Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

adblock: release 1.0.0 (backport from trunk)

Browse source 
Bckport the adblock package from master.

Signed-off-by:  Hannu Nyman <hannu.nyman@iki.fi>
(backport from commit 9f719e4c2c)
This commit is contained in:
dirk 2016-03-16 16:11:49 +02:00 committed by Hannu Nyman
parent 8246c8d9b8
commit 081f255ac3
11 changed files with 1453 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

70
net/adblock/Makefile Normal file
View file

@ -0,0 +1,70 @@
#
# Copyright (C) 2015-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v3.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=adblock
PKG_VERSION:=1.0.0
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0+
PKG_MAINTAINER:=Dirk Brenken <openwrt@brenken.org>
include $(INCLUDE_DIR)/package.mk
define Package/$(PKG_NAME)
SECTION:=net
CATEGORY:=Network
TITLE:=Powerful adblock script to block ad/abuse domains
DEPENDS:=+wget
PKGARCH:=all
endef
define Package/$(PKG_NAME)/description
Powerful adblock script to block ad/abuse domains.
Currently the script supports 16 domain blacklist sites plus manual black- and whitelist overrides.
Please see https://github.com/openwrt/packages/blob/master/net/adblock/files/README.md for further information.
endef
define Package/$(PKG_NAME)/conffiles
/etc/config/adblock
/etc/adblock/adblock.whitelist
/etc/adblock/adblock.blacklist
endef
define Build/Prepare
endef
define Build/Configure
endef
define Build/Compile
endef
define Package/$(PKG_NAME)/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) ./files/adblock-update.sh $(1)/usr/bin/
$(INSTALL_DATA) ./files/adblock-helper.sh $(1)/usr/bin/
$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
$(INSTALL_BIN) ./files/adblock.hotplug $(1)/etc/hotplug.d/iface/99-adblock
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/adblock.init $(1)/etc/init.d/adblock
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/adblock.conf $(1)/etc/config/adblock
$(INSTALL_DIR) $(1)/etc/adblock
$(INSTALL_CONF) ./files/adblock.conf $(1)/etc/adblock/adblock.conf.default
$(INSTALL_CONF) ./files/adblock.blacklist $(1)/etc/adblock/
$(INSTALL_CONF) ./files/adblock.whitelist $(1)/etc/adblock/
$(INSTALL_DIR) $(1)/www/adblock
$(INSTALL_DATA) ./files/www/adblock/* $(1)/www/adblock/
endef
$(eval $(call BuildPackage,$(PKG_NAME)))

114
net/adblock/files/README.md Normal file
View file

@ -0,0 +1,114 @@
# adblock script for openwrt
## Description
A lot of people already use adblocker plugins within their desktop browsers, but what if you are using your (smart) phone, tablet, watch or any other wlan gadget...getting rid of annoying ads, trackers and other abuse sites (like facebook ;-) is simple: block them with your router. When the dns server on your router receives dns requests, you will sort out queries that ask for the resource records of ad servers and return the local ip address of your router and the internal web server delivers a transparent pixel instead.
## Main Features
* support of the following domain blocklist sources (free for private usage, for commercial use please check their individual licenses):
* [adaway](https://adaway.org)
* => infrequent updates, approx. 400 entries (enabled by default)
* [disconnect](https://disconnect.me)
* => numerous updates on the same day, approx. 6.500 entries (enabled by default)
* [dshield](http://dshield.org)
* => daily updates, approx. 4.500 entries
* [feodotracker](https://feodotracker.abuse.ch)
* => daily updates, approx. 0-10 entries
* [malwaredomains](http://malwaredomains.com)
* => daily updates, approx. 16.000 entries
* [malwaredomainlist](http://www.malwaredomainlist.com)
* => daily updates, approx. 1.500 entries
* [openphish](https://openphish.com)
* => numerous updates on the same day, approx. 1.800 entries
* [palevotracker](https://palevotracker.abuse.ch)
* => daily updates, approx. 15 entries
* [ruadlist/easylist](https://code.google.com/p/ruadlist)
* => weekly updates, approx. 2.000 entries
* [shallalist](http://www.shallalist.de) (categories "adv" "costtraps" "spyware" "tracker" "warez" enabled by default)
* => daily updates, approx. 32.000 entries (a short description of all shallalist categories can be found [online](http://www.shallalist.de/categories.html))
* [spam404](http://www.spam404.com)
* => infrequent updates, approx. 5.000 entries
* [sysctl/cameleon](http://sysctl.org/cameleon)
* => weekly updates, approx. 21.000 entries
* [whocares](http://someonewhocares.org)
* => weekly updates, approx. 12.000 entries
* [winhelp](http://winhelp2002.mvps.org)
* => infrequent updates, approx. 15.000 entries
* [yoyo](http://pgl.yoyo.org/adservers)
* => weekly updates, approx. 2.500 entries (enabled by default)
* [zeustracker](https://zeustracker.abuse.ch)
* => daily updates, approx. 440 entries
* zero-conf like automatic installation & setup, usually no manual changes needed (i.e. ip address, network devices etc.)
* full IPv4 and IPv6 support
* each blocklist source will be updated and processed separately
* timestamp check to download and process only updated adblock list sources
* overall duplicate removal in separate adblock lists (will be automatically disabled on low memory systems)
* adblock source list parsing by fast & flexible regex rulesets
* additional white- and blacklist support for manual overrides
* quality checks during & after update of adblock lists to ensure a reliable dnsmasq service
