A lot of people already use adblocker plugins within their desktop browsers, but what if you are using your (smart) phone, tablet, watch or any other (wlan) gadget!? Getting rid of annoying ads, trackers and other abuse sites (like facebook) is simple: block them with your router. When the DNS server on your router receives DNS requests, you will sort out queries that ask for the resource records of ad servers and return a simple 'NXDOMAIN'. This is nothing but Non-eXistent Internet or Intranet domain name, if domain name is unable to resolved using the DNS server, a condition called the 'NXDOMAIN' occurred.
Source | Enabled | Size | Focus | Information |
---|---|---|---|---|
adaway | x | S | mobile | Link |
adguard | x | L | general | Link |
adguard_tracking | S | tracking | Link | |
android_tracking | S | tracking | Link | |
andryou | L | compilation | Link | |
anti_ad | L | compilation | Link | |
anudeep | M | compilation | Link | |
bitcoin | S | mining | Link | |
disconnect | x | S | general | Link |
energized | VAR | compilation | Link | |
firetv_tracking | S | tracking | Link | |
games_tracking | S | tracking | Link | |
gaming | S | gaming | Link | |
notracking | XL | tracking | Link | |
oisd_basic | L | general | Link | |
oisd_full | XXL | general | Link | |
openphish | S | phishing | Link | |
phishing_army | S | phishing | Link | |
reg_cn | M | reg_china | Link | |
reg_cz | M | reg_czech+slovak | Link | |
reg_de | M | reg_germany | Link | |
reg_es | M | reg_espania | Link | |
reg_fi | S | reg_finland | Link | |
reg_fr | S | reg_france | Link | |
reg_id | M | reg_indonesia | Link | |
reg_it | M | reg_italy | Link | |
reg_kr | S | reg_korea | Link | |
reg_nl | M | reg_netherlands | Link | |
reg_pl1 | S | reg_poland | Link | |
reg_pl2 | S | reg_poland | Link | |
reg_ro | M | reg_romania | Link | |
reg_ru | M | reg_russia | Link | |
reg_se | M | reg_sweden | Link | |
reg_vn | S | reg_vietnam | Link | |
shallalist | VAR | general | Link | |
smarttv_tracking | S | tracking | Link | |
spam404 | S | general | Link | |
stevenblack | VAR | compilation | Link | |
stopforumspam | S | spam | Link | |
utcapitole | VAR | general | Link | |
wally3k | S | compilation | Link | |
whocares | M | general | Link | |
winhelp | S | general | Link | |
winspy | S | win_telemetry | Link | |
yoyo | x | S | general | Link |
~# /etc/init.d/adblock
Syntax: /etc/init.d/adblock [command]
Available commands:
start Start the service
stop Stop the service
restart Restart the service
reload Reload configuration files (or restart if service does not implement reload)
enable Enable service autostart
disable Disable service autostart
enabled Check if service is started on boot
suspend Suspend adblock processing
resume Resume adblock processing
query <domain> Query active blocklists and backups for a specific domain
report [<search>] Print DNS statistics with an optional search parameter
list [<add>|<add_sha>|<add_utc>|<add_eng>|<add_stb>|<remove>|<remove_sha>|<remove_utc>|<remove_eng>|<remove_stb>] <source(s)> List/Edit available sources
timer [<add> <tasks> <hour> [<minute>] [<weekday>]]|[<remove> <line no.>] List/Edit cron update intervals
version Print version information
running Check if service is running
status Service status
trace Start with syscall trace
Option | Default | Description/Valid Values |
---|---|---|
adb_enabled | 1, enabled | set to 0 to disable the adblock service |
adb_srcarc | -, /etc/adblock/adblock.sources.gz | full path to the used adblock source archive |
adb_srcfile | -, /tmp/adb_sources.json | full path to the used adblock source file, which has a higher precedence than the archive file |
adb_dns | -, auto-detected | 'dnsmasq', 'unbound', 'named', 'kresd' or 'raw' |
adb_fetchutil | -, auto-detected | 'uclient-fetch', 'wget', 'curl' or 'aria2c' |
adb_fetchparm | -, auto-detected | config options for the selected download utility, e.g. to disable the certificate check |
