Dirk Brenken bc299d03f2 | 5 years ago | |
---|---|---|
.. | ||
README.md | 5 years ago | |
adblock.blacklist | 9 years ago | |
adblock.conf | 5 years ago | |
adblock.init | 5 years ago | |
adblock.mail | 5 years ago | |
adblock.service | 5 years ago | |
adblock.sh | 5 years ago | |
adblock.whitelist | 9 years ago |
A lot of people already use adblocker plugins within their desktop browsers, but what if you are using your (smart) phone, tablet, watch or any other (wlan) gadget!? Getting rid of annoying ads, trackers and other abuse sites (like facebook) is simple: block them with your router. When the DNS server on your router receives DNS requests, you will sort out queries that ask for the resource records of ad servers and return a simple 'NXDOMAIN'. This is nothing but Non-eXistent Internet or Intranet domain name, if domain name is unable to resolved using the DNS server, a condition called the 'NXDOMAIN' occurred.
/etc/adblock/adblock.blacklist
dnsmasq
, unbound
, named
(bind) and kresd
nxdomain
(default, supported by all backends), null
(supported only by dnsmasq
)uclient-fetch
, wget
, curl
, aria2c
, wget-nossl
, busybox-wget
http only
mode without installed SSL library for all non-SSL blocklist sourcestld compression
), this feature removes thousands of needless host entries from the blocklist and lowers the memory footprint for the DNS backendadb_list.overall
/etc/adblock/adblock.blacklist
or in LuCI/etc/adblock/adblock.whitelist
or in LuCIstart/stop/restart/reload/suspend/resume/query/status
)status
init commandadblock
, a full version (with SSL support) of wget
, uclient-fetch
with one of the libustream-*
SSL libraries, aria2c
or curl
is required
uclient-fetch
so in order to make adblock
work with its default configuration it is needed to install one of the libustream-*
SSL libraries. Example: opkg install libustream-openssl
http only
option and supports wget-nossl
and uclient-fetch
(without libustream-ssl
) as wellmsmtp
packagetcpdump
or tcpdump-mini
adblock
(opkg install adblock
)luci-app-adblock
(opkg install luci-app-adblock
)Services
menudnsmasq
by default), the download utility and enable the adblock service in /etc/config/adblock
/etc/init.d/adblock
start/stop/restart/reload/suspend/resume/status
or use the LuCI frontend/etc/init.d/adblock status
(see example below)adb\_debug
to 1
and check the runtime output with logread -e "adblock"
coreutils-sort
/etc/adblock
. Please add one domain per line - ip addresses, wildcards & regex are not allowed (see example below). You need to refresh your blocklists after changes to these static lists.adb\_maxqueue
value, e.g. 8
or 16
should be safewan
procd interface trigger. Choose none
to disable automatic startups, timed
to use a classic timeout (default 30 sec.) or select another trigger interfaceon
or off
, simply use /etc/init.d/adblock [suspend|resume]
<DOMAIN>
(see example below)global
config section:
adb_enabled
=> Main switch to enable/disable adblock service (default: 0
, disabled)adb_dns
=> Select the DNS backend for your environment: dnsmasq
, unbound
, named
or kresd
(default: dnsmasq
)adb_dnsvariant
=> Select the blocking variant: nxdomain
(default, supported by all backends), null (IPv4)
and null (IPv4/IPv6)
both options are only supported by dnsmasq
adb_fetchutil
=> Name of the used download utility: uclient-fetch
, wget
, curl
, aria2c
, wget-nossl
or busybox
(default: uclient-fetch
)adb_fetchparm
=> Special config options for the download utility (default: not set)adb_trigger
=> Set the startup trigger to a certain interface, to timed
or to none
(default: wan
)extra
config section:
adb_debug
=> Enable/disable adblock debug output (default: 0
, disabled)adb_nice
=> Set the nice level of the adblock process and all sub-processes (int/default: 0
, standard priority)adb_forcedns
=> Force DNS requests to local resolver (bool/default: 0