* basic adblock statistics via iptables packet counters for each chain
* status & error logging to stdout and syslog
* use a dynamic uhttpd instance as an adblock pixel server
* use dynamic iptables rulesets for adblock related redirects/rejects
* openwrt init system support (start/stop/restart/reload)
* hotplug support, the adblock start will be triggered by wan 'ifup' event
* optional: adblock list backup/restore (disabled by default)
## Prerequisites
* [openwrt](https://openwrt.org), tested with latest stable release (Chaos Calmer 15.05) and with current trunk (Designated Driver > r47025)
* usual openwrt setup with 'iptables' & 'uhttpd', additional required software packages:
* wget
* optional: 'kmod-ipt-nat6' for IPv6 support
* the above dependencies and requirements will be checked during package installation & script runtime
## Designated Driver Installation & Usage
* install the adblock package (*opkg install adblock*)
* start the adblock service with */etc/init.d/adblock start* and check *logread -e "adblock"* for adblock related information
* optional: enable/disable your required adblock list sources in */etc/config/adblock* - 'adaway', 'disconnect' and 'yoyo' are enabled by default
* optional: maintain the adblock service in luci under 'System => Startup'
## LuCI adblock companion package
For easy management of the various blocklist sources and and the adblock options there is also a nice & efficient LuCI frontend available.
Please install the package 'luci-app-adblock' (*opkg install luci-app-adblock*). Then you will find the application in LuCI located under 'Services' menu.
Thanks to Hannu Nyman for this great adblock LuCI frontend!
## Chaos Calmer installation notes
* currently the adblock package is *not* part of the CC package repository
* download the latest adblock package *adblock_x.xx.x-1_all.ipk* from a development snapshot [package directory](https://downloads.openwrt.org/snapshots/trunk/ar71xx/nand/packages/packages)
* due to server hardware troubles the package directory link above may not work, if so please check the [main openwrt download area](https://downloads.openwrt.org) manually
* manual transfer the package to your router and install the opkg package as usual
## Tweaks
* there is no need to enable all blacklist sites at once, for normal use one to three adblock list sources should be sufficient
* if you really need to handle all blacklists at once add an usb stick or any other storage device to enlarge your temp directory with a swap partition => see [openwrt wiki](https://wiki.openwrt.org/doc/uci/fstab) for further details
* add personal domain white- or blacklist entries as an additional blocklist source, one domain per line (wildcards & regex are not allowed!), by default both empty lists are located in */etc/adblock*
* enable the backup/restore feature, to restore automatically the latest stable backup of your adblock lists in case of any (partial) processing error (i.e. a single blocklist source server is down). Please use an (external) solid partition and *not* your volatile router temp directory for this
* for a scheduled call of the adblock service via */etc/init.d/adblock start* add an appropriate crontab entry
* in case of any script runtime errors, you should enable script debugging: for this please change the value of the main 'DEBUG' switch, you'll find it in the header of */usr/bin/adblock-update.sh*
## Further adblock config options
* usually the adblock autodetection works quite well and no manual config overrides are needed, all options apply to 'global' adblock config section:
* adb\_enabled => main switch to enable/disable adblock service (default: '1', enabled)
* adb\_cfgver => config version string (do not change!) - adblock checks this entry and automatically applies the current config, if none or an older revision was found.
* adb\_wanif => name of the logical wan interface (default: 'wan')
* adb\_lanif => name of the logical lan interface (default: 'lan')
* adb\_port => port of the adblock uhttpd instance (default: '65535')
* adb\_nullipv4 => IPv4 blackhole ip address (default: '192.0.2.1')
* adb\_nullipv6 => IPv6 blackhole ip address (default: '::ffff:c000:0201')
* adb\_forcedns => redirect all DNS queries to local dnsmasq resolver (default: '1', enabled)
## Background
This adblock package is a dns/dnsmasq based adblock solution for openwrt.
Queries to ad/abuse domains are never forwarded and always replied with a local IP address which may be IPv4 or IPv6.
For that purpose adblock uses an ip address from the private 'TEST-NET-1' subnet (192.0.2.1 / ::ffff:c000:0201) by default.
Furthermore all ad/abuse queries will be filtered by ip(6)tables and redirected to internal adblock pixel server (in PREROUTING chain) or rejected (in FORWARD or OUTPUT chain).
All iptables and uhttpd related adblock additions are non-destructive, no hard-coded changes in 'firewall.user', 'uhttpd' config or any other openwrt related config files. There is *no* adblock background daemon running, the (scheduled) start of the adblock service keeps only the adblock lists up-to-date.
## Support
Please join the adblock discussion in this [openwrt forum thread](https://forum.openwrt.org/viewtopic.php?id=59803) or contact me by mail <openwrt@brenken.org>
## Removal
* stop all adblock related services with */etc/init.d/adblock stop*
* optional: remove the adblock package (*opkg remove adblock*)
Have fun!
Dirk