adb_trigger | -, not set | trigger network interface or 'not set' to use a time-based startup |
adb_triggerdelay | 2 | additional trigger delay in seconds before adblock processing begins |
adb_debug | 0, disabled | set to 1 to enable the debug output |
adb_nice | 0, standard prio. | valid nice level range 0-19 of the adblock processes |
adb_forcedns | 0, disabled | set to 1 to force DNS requests to the local resolver |
adb_maxqueue | 4 | size of the download queue to handle downloads & list processing in parallel |
adb_dnsdir | -, auto-detected | path for the generated blocklist file 'adb_list.overall' |
adb_dnstimeout | 10 | timeout in seconds to wait for a successful DNS backend restart |
adb_dnsinstance | 0, first instance | set to the relevant dns backend instance used by adblock (dnsmasq only) |
adb_dnsflush | 0, disabled | set to 1 to flush the DNS Cache before & after adblock processing |
adb_dnsinotify | -, not set | set to 1 to prevent adblock triggered restarts for DNS backends with autoload functions |
adb_dnsallow | -, not set | set to 1 to disable selective DNS whitelisting (RPZ-PASSTHRU) |
adb_lookupdomain | example.com | external domain to check for a successful DNS backend restart or 'false' to disable this check |
adb_portlist | 53 853 5353 | space separated list of firewall ports which should be redirected locally |
adb_report | 0, disabled | set to 1 to enable the background tcpdump gathering process for reporting |
adb_reportdir | /tmp | path for DNS related report files |
adb_repiface | -, auto-detected | name of the reporting interface or 'any' used by tcpdump |
adb_replisten | 53 | space separated list of reporting port(s) used by tcpdump |
adb_repchunkcnt | 5 | report chunk count used by tcpdump |
adb_repchunksize | 1 | report chunk size used by tcpdump in MB |
adb_backup | 1, enabled | set to 0 to disable the backup function |
adb_backupdir | /tmp | path for adblock backups |
adb_tmpbase | /tmp | path for all adblock related runtime operations, e.g. downloading, sorting, merging etc. |
adb_safesearch | 0, disabled | set to 1 to enforce SafeSearch for google, bing, duckduckgo, yandex, youtube and pixabay |
adb_safesearchlist | -, not set | Limit SafeSearch to certain provider (see above) |
adb_safesearchmod | 0, disabled | set to 1 to enable moderate SafeSearch filters for youtube |
adb_mail | 0, disabled | set to 1 to enable notification E-Mails in case of a processing errors |
adb_mailreceiver | -, not set | receiver address for adblock notification E-Mails |
adb_mailsender | no-reply@adblock | sender address for adblock notification E-Mails |
adb_mailtopic | adblock notification | topic for adblock notification E-Mails |
adb_mailprofile | adb_notify | mail profile used in 'msmtp' for adblock notification E-Mails |
adb_mailcnt | 0 | minimum domain count to trigger E-Mail notifications |
adb_jail | 0 | set to 1 to enable the additional, restrictive 'adb_list.jail' creation |
adb_jaildir | /tmp | path for the generated jail list |
Change the DNS backend to 'unbound':
No further configuration is needed, adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/unbound' by default.
To preserve the DNS cache after adblock processing please install the additional package 'unbound-control'.
Change the DNS backend to 'bind':
Adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/bind' by default.
To preserve the DNS cache after adblock processing please install the additional package 'bind-rdnc'.
To use the blocklist please modify '/etc/bind/named.conf':
in the 'options' namespace add:
response-policy { zone "rpz"; };
and at the end of the file add:
zone "rpz" {
type master;
file "/var/lib/bind/adb_list.overall";
allow-query { none; };
allow-transfer { none; };
};
Change the DNS backend to 'kresd':
Adblock deposits the final blocklist 'adb_list.overall' in '/etc/kresd', no further configuration needed.
Please note: The knot-resolver (kresd) is only available on Turris devices and does not support the SafeSearch functionality yet.