, disabled)adb_maxqueue
=> Size of the download queue to handle downloads & list processing in parallel (int/default: 8
)adb_dnsfilereset
=> The final DNS blockfile will be purged after DNS backend loading to save storage space (bool/default: false
, disabled)adb_report
=> Enable the background tcpdump gathering process to provide a detailed DNS Query Report (bool/default: 0
, disabled)adb_repdir
=> Target directory for DNS related report files generated by tcpdump (default: /tmp
)adb_backupdir
=> Target directory for adblock backups (default: /tmp
)adb_mail
=> Send notification emails in case of a processing errors or if the overall domain count is ≤ 0 (bool/default: 0
, disabled)adb_mreceiver
=> Receiver address for adblock notification emails (default: not set)extra
config section as well:
adb_dnsdir
=> Target directory for the generated blocklist adb_list.overall
(default: not set, use DNS backend default)adb_dnsinstance
=> set the relevant adblock enabled dnsmasq instance (int/default: '0', first dnsmasq instance)adb_blacklist
=> Full path to the static blacklist file (default: /etc/adblock/adblock.blacklist
)adb_whitelist
=> Full path to the static whitelist file (default: /etc/adblock/adblock.whitelist
)adb_triggerdelay
=> Additional trigger delay in seconds before adblock processing begins (int/default: 2
)adb_maxtld
=> Disable the tld compression, if the number of blocked domains is greater than this value (int/default: 100000
)adb_portlist
=> Space separated list of fw ports which should be redirected locally (default: 53 853 5353
)adb_dnsinotify
=> Disable adblock triggered restarts and the 'DNS File Reset' for DNS backends with autoload features (bool/default: false
, disabled)adb_dnsflush
=> Flush DNS cache after adblock processing, i.e. enable the old restart behavior (bool/default: 0
, disabled)adb_repiface
=> Reporting interface used by tcpdump, set to any
for multiple interfaces (default: br-lan
)adb_replisten
=> Space separated list of reporting port(s) used by tcpdump (default: 53
)adb_repchunkcnt
=> Report chunk count used by tcpdump (default: 5
)adb_repchunksize
=> Report chunk size used by tcpdump in MB (int/default: 1
)adb_msender
=> Sender address for adblock notification emails (default: no-reply@adblock
)adb_mtopic
=> Topic for adblock notification emails (default: adblock notification
)adb_mprofile
=> Email profile used in msmtp
for adblock notification emails (default: adb_notify
)adb_mcnt
=> Raise the minimum domain count email notification trigger (int/default: 0
)Change default DNS backend to unbound
:
Adblock deposits the final blocklist adb_list.overall
in /var/lib/unbound
where unbound can find them in its jail, no further configuration needed.
To preserve the DNS cache after adblock processing you need to install unbound-control
.
Change default DNS backend to named
(bind):
Adblock deposits the final blocklist adb_list.overall
in /var/lib/bind
.
To preserve the DNS cache after adblock processing you need to install & configure bind-rdnc
.
To use the blocklist please modify /etc/bind/named.conf
:
options
namespace add: response-policy { zone "rpz"; };
zone "rpz" {
type master;
file "/var/lib/bind/adb_list.overall";
allow-query { none; };
allow-transfer { none; };
};
Change default DNS backend to kresd
:
The knot-resolver (kresd) is only available on Turris Omnia devices.
Adblock deposits the final blocklist adb_list.overall
in /etc/kresd
, no further configuration needed.
Enable email notification via msmtp:
To use the email notification you have to install & configure the package msmtp
.
Modify the file /etc/msmtprc
:
[...]
defaults
auth on
tls on
tls_certcheck off
timeout 5
syslog LOG_MAIL
[...]
account adb_notify
host smtp.gmail.com
port 587
from dev.adblock@gmail.com
user dev.adblock
password xxx
Finally enable email support and add a valid email address in LuCI.