639
net/adblock/files/adblock-helper.sh Normal file
View file

@ -0,0 +1,639 @@
#!/bin/sh
# function library used by adblock-update.sh
# written by Dirk Brenken (openwrt@brenken.org)
#####################################
# f_envload: load adblock environment
#
f_envload()
{
local cfg_version
# get version string from default adblock configuration file
#
cfg_version="$(/sbin/uci -q get adblock.global.adb_cfgver)"
cfg_enabled="$(/sbin/uci -q get adblock.global.adb_enabled)"
rc=$?
if [ $((rc)) -ne 0 ] || [ "${cfg_version}" != "${adb_scriptver%.*}" ]
then
cp -pf "/etc/adblock/adblock.conf.default" "/etc/config/adblock"
rc=$?
if [ $((rc)) -eq 0 ]
then
f_log "new default adblock configuration applied, please check your settings in '/etc/config/adblock'"
else
f_log "original adblock configuration not found, please (re-)install the adblock package via 'opkg install adblock --force-maintainer'" "${rc}"
f_exit
fi
elif [ $((rc)) -eq 0 ] && [ $((cfg_enabled)) -ne 1 ]
then
rc=-1
f_log "adblock is currently disabled, please run 'uci set adblock.global.adb_enabled=1' and 'uci commit adblock' to enable this service"
f_exit
fi
# source in openwrt function library
#
if [ -r "/lib/functions.sh" ]
then
. "/lib/functions.sh"
else
rc=110
f_log "openwrt function library not found" "${rc}"
f_exit
fi
# source in openwrt network library
#
if [ -r "/lib/functions/network.sh" ]
then
. "/lib/functions/network.sh"
else
rc=115
f_log "openwrt network library not found" "${rc}"
f_exit
fi
# check opkg availability and get list with all installed openwrt packages
#
if [ -r "/var/lock/opkg.lock" ]
then
rc=-1
f_log "adblock installation finished, 'opkg' currently locked by package installer"
f_exit
fi
pkg_list="$(opkg list-installed)"
if [ -z "${pkg_list}" ]
then
rc=120
f_log "empty openwrt package list" "${rc}"
f_exit
fi
}
######################################################
# f_envparse: parse adblock config and set environment
#
f_envparse()
{
# set initial defaults,
# may be overwritten by setting appropriate adblock config options in global section of /etc/config/adblock
#
adb_wanif="wan"
adb_lanif="lan"
adb_port="65535"
adb_nullipv4="192.0.2.1"
adb_nullipv6="::ffff:c000:0201"
adb_blacklist="/etc/adblock/adblock.blacklist"
adb_whitelist="/etc/adblock/adblock.whitelist"
adb_forcedns=1
# function to read global options by callback
#
config_cb()
{
local type="${1}"
local name="${2}"
if [ "${type}" = "adblock" ]
then
option_cb()
{
local option="${1}"
local value="${2}"
eval "${option}=\"${value}\""
}
else
reset_cb
fi
}
# function to iterate through config list, read only options in "enabled" sections
#
adb_cfglist="adb_backupdir adb_src"
unset adb_sources
parse_config()
{
local config="${1}"
config_get switch "${config}" "enabled"
if [ "${switch}" = "1" ]
then
for option in ${adb_cfglist}
do
config_get value "${config}" "${option}"
if [ -n "${value}" ]
then
if [ "${option}" = "adb_src" ]
then
if [ "${config}" = "shalla" ]
then
categories()
{
local cat="${1}"
adb_cat_shalla="${adb_cat_shalla} ${cat}"
}
eval "adb_arc_shalla=\"${value}\""
config_list_foreach "shalla" "adb_catlist" "categories"
else
adb_sources="${adb_sources} ${value}"
fi
else
eval "${option}=\"${value}\""
fi
fi
done
fi
}
# load adblock config and start parsing functions
#
config_load adblock
config_foreach parse_config service
config_foreach parse_config source
# set more script defaults (can't be overwritten by adblock config options)
#
adb_count=0
adb_minspace=12000
adb_tmpfile="$(mktemp -tu)"
adb_tmpdir="$(mktemp -p /tmp -d)"
adb_dnsdir="/tmp/dnsmasq.d"
adb_dnsprefix="adb_list"
adb_prechain_ipv4="prerouting_rule"
adb_fwdchain_ipv4="forwarding_rule"
adb_outchain_ipv4="output_rule"
adb_prechain_ipv6="PREROUTING"
adb_fwdchain_ipv6="forwarding_rule"
adb_outchain_ipv6="output_rule"
adb_fetch="/usr/bin/wget"
unset adb_srclist adb_revsrclist adb_errsrclist
# set adblock source ruleset definitions
#
rset_core="([A-Za-z0-9_-]+\.){1,}[A-Za-z]+"
rset_adaway="awk '\$0 ~/^127\.0\.0\.1[ \t]+${rset_core}/{print tolower(\$2)}'"
rset_blacklist="awk '\$1 ~/^${rset_core}/{print tolower(\$1)}'"
rset_disconnect="awk '\$1 ~/^${rset_core}/{print tolower(\$1)}'"
rset_dshield="awk '\$1 ~/^${rset_core}/{print tolower(\$1)}'"
rset_feodo="awk '\$1 ~/^${rset_core}/{print tolower(\$1)}'"
rset_malware="awk '\$1 ~/^${rset_core}/{print tolower(\$1)}'"
rset_malwarelist="awk '\$0 ~/^127\.0\.0\.1[ \t]+${rset_core}/{print tolower(\$2)}'"
rset_openphish="awk -F '/' '\$3 ~/^${rset_core}/{print tolower(\$3)}'"
rset_palevo="awk '\$1 ~/^${rset_core}/{print tolower(\$1)}'"
rset_ruadlist="awk -F '[|^]' '\$0 ~/^\|\|${rset_core}\^$/{print tolower(\$3)}'"
rset_shalla="awk -F '/' '\$1 ~/^${rset_core}/{print tolower(\$1)}'"
rset_spam404="awk '\$1 ~/^${rset_core}/{print tolower(\$1)}'"
rset_sysctl="awk '\$0 ~/^127\.0\.0\.1[ \t]+${rset_core}/{print tolower(\$2)}'"
rset_whocares="awk '\$0 ~/^127\.0\.0\.1[ \t]+${rset_core}/{print tolower(\$2)}'"
rset_winhelp="awk '\$0 ~/^0\.0\.0\.0[ \t]+${rset_core}/{print tolower(\$2)}'"
rset_yoyo="awk '\$1 ~/^${rset_core}/{print tolower(\$1)}'"
rset_zeus="awk '\$1 ~/^${rset_core}/{print tolower(\$1)}'"
# get logical wan update interfaces (with default route) and their device names
#
network_find_wan adb_wanif4
network_find_wan6 adb_wanif6
if [ -z "${adb_wanif4}" ] && [ -z "${adb_wanif6}" ]
then
rc=125
f_log "no valid IPv4/IPv6 wan update interface found" "${rc}"
f_exit
elif [ "${adb_wanif4}" = "${adb_lanif}" ] || [ "${adb_wanif6}" = "${adb_lanif}" ]
then
rc=125
f_log "LAN only (${adb_lanif}) network, no valid IPv4/IPv6 wan update interface found" "${rc}"
f_exit
else
network_get_device adb_wandev4 "${adb_wanif4}"
network_get_device adb_wandev6 "${adb_wanif6}"
break
fi
# get lan ip addresses
#
network_get_ipaddr adb_ipv4 "${adb_lanif}"
