README.md'
config adblock "global" config adblock "global"
option adb_enabled "1"
option adb_cfgver "0.70"
option adb_blacklist "/etc/adblock/adblock.blacklist" option adb_blacklist "/etc/adblock/adblock.blacklist"
option adb_whitelist "/etc/adblock/adblock.whitelist" option adb_whitelist "/etc/adblock/adblock.whitelist"
@ -38,10 +39,18 @@ config source "malwarelist"
option enabled "0" option enabled "0"
option adb_src_malwarelist "http://www.malwaredomainlist.com/hostslist/hosts.txt&ruleset=rset_malwarelist" option adb_src_malwarelist "http://www.malwaredomainlist.com/hostslist/hosts.txt&ruleset=rset_malwarelist"
config source "openphish"
option enabled "0"
option adb_src_openphish "https://openphish.com/feed.txt&ruleset=rset_openphish"
config source "palevo" config source "palevo"
option enabled "0" option enabled "0"
option adb_src_palevo "https://palevotracker.abuse.ch/blocklists.php?download=domainblocklist&ruleset=rset_palevo" option adb_src_palevo "https://palevotracker.abuse.ch/blocklists.php?download=domainblocklist&ruleset=rset_palevo"
config source "ruadlist"
option enabled "0"
option adb_src_ruadlist "https://easylist-downloads.adblockplus.org/ruadlist+easylist.txt&ruleset=rset_ruadlist"
config source "shalla" config source "shalla"
option enabled "0" option enabled "0"
option adb_arc_shalla "http://www.shallalist.de/Downloads/shallalist.tar.gz" option adb_arc_shalla "http://www.shallalist.de/Downloads/shallalist.tar.gz"
@ -65,7 +74,7 @@ config source "winhelp"
config source "yoyo" config source "yoyo"
option enabled "1" option enabled "1"
option adb_src_yoyo "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=one-line&showintro=0&mimetype=plaintext&ruleset=rset_yoyo"
option adb_src_yoyo "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=one-line&showintro=0&mimetype=plaintext&ruleset=rset_yoyo"
config source "zeus" config source "zeus"
option enabled "0" option enabled "0"


+ 59
- 0
net/adblock/files/adblock.init View File

@ -0,0 +1,59 @@
#!/bin/sh /etc/rc.common
#
START=99
adb_pid="${$}"
adb_script="/usr/bin/adblock-update.sh"
adb_pidfile="/var/run/adblock.pid"
adb_logger="/usr/bin/logger"
if [ -t 1 ]
then
log_term="-s"
fi
if [ -r "${adb_pidfile}" ]
then
"${adb_logger}" ${log_term} -t "adblock[${adb_pid}] error" "adblock service already running ($(cat ${adb_pidfile} 2>/dev/null))"
exit 255
fi
start()
{
"${adb_script}"
}
restart()
{
start
}
reload()
{
stop
start
}
stop()
{
rm_done="$(find "/tmp/dnsmasq.d" -maxdepth 1 -type f -name "adb_list.*" -print -exec rm -f "{}" \; 2>/dev/null)"
rc=${?}
if [ $((rc)) -eq 0 ] && [ -n "${rm_done}" ]
then
/etc/init.d/dnsmasq restart >/dev/null 2>&1
/etc/init.d/firewall restart >/dev/null 2>&1
fi
uhttpd_pid="$(ps 2>/dev/null | grep "[u]httpd.*\-h /www/adblock" 2>/dev/null | awk '{print $1}' 2>/dev/null)"
if [ -n "${uhttpd_pid}" ]
then
kill -9 "${uhttpd_pid}" >/dev/null 2>&1
fi
if [ -n "${rm_done}" ] || [ -n "${uhttpd_pid}" ]
then
"${adb_logger}" ${log_term} -t "adblock[${adb_pid}] info " "all adblock related services stopped"
fi
return 0
}

