* please note: config file update required!
* add 'whitelist only' mode, block access to all domains
except those explicitly listed in the whitelist file
* rework awk regex for all blocklist sources
* include 'third-party' domains for all regional lists
* change adguard url and refine filter ruleset
* use POSIX character classes
* fix regex for whitelist preparation
* fix corner case parsing issues
* fix enable/disable behavior
* various other small fixes
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add kresd & turris omnia support
* add dnscrypt-proxy support
* change start priority to 30, to fix possible trigger issues on slow
booting hardware
* simplify suspend/resume handling (no longer use a hideout directory)
* enhanced LuCI frontend
* many small changes & improvements
* default config change (please update your config!), adblock is now
disabled by default
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add preliminary kresd dns backend support for turris devices,
see readme (experimental / untested!)
* use tld compression for overall list, too
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add bind support (see readme)
* export all blocked domains in one central file (adb_list.overall)
* prerequisite for proper bind support
* much faster sort operation with less memory consumption
* backups are still handled per source separately,
to be more flexible in adding/removing block list sources
* add additional 'wan6' interface trigger in default configuration
* various small fixes & optimizations
Signed-off-by: Dirk Brenken <dev@brenken.org>
backend:
* cosmetics
frontend:
* "Save & Reply" now distinguish between normal and manual/backup mode
and triggers an appropriate reload or a start action
Signed-off-by: Dirk Brenken <dev@brenken.org>
backend:
* add new 'manual mode' to re-use blocklist backups during startup,
get fresh lists only via manual reload or restart action
* additional free memory check during dns restart to prevent OOM errors
* removed palevo tracker from default config,
this tracker has been discontinued
* cosmetics
LuCI frontend (see luci repo):
* add new 'manual mode' under extra options
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add "adb_forcedns" to redirect all dns requests
to local resolver (disabled by default)
* add "adb_forcesrt" to enable overall sort / duplicate removal
on low memory devices with less than 64 MB RAM (disabled by default)
Signed-off-by: Dirk Brenken <dev@brenken.org>
* no longer misuse ubus/procd service object for adblock runtime
information, now save all required information directly
in a JSON file/format (/tmp/adb_runtime.json)
* new 'status' init command to print runtime information
* add a configurable interface trigger timeout for
nested or slow modem/router setups,
set 'adb_triggerdelay' accordingly (default 1 second)
* add support for pure http download utilities like wget-nossl
or uclient-fetch without libustream-ssl (http donwloads only!)
* fix stop action
* fix enabled/disabled action
* fix country code in regional list for china
* LuCI update to reflect all changes
Signed-off-by: Dirk Brenken <dev@brenken.org>
* re-order all regional lists in adblocklist/easylist format
* add polish blocklist
* add chinese blocklist
* lists called now 'reg_<ch|pl|ro|ru>'
* changed interface trigger default in config to 'wan' only
* update / sync LuCI frontend (see luci repo for details)
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
* revamp LuCI GUI (see luci repo for details)
* integrated runtime statistics in normal adblock ubus service instance
(see readme)
* simplified boot/init
* no longer use raw interface trigger
* use only network interface trigger, pre-configured for
'wan/wwan/lan' interfaces (see readme)
* fixed a reload issue
* removed switch to disable tld compression (seems to be pretty stable)
* muted awk parser if source list contains incorrect records
* raise dns backend timeout to 20 seconds
* documentation update
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add tld compression,
this new "top level domain compression" removes up to 40 thousand
needless host entries from the block lists and
lowers the memory footprint for the dns backends by 8-10 MByte
* optimize restart behavior in case of an error
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
* automatically selects dnsmasq or unbound as dns backend
* add the new 'adguard' source, a combined/quite effective block list
* remove needless dns backend restarts
* optimize adblock restart behavior
* optimize block list processing on inotify enabled filesystems
* better return code checking on block list download
* fix boot function/startup on Chaos Calmer
* fix a bug in blocklist removal function
* add more (optional) debug output
* move backup options to global config
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fixed dnsmasq check if multiple instances are present
* bring back query function on highly demand
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* changed complete dnsmasq handling
- no longer redirect ad requests to internal web server via firewall
rules etc., in fact send back a simple NXDOMAIN for all
ad related (sub-)domains
- smaller memory footprint for block lists
- removed needless uhttpd instances
- removed needless firewall rules/redirects
* init/hotplug system migrated to procd
- removed hotplug.d script, now using procd interface trigger
* reduced code size/complexity
- removed needless internal pre-checks & function blocks,
no longer rely on a separate helper library
- removed flash writes to adblock config