network_get_ipaddr6 adb_ipv6 "${adb_lanif}"
if [ -z "${adb_ipv4}" ] && [ -z "${adb_ipv6}" ]
then
rc=130
f_log "no valid IPv4/IPv6 configuration for given logical LAN interface found (${adb_lanif}), please set 'adb_lanif' manually" "${rc}"
f_exit
fi
}
#################################################
# f_envcheck: check/set environment prerequisites
#
f_envcheck()
{
local check
# check general package dependencies
#
f_depend "uhttpd"
f_depend "wget"
f_depend "iptables"
f_depend "kmod-ipt-nat"
# check ipv6 related package dependencies
#
if [ -n "${adb_wanif6}" ]
then
check="$(printf "${pkg_list}" | grep "^ip6tables -")"
if [ -z "${check}" ]
then
f_log "package 'ip6tables' not found, IPv6 support will be disabled"
unset adb_wanif6
else
check="$(printf "${pkg_list}" | grep "^kmod-ipt-nat6 -")"
if [ -z "${check}" ]
then
f_log "package 'kmod-ipt-nat6' not found, IPv6 support will be disabled"
unset adb_wanif6
fi
fi
fi
# check ca-certificates package and set wget parms accordingly
#
wget_parm="--no-config --quiet --tries=1 --no-cache --no-cookies --max-redirect=0 --dns-timeout=5 --connect-timeout=5 --read-timeout=5"
check="$(printf "${pkg_list}" | grep "^ca-certificates -")"
if [ -z "${check}" ]
then
wget_parm="${wget_parm} --no-check-certificate"
fi
# check adblock blacklist/whitelist configuration
#
if [ ! -r "${adb_blacklist}" ]
then
f_log "adblock blacklist not found, source will be disabled"
fi
if [ ! -r "${adb_whitelist}" ]
then
f_log "adblock whitelist not found, source will be disabled"
fi
# check adblock temp directory
#
if [ -n "${adb_tmpdir}" ] && [ -d "${adb_tmpdir}" ]
then
f_space "${adb_tmpdir}"
if [ "${space_ok}" = "false" ]
then
if [ $((av_space)) -le 2000 ]
then
rc=135
f_log "not enough free space in '${adb_tmpdir}' (avail. ${av_space} kb)" "${rc}"
f_exit
else
f_log "not enough free space to handle all adblock list sources at once in '${adb_tmpdir}' (avail. ${av_space} kb)"
fi
fi
else
rc=135
f_log "temp directory not found" "${rc}"
f_exit
fi
# memory check
#
mem_total="$(awk '$1 ~ /^MemTotal/ {printf $2}' "/proc/meminfo")"
mem_free="$(awk '$1 ~ /^MemFree/ {printf $2}' "/proc/meminfo")"
mem_swap="$(awk '$1 ~ /^SwapTotal/ {printf $2}' "/proc/meminfo")"
if [ $((mem_total)) -le 64000 ] && [ $((mem_swap)) -eq 0 ]
then
mem_ok="false"
f_log "not enough free memory, overall sort processing will be disabled (total: ${mem_total}, free: ${mem_free}, swap: ${mem_swap})"
fi
# check backup configuration
#
if [ -n "${adb_backupdir}" ] && [ -d "${adb_backupdir}" ]
then
f_space "${adb_backupdir}"
if [ "${space_ok}" = "false" ]
then
f_log "not enough free space in '${adb_backupdir}'(avail. ${av_space} kb), backup/restore will be disabled"
backup_ok="false"
else
f_log "backup/restore will be enabled"
backup_ok="true"
fi
else
backup_ok="false"
f_log "backup/restore will be disabled"
fi
# check ipv4/iptables configuration
#
if [ -n "${adb_wanif4}" ] && [ -n "${adb_wandev4}" ]
then
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-prerouting" "! -i ${adb_wandev4} -p tcp -d ${adb_nullipv4} -m multiport --dports 80,443 -j REDIRECT --to-ports ${adb_port}"
f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adb-forward" "! -i ${adb_wandev4} -d ${adb_nullipv4} -j REJECT --reject-with icmp-host-unreachable"
f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adb-output" "! -i ${adb_wandev4} -d ${adb_nullipv4} -j REJECT --reject-with icmp-host-unreachable"
if [ $((adb_forcedns)) -eq 1 ]
then
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-dns" "! -i ${adb_wandev4} -p udp --dport 53 -j REDIRECT"
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-dns" "! -i ${adb_wandev4} -p tcp --dport 53 -j REDIRECT"
fi
if [ "${fw_done}" = "true" ]
then
f_log "created volatile IPv4 firewall ruleset"
fw_done="false"
fi
fi
# check ipv6/ip6tables configuration
#
if [ -n "${adb_wanif6}" ] && [ -n "${adb_wandev6}" ]
then
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-prerouting" "! -i ${adb_wandev6} -p tcp -d ${adb_nullipv6} -m multiport --dports 80,443 -j REDIRECT --to-ports ${adb_port}"
f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adb-forward" "! -i ${adb_wandev6} -d ${adb_nullipv6} -j REJECT --reject-with icmp6-addr-unreachable"
f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adb-output" "! -i ${adb_wandev6} -d ${adb_nullipv6} -j REJECT --reject-with icmp6-addr-unreachable"
if [ $((adb_forcedns)) -eq 1 ]
then
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-dns" "! -i ${adb_wandev6} -p udp --dport 53 -j REDIRECT"
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-dns" "! -i ${adb_wandev6} -p tcp --dport 53 -j REDIRECT"
fi
if [ "${fw_done}" = "true" ]
then
f_log "created volatile IPv6 firewall ruleset"
fw_done="false"
fi
fi
# check volatile adblock uhttpd instance configuration
#
rc="$(ps | grep -q "[u]httpd.*\-h /www/adblock"; printf ${?})"
if [ $((rc)) -ne 0 ]
then
if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ]
then
uhttpd -h "/www/adblock" -k 5 -N 200 -t 0 -T 1 -D -S -E "/index.html" -p "${adb_ipv4}:${adb_port}" -p "[${adb_ipv6}]:${adb_port}"
rc=${?}
elif [ -n "${adb_wanif4}" ]
then
uhttpd -h "/www/adblock" -k 5 -N 200 -t 0 -T 1 -D -S -E "/index.html" -p "${adb_ipv4}:${adb_port}"
rc=${?}
elif [ -n "${adb_wanif6}" ]
then
uhttpd -h "/www/adblock" -k 5 -N 200 -t 0 -T 1 -D -S -E "/index.html" -p "[${adb_ipv6}]:${adb_port}"
rc=${?}
fi
if [ $((rc)) -eq 0 ]
then
f_log "created volatile uhttpd instance"
else
f_log "failed to initialize volatile uhttpd instance" "${rc}"
f_restore
fi
fi
# set dnsmasq defaults
#
if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ]
then
adb_dnsformat="awk -v ipv4="${adb_nullipv4}" -v ipv6="${adb_nullipv6}" '{print \"address=/\"\$0\"/\"ipv4\"\n\"\"address=/\"\$0\"/\"ipv6}'"