+ 0
- 110
net/adblock/files/samples/adblock.conf.sample View File

@ -1,110 +0,0 @@
# adblock configuration, for further information
# please see /etc/adblock/samples/adblock.conf.sample
# and /etc/adblock/README.md
# generic options (all optional!)
config adblock "global"
# name (or space separated list of names) of the logical wan interface(s)
option adb_wanif "wan"
# name of the logical lan interface
option adb_lanif "lan"
# uhttpd port for adblock instance
option adb_port "65535"
# ipv4 blackhole ip address for dnsmasq
# old class 'E' subnet, reserved for future use (certainly not used in normal setups)
option adb_nullipv4 "254.0.0.1"
# ipv6 mapped blackhole ip address for dnsmasq
option adb_nullipv6 "::ffff:fe00:0001"
# download timeout (in seconds) to get the adblock list sources
option adb_maxtime "60"
# max loops/timeout for wan check
option adb_maxloop "20"
# full path to static domain blacklist file (one domain per line)
# wildcards or regex expressions are not allowed
option adb_blacklist "/etc/adblock/adblock.blacklist"
# full path to static domain whitelist file (one domain per line)
# wildcards or regex expressions are not allowed
option adb_whitelist "/etc/adblock/adblock.whitelist"
# full path to backup directory for adlist backups
# disabled by default
config service "backup"
option enabled "0"
option adb_backupdir "/tmp"
# full path to debug logfile
# normally adblock logs to syslog and stdout only
# disabled by default
config service "debuglog"
option enabled "0"
option adb_logfile "/tmp/adb_debug.log"
# adblock list source definition
# please do not change the URLs listed below,
# enable/disable sources as needed
# for shallalist you can also enable/disable different ad categories
# 'adaway', 'disconnect' and 'yoyo' are enabled by default
config source "adaway"
option enabled "1"
option adb_src_adaway "https://adaway.org/hosts.txt&ruleset=rset_adaway"
config source "disconnect"
option enabled "1"
option adb_src_disconnect "https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt&ruleset=rset_disconnect"
config source "dshield"
option enabled "0"
option adb_src_dshield "http://www.dshield.org/feeds/suspiciousdomains_Low.txt&ruleset=rset_dshield"
config source "feodo"
option enabled "0"
option adb_src_feodo "https://feodotracker.abuse.ch/blocklist/?download=domainblocklist&ruleset=rset_feodo"
config source "malware"
option enabled "0"
option adb_src_malware "https://mirror.cedia.org.ec/malwaredomains/justdomains&ruleset=rset_malware"
config source "malwarelist"
option enabled "0"
option adb_src_malwarelist "http://www.malwaredomainlist.com/hostslist/hosts.txt&ruleset=rset_malwarelist"
config source "palevo"
option enabled "0"
option adb_src_palevo "https://palevotracker.abuse.ch/blocklists.php?download=domainblocklist&ruleset=rset_palevo"
config source "shalla"
option enabled "0"
option adb_arc_shalla "http://www.shallalist.de/Downloads/shallalist.tar.gz"
list adb_catlist "adv"
list adb_catlist "costtraps"
list adb_catlist "spyware"
list adb_catlist "tracker"
list adb_catlist "warez"
config source "spam404"
option enabled "0"
option adb_src_spam404 "http://spam404bl.com/spam404scamlist.txt&ruleset=rset_spam404"
config source "whocares"
option enabled "0"
option adb_src_whocares "http://someonewhocares.org/hosts/hosts&ruleset=rset_whocares"
config source "winhelp"
option enabled "0"
option adb_src_winhelp "http://winhelp2002.mvps.org/hosts.txt&ruleset=rset_winhelp"
config source "yoyo"
option enabled "1"
option adb_src_yoyo "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=one-line&showintro=0&mimetype=plaintext&ruleset=rset_yoyo"
config source "zeus"
option enabled "0"
option adb_src_zeus "https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist&ruleset=rset_zeus"

+ 0
- 7
net/adblock/files/samples/dhcp.config.sample View File

@ -1,7 +0,0 @@
# tweaks for dnsmasq
# configuration found in /etc/config/dhcp
#
config dnsmasq
option cachesize '1000'
option filterwin2k '0'

+ 0
- 5
net/adblock/files/samples/dnsmasq.conf.sample View File

@ -1,5 +0,0 @@
# tell DHCP clients not to ask for proxy information
# some clients - like Win7 - will constantly ask if not told "No!"
# configuration found in /etc/dnsmasq
#
dhcp-option=252,"\n"

+ 0
- 26
net/adblock/files/samples/rc.local.sample View File

@ -1,26 +0,0 @@
# sample startup script
# configuration found in /etc/rc.local
#
# start logging
#
/usr/bin/logger -t rc.local "start rc.local processing"
# set home directory
#
export HOME=/root
# resize /tmp partition to 256 MB
#
/usr/bin/logger -t rc.local "resize /tmp partition to 256 MB"
mount tmpfs /tmp -t tmpfs -o remount,nosuid,nodev,noatime,size=256M
# start adblock script
#
/usr/bin/logger -t rc.local "start adblock script"
/usr/bin/adblock-update.sh >/dev/null 2>&1
# write log and exit
#
/usr/bin/logger -t rc.local "finish rc.local processing"
exit 0

+ 0
- 7
net/adblock/files/samples/root.crontab.sample View File

@ -1,7 +0,0 @@
# sample crontab script
# configuration found in /etc/crontabs/root
#
# start adblock script once a day at 6 o'clock
#
0 06 * * * /usr/bin/adblock-update.sh &

Write Preview
Loading…
Cancel
Save