Receive adblock runtime information:
/etc/init.d/adblock status
::: adblock runtime information
+ adblock_status : enabled
+ adblock_version : 3.8.0
+ overall_domains : 48359
+ fetch_utility : /bin/uclient-fetch (libustream-ssl)
+ dns_backend : dnsmasq, /tmp
+ dns_variant : null (IPv4/IPv6), true
+ backup_dir : /mnt/data/adblock
+ last_rundate : 15.08.2019 08:43:16
+ system_release : GL.iNet GL-AR750S, OpenWrt SNAPSHOT r10720-ccb4b96b8a
Receive adblock DNS Query Report information:
/etc/init.d/adblock report
:::
::: Adblock DNS-Query Report
:::
+ Start ::: 2018-12-19, 16:29:40
+ End ::: 2018-12-19, 16:45:08
+ Total ::: 42
+ Blocked ::: 17 (40.48 %)
:::
::: Top 10 Clients
+ 32 ::: 101.167.1.103
+ 10 ::: abc1:abc1:abc0:0:abc1:abcb:abc5:abc3
:::
::: Top 10 Domains
+ 7 ::: dns.msftncsi.com
+ 4 ::: forum.openwrt.org
+ 2 ::: outlook.office365.com
+ 1 ::: www.google.com
+ 1 ::: www.deepl.com
+ 1 ::: safebrowsing.googleapis.com
+ 1 ::: play.googleapis.com
+ 1 ::: odc.officeapps.live.com
+ 1 ::: login.microsoftonline.com
+ 1 ::: test-my.sharepoint.com
:::
::: Top 10 Blocked Domains
+ 4 ::: nexus.officeapps.live.com
+ 4 ::: mobile.pipe.aria.microsoft.com
+ 3 ::: watson.telemetry.microsoft.com
+ 2 ::: v10.events.data.microsoft.com
+ 2 ::: settings-win.data.microsoft.com
+ 2 ::: nexusrules.officeapps.live.com
[...]
Cronjob for regular block list updates (/etc/crontabs/root
):
The following command as a cron job updates each individual block list from their source so that they hold the most current domains to block:
0 06 * * * /etc/init.d/adblock reload
Blacklist entry (/etc/adblock/adblock.blacklist
):
ads.example.com
This entry blocks the following (sub)domains:
http://ads.example.com/foo.gif
http://server1.ads.example.com/foo.gif
https://ads.example.com:8000/
This entry does not block:
http://ads.example.com.ua/foo.gif
http://example.com/
Whitelist entry (/etc/adblock/adblock.whitelist
):
here.com
This entry removes the following (sub)domains from the blocklist:
maps.here.com
here.com
This entry does not remove:
where.com
www.adwhere.com
Query the active blocklist, the backups and black-/whitelist for a certain (sub-)domain, e.g. for whitelisting:
The query function checks against the submitted (sub-)domain and recurses automatically to the upper top level domain. For every (sub-)domain it returns the first ten relevant results.
/etc/init.d/adblock query google.com
:::
::: results for domain 'google.com' in active blocklist
:::
+ adservice.google.com
+ adservice.google.com.au
+ adservice.google.com.vn
+ adservices.google.com
+ analytics.google.com
+ googleadapis.l.google.com
+ pagead.l.google.com
+ partnerad.l.google.com
+ ssl-google-analytics.l.google.com
+ video-stats.video.google.com
+ [...]
:::
::: results for domain 'google.com' in backups and black-/whitelist
:::
+ adb_list.adguard.gz partnerad.l.google.com
+ adb_list.adguard.gz googleadapis.l.google.com
+ adb_list.adguard.gz ssl-google-analytics.l.google.com
+ adb_list.adguard.gz [...]
+ adb_list.disconnect.gz pagead.l.google.com
+ adb_list.disconnect.gz partnerad.l.google.com
+ adb_list.disconnect.gz video-stats.video.google.com
+ adb_list.disconnect.gz [...]
+ adb_list.whocares.gz video-stats.video.google.com
+ adb_list.whocares.gz adservice.google.com
+ adb_list.whocares.gz adservice.google.com.au
+ adb_list.whocares.gz [...]
+ adb_list.yoyo.gz adservice.google.com
+ adb_list.yoyo.gz analytics.google.com
+ adb_list.yoyo.gz pagead.l.google.com
+ adb_list.yoyo.gz [...]
Add a new blocklist source:
config source 'reg_ro'
option enabled '0'
option adb_src 'https://easylist-downloads.adblockplus.org/rolist+easylist.txt'
option adb_src_rset 'BEGIN{FS=\"[|^]\"}/^\|\|([^([:space:]|#|\*|\/).]+\.)+[[:alpha:]]+\^("\\\$third-party")?$/{print tolower(\$3)}'
option adb_src_desc 'focus on romanian ads plus generic easylist additions, weekly updates, approx. 9.400 entries'
adb_src_rset
in the config file, probably you need only small changes for your individual list. Download the desired list and test your new awk string locally. The output result should be a sequential list with one domain/host per line - nothing more. If your awk one-liner works quite well, add a new source section to the adblock config file and test the new source.Please join the adblock discussion in this forum thread or contact me by email dev@brenken.org
Have fun!
Dirk