elif [ -n "${adb_wanif4}" ]
then
adb_dnsformat="awk -v ipv4="${adb_nullipv4}" '{print \"address=/\"\$0\"/\"ipv4}'"
elif [ -n "${adb_wanif6}" ]
then
adb_dnsformat="awk -v ipv6="${adb_nullipv6}" '{print \"address=/\"\$0\"/\"ipv6}'"
fi
# remove no longer used opkg package list
#
unset pkg_list
}
######################################
# f_depend: check package dependencies
#
f_depend()
{
local check
local package="${1}"
check="$(printf "${pkg_list}" | grep "^${package} -")"
if [ -z "${check}" ]
then
rc=140
f_log "package '${package}' not found" "${rc}"
f_exit
fi
}
##############################################
# f_firewall: set iptables rules for ipv4/ipv6
#
f_firewall()
{
local ipt
local iptv4="/usr/sbin/iptables"
local iptv6="/usr/sbin/ip6tables"
local proto="${1}"
local table="${2}"
local ctype="${3}"
local chain="${4}"
local notes="${5}"
local rules="${6}"
# select appropriate iptables executable
#
if [ "${proto}" = "IPv4" ]
then
ipt="${iptv4}"
else
ipt="${iptv6}"
fi
# check whether iptables rule already applied and proceed accordingly
#
rc="$("${ipt}" -w -t "${table}" -C "${chain}" -m comment --comment "${notes}" ${rules}; printf ${?})"
if [ $((rc)) -ne 0 ]
then
"${ipt}" -w -t "${table}" -"${ctype}" "${chain}" -m comment --comment "${notes}" ${rules}
rc=${?}
if [ $((rc)) -eq 0 ]
then
fw_done="true"
else
f_log "failed to initialize volatile ${proto} firewall rule '${notes}'" "${rc}"
f_restore
fi
fi
}
##########################################
# f_log: log messages to stdout and syslog
#
f_log()
{
local log_parm
local log_msg="${1}"
local log_rc="${2}"
local class="info "
# check for terminal session
#
if [ -t 1 ]
then
log_parm="-s"
fi
# log to different output devices and set log class accordingly
#
if [ -n "${log_msg}" ]
then
if [ $((log_rc)) -gt 0 ]
then
class="error"
log_rc=", rc: ${log_rc}"
log_msg="${log_msg}${log_rc}"
fi
/usr/bin/logger ${log_parm} -t "adblock[${adb_pid}] ${class}" "${log_msg}" 2>&1
fi
}
################################################
# f_space: check mount points/space requirements
#
f_space()
{
local mp="${1}"
# check relevant mount points in a subshell
#
if [ -d "${mp}" ]
then
av_space="$(df "${mp}" | tail -n1 | awk '{printf $4}')"
if [ $((av_space)) -lt $((adb_minspace)) ]
then
space_ok="false"
fi
fi
}
##################################################################
# f_restore: restore last adblock list backups and restart dnsmasq
#
f_restore()
{
local rm_done
local restore_done
# remove bogus adblock lists
#
if [ -n "${adb_revsrclist}" ]
then
rm_done="$(find "${adb_dnsdir}" -maxdepth 1 -type f \( ${adb_revsrclist} \) -print -exec rm -f "{}" \;)"
rc=${?}
if [ $((rc)) -eq 0 ] && [ -n "${rm_done}" ]
then
f_log "all bogus adblock lists removed"
elif [ $((rc)) -ne 0 ]
then
f_log "error during removal of bogus adblock lists" "${rc}"
f_exit
fi
fi
# restore backups
#
if [ "${backup_ok}" = "true" ] && [ "$(printf "${adb_backupdir}/${adb_dnsprefix}."*)" != "${adb_backupdir}/${adb_dnsprefix}.*" ]
then
restore_done="$(find "${adb_backupdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" -print -exec cp -pf "{}" "${adb_dnsdir}" \;)"
rc=${?}
if [ $((rc)) -eq 0 ] && [ -n "${restore_done}" ]
then
f_log "all available backups restored"
elif [ $((rc)) -ne 0 ]
then
f_log "error during restore of adblock lists" "${rc}"
f_exit
fi
else
f_log "no backups found, nothing to restore"
fi
# (re-)try dnsmasq restart without bogus adblock lists / with backups
#
if [ -n "${restore_done}" ] || [ -n "${rm_done}" ]
then
/etc/init.d/dnsmasq restart
sleep 1
rc="$(ps | grep -q "[d]nsmasq"; printf ${?})"
if [ $((rc)) -eq 0 ]
then
rc=0
adb_count="$(head -qn -3 "${adb_dnsdir}/${adb_dnsprefix}."* | wc -l)"
if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ]
then
adb_count="$((adb_count / 2))"
fi
f_log "adblock lists with overall ${adb_count} domains loaded"
else
rc=145
f_log "dnsmasq restart failed, please check 'logread' output" "${rc}"
fi
fi
f_exit
}
###################################
# f_exit: delete (temporary) files,
# generate statistics and exit
#
f_exit()
{
local ipv4_prerouting=0
local ipv4_forward=0
local ipv4_output=0
local ipv6_prerouting=0
local ipv6_forward=0
local ipv6_output=0
local iptv4="/usr/sbin/iptables"
local iptv6="/usr/sbin/ip6tables"
# delete temporary files & directories
#
if [ -f "${adb_tmpfile}" ]
then
rm -f "${adb_tmpfile}"
fi
if [ -d "${adb_tmpdir}" ]
then
rm -rf "${adb_tmpdir}"
fi
# final log message and iptables statistics
#
if [ $((rc)) -eq 0 ]
then
if [ -n "${adb_wanif4}" ]
then
ipv4_prerouting="$(${iptv4} -t nat -vnL | awk '$11 ~ /^adb-prerouting$/ {sum += $1} END {printf sum}')"
ipv4_forward="$(${iptv4} -vnL | awk '$11 ~ /^adb-forward$/ {sum += $1} END {printf sum}')"
ipv4_output="$(${iptv4} -vnL | awk '$11 ~ /^adb-output$/ {sum += $1} END {printf sum}')"
fi
if [ -n "${adb_wanif6}" ]
then
ipv6_prerouting="$(${iptv6} -t nat -vnL | awk '$10 ~ /^adb-prerouting$/ {sum += $1} END {printf sum}')"
ipv6_forward="$(${iptv6} -vnL | awk '$10 ~ /^adb-forward$/ {sum += $1} END {printf sum}')"
ipv6_output="$(${iptv6} -vnL | awk '$10 ~ /^adb-output$/ {sum += $1} END {printf sum}')"
fi
f_log "adblock firewall statistics (IPv4/IPv6):"
f_log "${ipv4_prerouting}/${ipv6_prerouting} packets redirected in PREROUTING chain"
f_log "${ipv4_forward}/${ipv6_forward} packets rejected in FORWARD chain"
f_log "${ipv4_output}/${ipv6_output} packets rejected in OUTPUT chain"
f_log "domain adblock processing finished successfully (${adb_scriptver}, ${openwrt_version}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))"
elif [ $((rc)) -gt 0 ]
then
f_log "domain adblock processing failed (${adb_scriptver}, ${openwrt_version}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))"
else
rc=0
fi
rm -f "${adb_pidfile}"
exit ${rc}
}