Use restrictive jail modes:
You can enable a restrictive 'adb_list.jail' to block access to all domains except those listed in the whitelist file. Usually this list will be generated as an additional list for guest or kidsafe configurations (for a separate dns server instance). If the jail directory points to your primary dns directory, adblock enables the restrictive jail mode automatically (jail mode only).
Enable E-Mail notification via 'msmtp':
To use the email notification you have to install & configure the package 'msmtp'.
Modify the file '/etc/msmtprc':
[...]
defaults
auth on
tls on
tls_certcheck off
timeout 5
syslog LOG_MAIL
[...]
account adb_notify
host smtp.gmail.com
port 587
from dev.adblock@gmail.com
user dev.adblock
password xxx
Finally enable E-Mail support and add a valid E-Mail receiver address in LuCI.
Service status output:
In LuCI you'll see the realtime status in the 'Runtime' section on the overview page.
To get the status in the CLI, just call /etc/init.d/adblock status or /etc/init.d/adblock status_service (in 19.07 and TurrisOS):
~# /etc/init.d/adblock status
::: adblock runtime information
+ adblock_status : enabled
+ adblock_version : 4.1.0
+ blocked_domains : 32658
+ active_sources : android_tracking, disconnect, shallalist
+ dns_backend : dnsmasq, /tmp/dnsmasq.d
+ run_utils : /usr/bin/curl, /usr/bin/gawk
+ run_ifaces : trigger: trm_wwan, report: br-lan
+ run_directories : base: /tmp, backup: /tmp/adblock-Backup, report: /tmp/adblock-Report, jail: /tmp
+ run_flags : backup: 1, flush: 0, force: 1, search: 1, report: 1, mail: 0, jail: 0
+ last_run : reload, 0m 25s, 252/177/167, 26.02.2021 18:31:41
+ system : GL.iNet GL-MT1300, OpenWrt SNAPSHOT r15875-1bf6d70e60
The 'last_run' line includes the used start type, the run duration, the memory footprint after DNS backend loading (total/free/available) and the date/time of the last run.
Edit, add new adblock sources:
The adblock blocklist sources are stored in an external, compressed JSON file '/etc/adblock/adblock.sources.gz'.
This file is directly parsed in LuCI and accessible via CLI, just call /etc/init.d/adblock list:
/etc/init.d/adblock list
::: Available adblock sources
:::
Name Enabled Size Focus Info URL
------------------------------------------------------------------
+ adaway x S mobile https://adaway.org
+ adguard x L general https://adguard.com
+ andryou x L compilation https://gitlab.com/andryou/block/-/blob/master/readme.md
+ bitcoin x S mining https://github.com/hoshsadiq/adblock-nocoin-list
+ disconnect x S general https://disconnect.me
+ dshield XL general https://www.dshield.org
[...]
+ winhelp S general http://winhelp2002.mvps.org
+ winspy x S win_telemetry https://github.com/crazy-max/WindowsSpyBlocker
+ yoyo x S general https://pgl.yoyo.org
To add new or edit existing sources extract the compressed JSON file gunzip /etc/adblock/adblock.sources.gz.
A valid JSON source object contains the following required information, e.g.:
[...]
"adaway": {
"url": "https://raw.githubusercontent.com/AdAway/adaway.github.io/master/hosts.txt",
"rule": "/^127\\.0\\.0\\.1[[:space:]]+([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}",
"size": "S",
"focus": "mobile",
"descurl": "https://github.com/AdAway/adaway.github.io"
},
[...]
Add an unique object name, make the required changes to 'url', 'rule', 'size' and 'descurl' and finally compress the changed JSON file gzip /etc/adblock/adblock.sources.gz to use the new source object in adblock.
Please note: if you're going to add new sources on your own, please make a copy of the default file and work with that copy further on, cause the default will be overwritten with every adblock update. To reference your copy set the option 'adb_srcarc' which points by default to '/etc/adblock/adblock.sources.gz'
Please note: when adblock starts, it looks for the uncompressed 'adb_srcfile', only if this file is not found the archive 'adb_srcarc' is unpacked once and then the uncompressed file is used
Please join the adblock discussion in this forum thread or contact me by mail dev@brenken.org
Have fun!
Dirk