Dirk Brenken 9e3f88916f | 8 years ago | |
---|---|---|
.. | ||
README.md | 8 years ago | |
adblock.blacklist | 9 years ago | |
adblock.conf | 8 years ago | |
adblock.init | 8 years ago | |
adblock.sh | 8 years ago | |
adblock.whitelist | 9 years ago |
A lot of people already use adblocker plugins within their desktop browsers, but what if you are using your (smart) phone, tablet, watch or any other wlan gadget...getting rid of annoying ads, trackers and other abuse sites (like facebook ;-) is simple: block them with your router. When the dns server on your router receives dns requests, you will sort out queries that ask for the resource records of ad servers and return a simple 'NXDOMAIN'. This is nothing but Non-eXistent Internet or Intranet domain name, if domain name is unable to resolved using the dns server, a condition called the 'NXDOMAIN' occurred.
<DOMAIN>
(see example below)change default dns backend to 'unbound':
Adblock detects the presence of an active unbound dns backend and the block lists will be automatically pulled in by unbound.
The adblock script deposits the sorted and filtered block lists in '/var/lib/unbound' where unbound can find them in its jail.
If you use manual configuration for unbound, then just include the following line in your 'server:' clause:
include: "/var/lib/unbound/adb_list.*"
configuration for different download utilities:
wget (default):
option adb_fetch="/usr/bin/wget"
option adb_fetchparm="--no-config --quiet --no-cache --no-cookies --max-redirect=0 --timeout=10 --no-check-certificate -O"
aria2c:
option adb_fetch '/usr/bin/aria2c'
option adb_fetchparm '-q --timeout=10 --allow-overwrite=true --auto-file-renaming=false --check-certificate=false -o'
uclient-fetch:
option adb_fetch '/bin/uclient-fetch'
option adb_fetchparm '-q --timeout=10 --no-check-certificate -O'
curl:
option adb_fetch '/usr/bin/curl'
option adb_fetchparm '-s --connect-timeout 10 --insecure -o'
receive adblock statistics via ubus:
ubus call service get_data '{"name":"adblock"}
This will output the active block lists and other runtime information as JSON, e.g.:
{
"adblock": {
"adblock": {
"active_lists": [
{
"palevo": "14",
"blacklist": "147",
"winspy": "138",
"adaway": "378",
"zeus": "397",
"rolist": "652",
"malwarelist": "1157",
"yoyo": "2272",
"ruadlist": "1793",
"ransomware": "1670",
"dshield": "190",
"openphish": "2672",
"disconnect": "2910",
"spam404": "5715",
"whocares": "8900",
"winhelp": "8528",
"adguard": "10790",
"securemecca": "5080",
"sysctl": "7906",
"malware": "14617",
"hphosts": "12450",
"shalla": "23926"
}
],
"adblock_version": "2.5.0",
"blocked_domains": "112302",
"dns_backend": "dnsmasq",
"last_rundate": "25.03.2017 21:09:12",
"system": "LEDE Reboot SNAPSHOT r3867-313197d707"
}
}
}
cronjob for a regular block list update (/etc/crontabs/root):
0 06 * * * /etc/init.d/adblock start
blacklist entry (/etc/adblock/adblock.blacklist):
ads.example.com
This entry blocks the following (sub)domains:
http://ads.example.com/foo.gif
http://server1.ads.example.com/foo.gif
https://ads.example.com:8000/
This entry does not block:
http://ads.example.com.ua/foo.gif
http://example.com/
whitelist entry (/etc/adblock/adblock.whitelist):
here.com
This entry removes the following (sub)domains from the block lists:
maps.here.com
here.com
This entry does not remove:
where.com
www.adwhere.com
query active block lists for a certain (sub-)domain, e.g. for whitelisting:
/etc/init.d/adblock query example.www.doubleclick.net
::: distinct results for domain 'example.www.doubleclick.net'
no match
::: distinct results for domain 'www.doubleclick.net'
adb_list.sysctl : www.doubleclick.net
::: distinct results for domain 'doubleclick.net'
adb_list.adaway : ad-g.doubleclick.net
adb_list.securemecca : 1168945.fls.doubleclick.net
adb_list.sysctl : 1435575.fls.doubleclick.net
adb_list.whocares : 3ad.doubleclick.net
The query function checks against the submitted (sub-)domain and recurses automatically to the upper top level domain(s).
For every domain it returns the overall count plus a distinct list of active block lists with the first relevant result.
In the example above whitelist "www.doubleclick.net" to free the submitted domain.
divert dns requests to local dns resolver in /etc/config/firewall:
config redirect
option name 'Divert DNS'
option src 'lan'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option target 'DNAT'
add a new block list source:
1. the easy way ...
example: https://easylist-downloads.adblockplus.org/rolist+easylist.txt
adblock already supports an easylist source, called 'ruadlist'. To add the additional local easylist
as a new source, copy the existing config source 'ruadlist' section and change only
the source name, the url and the description - that's all!
config source 'rolist'
option enabled '0'
option adb_src 'https://easylist-downloads.adblockplus.org/rolist+easylist.txt'
option adb_src_rset '{FS=\"[|^]\"} \$0 ~/^\|\|([A-Za-z0-9_-]+\.){1,}[A-Za-z]+\^$/{print tolower(\$3)}'
option adb_src_desc 'focus on romanian ad related domains plus generic easylist additions, weekly updates, approx. 600 entries'
2. a bit harder ...
to add a really new source with different domain/host format you have to write a suitable
awk one-liner on your own, so basic awk skills are needed. As a starting point check the already
existing awk strings (adb_src_rset) in adblock config, maybe you need only small changes for your individual list.
Download the desired list and test your new awk string locally with:
cat new.list | awk 'fs__individual search__search core__result'
'fs' => field separator (optional)
'individual search' => individual search part to filter out needless list information
'search core' => always '([A-Za-z0-9_-]+\.){1,}[A-Za-z]+', this is part of all list sources and should be unchanged
'result' => always '{print tolower(\$n)}', only the output column 'n' may vary
the output result should be a sequential list with one domain/host per line - nothing more.
If your awk one-liner works quite well, add a new source section in adblock config and test your new source
Please join the adblock discussion in this forum thread or contact me by mail dev@brenken.org
Have fun!
Dirk