434
net/adblock/files/adblock-update.sh Executable file
View file

@ -0,0 +1,434 @@
#!/bin/sh
# ad/abuse domain blocking script for dnsmasq/openwrt
# written by Dirk Brenken (openwrt@brenken.org)
# This is free software, licensed under the GNU General Public License v3.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# set the C locale
#
LC_ALL=C
# script debug switch (disabled by default)
# set 'DEBUG=1' to enable script debugging
#
DEBUG=0
if [ $((DEBUG)) -eq 0 ]
then
exec 2>/dev/null
fi
# pid handling
#
adb_pid="${$}"
adb_pidfile="/var/run/adblock.pid"
if [ -r "${adb_pidfile}" ]
then
rc=255
/usr/bin/logger -s -t "adblock[${adb_pid}] error" "adblock service already running ($(cat ${adb_pidfile}))"
exit ${rc}
else
printf "${adb_pid}" > "${adb_pidfile}"
fi
# get current directory, script- and openwrt version
#
adb_scriptdir="${0%/*}"
adb_scriptver="1.0.0"
openwrt_version="$(cat /etc/openwrt_version)"
# source in adblock function library
#
if [ -r "${adb_scriptdir}/adblock-helper.sh" ]
then
. "${adb_scriptdir}/adblock-helper.sh"
else
rc=254
/usr/bin/logger -s -t "adblock[${adb_pid}] error" "adblock function library not found"
rm -f "${adb_pidfile}"
exit ${rc}
fi
# call trap function on error signals (HUP, INT, QUIT, BUS, SEGV, TERM)
#
trap "rc=250; f_log 'error signal received/trapped' '${rc}'; f_exit" 1 2 3 10 11 15
# load environment
#
f_envload
# start logging
#
f_log "domain adblock processing started (${adb_scriptver}, ${openwrt_version}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))"
# parse environment
#
f_envparse
# check environment
#
f_envcheck
# start shallalist (pre-)processing
#
if [ -n "${adb_arc_shalla}" ]
then
# start shallalist processing
#
shalla_archive="${adb_tmpdir}/shallalist.tar.gz"
shalla_file="${adb_tmpdir}/shallalist.txt"
src_name="shalla"
adb_dnsfile="${adb_dnsdir}/${adb_dnsprefix}.${src_name}"
if [ -r "${adb_dnsfile}" ]
then
list_time="$(awk '$0 ~ /^# last modified/ {printf substr($0,18)}' "${adb_dnsfile}")"
fi
f_log "=> (pre-)processing adblock source '${src_name}'"
# only process shallalist archive with updated timestamp,
# extract and merge only domains of selected shallalist categories
#
shalla_time="$(${adb_fetch} ${wget_parm} --server-response --spider "${adb_arc_shalla}" 2>&1 | awk '$0 ~ /Last-Modified/ {printf substr($0,18)}')"
if [ -z "${shalla_time}" ]
then
shalla_time="$(date)"
f_log " no online timestamp received, current date will be used"
fi
if [ -z "${list_time}" ] || [ "${list_time}" != "${shalla_time}" ]
then
${adb_fetch} ${wget_parm} --output-document="${shalla_archive}" "${adb_arc_shalla}"
rc=${?}
if [ $((rc)) -eq 0 ]
then
> "${shalla_file}"
for category in ${adb_cat_shalla}
do
tar -xOzf "${shalla_archive}" BL/${category}/domains >> "${shalla_file}"
rc=${?}
if [ $((rc)) -ne 0 ]
then
f_log " archive extraction failed (${category})"
break
fi
done
# remove temporary files
#
rm -f "${shalla_archive}"
rm -rf "${adb_tmpdir}/BL"
if [ $((rc)) -eq 0 ]
then
adb_sources="${adb_sources} ${shalla_file}&ruleset=rset_shalla"
f_log " source archive (pre-)processing finished"
else
rc=0
fi
else
rc=0
adb_errsrclist="-name ${adb_dnsprefix}.${src_name}"
f_log " source archive download failed"
fi
else
adb_srclist="! -name ${adb_dnsprefix}.${src_name}"
f_log " source archive doesn't change, no update required"
fi
fi
# add blacklist source to active adblock domain sources
#
if [ -s "${adb_blacklist}" ]
then
adb_sources="${adb_sources} ${adb_blacklist}&ruleset=rset_blacklist"
fi
# loop through active adblock domain sources,
# download sources, prepare output and store all extracted domains in temp file
#
for src in ${adb_sources}
do
url="${src/\&ruleset=*/}"
src_name="${src/*\&ruleset=rset_/}"
adb_dnsfile="${adb_dnsdir}/${adb_dnsprefix}.${src_name}"
if [ -r "${adb_dnsfile}" ]
then
list_time="$(awk '$0 ~ /^# last modified/ {printf substr($0,18)}' "${adb_dnsfile}")"
fi
f_log "=> processing adblock source '${src_name}'"
# prepare find statement with active adblock list sources
#
if [ -z "${adb_srclist}" ]
then
adb_srclist="! -name ${adb_dnsprefix}.${src_name}"
else
adb_srclist="${adb_srclist} -a ! -name ${adb_dnsprefix}.${src_name}"
fi
# only download adblock list with newer/updated timestamp
#
if [ "${src_name}" = "blacklist" ]
then
url_time="$(date -r "${adb_blacklist}")"
elif [ "${src_name}" = "shalla" ]
then
url_time="${shalla_time}"
else
url_time="$(${adb_fetch} ${wget_parm} --server-response --spider "${url}" 2>&1 | awk '$0 ~ /Last-Modified/ {printf substr($0,18)}')"
fi
if [ -z "${url_time}" ]
then
url_time="$(date)"
f_log " no online timestamp received, current date will be used"
fi
if [ -z "${list_time}" ] || [ "${list_time}" != "${url_time}" ]
then
if [ "${src_name}" = "blacklist" ]
then
tmp_domains="$(cat "${adb_blacklist}")"
rc=${?}
elif [ "${src_name}" = "shalla" ]
then
tmp_domains="$(cat "${shalla_file}")"
rc=${?}
else
tmp_domains="$(${adb_fetch} ${wget_parm} --output-document=- "${url}")"
rc=${?}
fi
else
f_log " source doesn't change, no update required"
continue
fi
# check download result and prepare domain output by regex patterns
#
if [ $((rc)) -eq 0 ] && [ -n "${tmp_domains}" ]
then
eval "src_rset=\${rset_${src_name}}"
count="$(printf "%s\n" "${tmp_domains}" | eval "${src_rset}" | tee "${adb_tmpfile}" | wc -l)"
f_log " source download finished (${count} entries)"
if [ "${src_name}" = "shalla" ]
then
rm -f "${shalla_file}"
fi
unset tmp_domains
elif [ $((rc)) -eq 0 ] && [ -z "${tmp_domains}" ]
then
f_log " empty source download finished"
continue
else
rc=0
if [ -z "${adb_errsrclist}" ]
then
adb_errsrclist="-name ${adb_dnsprefix}.${src_name}"
else
adb_errsrclist="${adb_errsrclist} -o -name ${adb_dnsprefix}.${src_name}"
fi
f_log " source download failed"
continue
fi