* support different download tools like wget (default), aria2c,
uclient-fetch, curl (see online doc)
* adblock status/statistics via ubus call (see online doc)
* various bug fixes
* documentation update
* changed makefile copyright notice
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add new 'envchk'function to check adblock environment only,
i.e. check volatile firewall rules or uhttpd instances
without list updates
* add new optional parm 'adb_loglevel',
set it to "0" to mute output (print only errors)
* set hotplug priority to '90' as well (missed in the last commit)
* documentation update
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
* enhance the new query function:
change the regex to find only the relevant blocklist entries
add a recursive tld search to quickly identify domains for
whitelisting (see documentation)
better result preparation
* add securemecca as new blocklist source
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add a query function to search the active blocklists for a specific
domain (/etc/init.d/adblock query <DOMAIN>)
* fix bug in ap mode/uhttpd port detection
* check general firewall and dnsmasq package dependencies and remove
redundant checks in ap mode
Signed-off-by: Dirk Brenken <dev@brenken.org>
* change the default hphosts list source to ad and tracking servers
only, the overall list includes to many false positives
* new optional config parm 'adb_hotplugif' to restrict hotplug support
to a certain wan interface or to disable it at all
* documentation update
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fw rule changes:
force_dns now supports multiple lan devices
disable needless force_dns- & forward/output-rules in 'ap mode'
check return codes during adblock chain creation
* simplified the test for a running firewall
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* rework download/backup/restore handling
* rework firewall handling
* refine whitelist parsing
* changed default null-ip to 198.18.0.1 to prevent conflicts with bcp38
* spread traffic from ad servers (port 80/443) on two uhttpd instances,
this fixes timeouts on sites with many ssl ad server connections, i.e.
youtube.com
* provide statistics & last runtime for LuCI interface
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* new config option 'adb_restricted' to disable updates of the adblock
config during runtime (no flash writes, disabled by default)
* new update function, to apply latest configuration changes if needed
(/etc/init.d/adblock cfgup)
* fix dns redirect rule
* various optimizations
Signed-off-by: Dirk Brenken <dev@brenken.org>
* support more router modes, as long as the firewall and the DNS server
are enabled
* new source sites can be added & changed via awk ruleset in uci config
* source domain count, last update time & overall count will be stored
in uci config
* added 3 new source sites:
ransomware tracker
rolist/easylist
winspy
* switch to minimal inline base64 encoded 1×1 GIF for pixel server
(separate png image no longer needed)
* simplified uci parser
* source download & domain sort optimization
* add whitelist parser with wildcard support
* reduced code size & various cleanups
* updated documentation
Signed-off-by: Dirk Brenken <openwrt@brenken.org>
* add sysctl.org as new adblock source
* add main debug switch (by default all stderr outputs are going to
/dev/null)
* small cleanups
* first 'stable' release! ;-)
Signed-off-by: Dirk Brenken <openwrt@brenken.org>
* all relevant adblock events will be properly written to syslog/stdout
* removed needless 'debug log' option
* add optional parm 'adb_forcedns' to redirect all queries to local
resolver (default: '1', enabled)
* revised space check
* various code cosmetics & cleanups
Signed-off-by: Dirk Brenken <openwrt@brenken.org>
* fix ip6tables reject types
* simplified firewall ruleset for IPv4/IPv6
* fix memory detection (swap was always 0)
* fix dnsmasq restart after partial restore
* ad hotplug support, adblock will be started when wan interface comes
up
* change adblock init script accordingly, do nothing on 'boot'
* optimize wget parameters for faster download results (in case of an
error)
* added CC installation notes to readme
* removed needless external online check
* removed needless optional parms 'adb_maxtime', 'adb_maxloop',
'adb_probeipv4' and 'adb_probeipv6'
Signed-off-by: Dirk Brenken <openwrt@brenken.org>
* openwrt init system support, see /etc/init.d/adblock
* support for two new adblock sources: openphish and ruadlist/easylist
* partial block list restore, i.e. if a single list download failed
* fix performance regression on sites with links to https ad servers
* removed no longer used samples dir
* updated documentation
Signed-off-by: Dirk Brenken <openwrt@brenken.org>
- fix possible race condition during startup
- fix duplicate logging during startup
- fix wget parms to prevent partitial downloads
- fix iptables rules to meet openwrt user chains
- added a rule in output chain to reject local ad related requests as
well
- changed default IPv4/IPv6 blackhole ip address to fix routing issues
with windows clients
Signed-off-by: Dirk Brenken <openwrt@brenken.org>
* "zero-conf" installation & setup, usually no manual config changes
required (i.e. ip address, network devices etc.)
* full IPv4 and IPv6 support
* new adblock list source (malwaredomainlist.com)
* adblock related statistics will be done by iptables
* removed curl dependency
* for IPv6 support you need 'kmod-ipt-nat6'
* fix Chaos Calmer compability
* various small changes & fixes
* updated documentation
* updated maintainer email address
Signed-off-by: Dirk Brenken <dirk@brenken.org>