# remove whitelist domains, sort domains and make them unique,
# finally rewrite ad/abuse domain information to separate dnsmasq files
#
if [ $((count)) -gt 0 ] && [ -n "${adb_tmpfile}" ]
then
if [ -s "${adb_whitelist}" ]
then
grep -Fvxf "${adb_whitelist}" "${adb_tmpfile}" | sort -u | eval "${adb_dnsformat}" > "${adb_dnsfile}"
rc=${?}
else
sort -u "${adb_tmpfile}" | eval "${adb_dnsformat}" > "${adb_dnsfile}"
rc=${?}
fi
# prepare find statement with revised adblock list sources
#
if [ -z "${adb_revsrclist}" ]
then
adb_revsrclist="-name ${adb_dnsprefix}.${src_name}"
else
adb_revsrclist="${adb_revsrclist} -o -name ${adb_dnsprefix}.${src_name}"
fi
# write preliminary footer
#
if [ $((rc)) -eq 0 ]
then
printf "%s\n" "#---------------------------------------------" >> "${adb_dnsfile}"
printf "%s\n" "# last modified: ${url_time}" >> "${adb_dnsfile}"
printf "%s\n" "##" >> "${adb_dnsfile}"
f_log " domain merging finished"
else
f_log " domain merging failed" "${rc}"
f_restore
fi
else
f_log " empty domain input received"
continue
fi
done
# remove disabled adblock lists and their backups
#
if [ -n "${adb_srclist}" ]
then
rm_done="$(find "${adb_dnsdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" \( ${adb_srclist} \) -print -exec rm -f "{}" \;)"
rc=${?}
if [ $((rc)) -eq 0 ] && [ -n "${rm_done}" ]
then
f_log "disabled adblock lists removed"
if [ "${backup_ok}" = "true" ]
then
rm_done="$(find "${adb_backupdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" \( ${adb_srclist} \) -print -exec rm -f "{}" \;)"
rc=${?}
if [ $((rc)) -eq 0 ] && [ -n "${rm_done}" ]
then
f_log "disabled adblock list backups removed"
elif [ $((rc)) -ne 0 ]
then
f_log "error during removal of disabled adblock list backups" "${rc}"
f_exit
fi
fi
elif [ $((rc)) -ne 0 ]
then
f_log "error during removal of disabled adblock lists" "${rc}"
f_exit
fi
else
rm_done="$(find "${adb_dnsdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" -print -exec rm -f "{}" \;)"
rc=${?}
if [ $((rc)) -eq 0 ] && [ -n "${rm_done}" ]
then
f_log "all adblock lists removed"
if [ "${backup_ok}" = "true" ]
then
rm_done="$(find "${adb_backupdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" -print -exec rm -f "{}" \;)"
rc=${?}
if [ $((rc)) -eq 0 ] && [ -n "${rm_done}" ]
then
f_log "all adblock list backups removed"
elif [ $((rc)) -ne 0 ]
then
f_log "error during removal of all adblock list backups" "${rc}"
f_exit
fi
fi
elif [ $((rc)) -ne 0 ]
then
f_log "error during removal of all adblock lists" "${rc}"
f_exit
fi
fi
# partial restore of adblock lists in case of download errors
#
if [ "${backup_ok}" = "true" ] && [ -n "${adb_errsrclist}" ]
then
restore_done="$(find "${adb_backupdir}" -maxdepth 1 -type f \( ${adb_errsrclist} \) -print -exec cp -pf "{}" "${adb_dnsdir}" \;)"
rc=${?}
if [ $((rc)) -eq 0 ] && [ -n "${restore_done}" ]
then
f_log "partial restore done"
elif [ $((rc)) -ne 0 ]
then
f_log "error during partial restore" "${rc}"
f_exit
fi
fi
# make separate adblock lists entries unique
#
if [ "${mem_ok}" != "false" ]
then
if [ -n "${adb_revsrclist}" ]
then
f_log "remove duplicates in separate adblock lists"
# generate a temporary unique overall list
#
head -qn -3 "${adb_dnsdir}/${adb_dnsprefix}."* | sort -u > "${adb_dnsdir}/tmp.overall"
# loop through all separate lists, ordered by size (ascending)
#
for list in $(ls -Sr "${adb_dnsdir}/${adb_dnsprefix}."*)
do
# check original separate list vs. temporary overall list,
# rewrite only duplicate entries back to temporary separate list
#
list="${list/*./}"
sort "${adb_dnsdir}/tmp.overall" "${adb_dnsdir}/${adb_dnsprefix}.${list}" | uniq -d > "${adb_dnsdir}/tmp.${list}"
# rewrite only unique entries back to temporary overall list
#
tmp_unique="$(sort "${adb_dnsdir}/tmp.overall" "${adb_dnsdir}/tmp.${list}" | uniq -u)"
printf "%s\n" "${tmp_unique}" > "${adb_dnsdir}/tmp.overall"
# write unique result back to original separate list (with list footer)
#
tail -qn 3 "${adb_dnsdir}/$adb_dnsprefix.${list}" >> "${adb_dnsdir}/tmp.${list}"
mv -f "${adb_dnsdir}/tmp.${list}" "${adb_dnsdir}/${adb_dnsprefix}.${list}"
done
rm -f "${adb_dnsdir}/tmp.overall"
fi
fi
# set separate list count & get overall count
#
for list in $(ls -Sr "${adb_dnsdir}/${adb_dnsprefix}."*)
do
list="${list/*./}"
count="$(head -qn -3 "${adb_dnsdir}/${adb_dnsprefix}.${list}" | wc -l)"
if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ]
then
count=$((count / 2))
fi
if [ "$(tail -qn 1 "${adb_dnsdir}/${adb_dnsprefix}.${list}")" = "##" ]
then
last_line="# ${0##*/} (${adb_scriptver}) - ${count} ad\/abuse domains blocked"
sed -i "s/^##$/${last_line}/" "${adb_dnsdir}/${adb_dnsprefix}.${list}"
fi
adb_count=$((adb_count + count))
done
# restart dnsmasq with newly generated or deleted adblock lists,
# check dnsmasq startup afterwards
#
if [ -n "${adb_revsrclist}" ] || [ -n "${rm_done}" ] || [ -n "${restore_done}" ]
then
/etc/init.d/dnsmasq restart
sleep 1
rc="$(ps | grep -q "[d]nsmasq"; printf ${?})"
if [ $((rc)) -eq 0 ]
then
f_log "adblock lists with overall ${adb_count} domains loaded"
else
rc=100
f_log "dnsmasq restart failed, please check 'logread' output" "${rc}"
f_restore
fi
else
f_log "adblock lists with overall ${adb_count} domains are still valid, no dnsmasq restart required"
fi
# create adblock list backups
#
if [ "${backup_ok}" = "true" ] && [ -n "${adb_revsrclist}" ] && [ "$(printf "${adb_dnsdir}/${adb_dnsprefix}."*)" != "${adb_dnsdir}/${adb_dnsprefix}.*" ]
then
backup_done="$(find "${adb_dnsdir}" -maxdepth 1 -type f \( ${adb_revsrclist} \) -print -exec cp -pf "{}" "${adb_backupdir}" \;)"
rc=${?}
if [ $((rc)) -eq 0 ] && [ -n "${backup_done}" ]
then
f_log "new adblock list backups generated"
elif [ $((rc)) -ne 0 ]
then
f_log "error during backup of adblock lists" "${rc}"
f_exit
fi
fi
# remove temporary files and exit
#
f_exit

0
net/adblock/files/adblock.blacklist Normal file
View file

98
net/adblock/files/adblock.conf Normal file
View file

@ -0,0 +1,98 @@
# adblock configuration, for further information
# see 'https://github.com/openwrt/packages/blob/master/net/adblock/files/README.md'
config adblock 'global'
option adb_enabled '1'
option adb_cfgver '1.0'
option adb_blacklist '/etc/adblock/adblock.blacklist'
option adb_whitelist '/etc/adblock/adblock.whitelist'
option adb_forcedns '1'
config service 'backup'
option enabled '0'
option adb_backupdir '/mnt'
config source 'adaway'
option enabled '1'
option adb_src 'https://adaway.org/hosts.txt&ruleset=rset_adaway'
option adb_srcdesc 'focus on mobile ads, infrequent updates, approx. 400 entries'
config source 'disconnect'
option enabled '1'
option adb_src 'https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt&ruleset=rset_disconnect'
option adb_srcdesc 'mozilla driven content blocklist, numerous updates on the same day, approx. 6.500 entries'
config source 'dshield'
option enabled '0'
option adb_src 'http://www.dshield.org/feeds/suspiciousdomains_Low.txt&ruleset=rset_dshield'
option adb_srcdesc 'broad blocklist for suspicious domains, daily updates, approx. 4.500 entries'
config source 'feodo'
option enabled '0'
option adb_src 'https://feodotracker.abuse.ch/blocklist/?download=domainblocklist&ruleset=rset_feodo'
option adb_srcdesc 'focus on feodo botnet domains, daily updates, approx. 0-10 entries'
config source 'malware'
option enabled '0'
option adb_src 'https://mirror.cedia.org.ec/malwaredomains/justdomains&ruleset=rset_malware'
option adb_srcdesc 'broad blocklist for malware domains, daily updates, approx. 16.000 entries'
config source 'malwarelist'
option enabled '0'
option adb_src 'http://www.malwaredomainlist.com/hostslist/hosts.txt&ruleset=rset_malwarelist'
option adb_srcdesc 'generic blocklist for malware domains, daily updates, approx. 1.500 entries'
config source 'openphish'
option enabled '0'
option adb_src 'https://openphish.com/feed.txt&ruleset=rset_openphish'
option adb_srcdesc 'focus on phishing domains, numerous updates on the same day, approx. 1.800 entries'
config source 'palevo'
option enabled '0'
option adb_src 'https://palevotracker.abuse.ch/blocklists.php?download=domainblocklist&ruleset=rset_palevo'
option adb_srcdesc 'focus on palevo worm domains, daily updates, approx. 15 entries'
config source 'ruadlist'
option enabled '0'
option adb_src 'https://easylist-downloads.adblockplus.org/ruadlist+easylist.txt&ruleset=rset_ruadlist'
option adb_srcdesc 'focus on russian ad related domains plus generic easylist additions, weekly updates, approx. 2.000 entries'
config source 'shalla'
option enabled '0'
option adb_src 'http://www.shallalist.de/Downloads/shallalist.tar.gz'
option adb_srcdesc 'broad blocklist subdivided in different categories (adv, costtraps, spyware, tracker and warez enabled by default), daily updates, approx. 32.000 entries'
list adb_catlist 'adv'
list adb_catlist 'costtraps'
list adb_catlist 'spyware'
list adb_catlist 'tracker'
list adb_catlist 'warez'
config source 'spam404'
option enabled '0'
option adb_src 'https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt&ruleset=rset_spam404'
option adb_srcdesc 'generic blocklist for suspicious domains, infrequent updates, approx. 5.000 entries'
config source 'sysctl'
option enabled '0'
option adb_src 'http://sysctl.org/cameleon/hosts&ruleset=rset_sysctl'
option adb_srcdesc 'generic blocklist for ad related domains, weekly updates, approx. 21.000 entries'
config source 'whocares'
option enabled '0'
option adb_src 'http://someonewhocares.org/hosts/hosts&ruleset=rset_whocares'
option adb_srcdesc 'broad blocklist for suspicious domains, weekly updates, approx. 12.000 entries'
config source 'winhelp'
option enabled '0'
option adb_src 'http://winhelp2002.mvps.org/hosts.txt&ruleset=rset_winhelp'
option adb_srcdesc 'broad blocklist for suspicious domains, infrequent updates, approx. 15.000 entries'
config source 'yoyo'
option enabled '1'
option adb_src 'https://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=0&mimetype=plaintext&ruleset=rset_yoyo'
option adb_srcdesc 'focus on ad related domains, weekly updates, approx. 2.500 entries'
config source 'zeus'
option enabled '0'
option adb_src 'https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist&ruleset=rset_zeus'
option adb_srcdesc 'focus on zeus botnet domains, daily updates, approx. 440 entries'

21
net/adblock/files/adblock.hotplug Normal file
View file

@ -0,0 +1,21 @@
#!/bin/sh
#
adb_pid="${$}"
adb_pidfile="/var/run/adblock.pid"
adb_logger="/usr/bin/logger"
if [ -f "${adb_pidfile}" ] || [ "${ACTION}" != "ifup" ]
then
exit 0
fi
. /lib/functions/network.sh
network_find_wan adb_wanif4
network_find_wan6 adb_wanif6
if [ "${INTERFACE}" = "${adb_wanif4}" ] || [ "${INTERFACE}" = "${adb_wanif6}" ]
then
/etc/init.d/adblock start
"${adb_logger}" -t "adblock[${adb_pid}] info " "adblock service started due to '${ACTION}' of '${INTERFACE}' interface"
fi

71
net/adblock/files/adblock.init Executable file
View file

@ -0,0 +1,71 @@
#!/bin/sh /etc/rc.common
#
START=99
exec 2>/dev/null
adb_pid="${$}"
adb_script="/usr/bin/adblock-update.sh"
adb_pidfile="/var/run/adblock.pid"
adb_logger="/usr/bin/logger"
if [ -t 1 ]
then
log_parm="-s"
unset bg_parm
else
unset log_parm
bg_parm="&"
fi
if [ -r "${adb_pidfile}" ]
then
"${adb_logger}" ${log_parm} -t "adblock[${adb_pid}] error" "adblock service already running ($(cat ${adb_pidfile})" 2>&1
exit 255
fi
boot()
{
return 0
}
start()
{
eval "${adb_script}" ${bg_parm}
return 0
}
restart()
{
stop
start
}
reload()
{
stop
start
}
stop()
{
rm_done="$(find "/tmp/dnsmasq.d" -maxdepth 1 -type f -name "adb_list.*" -print -exec rm -f "{}" \;)"
rc=${?}
if [ $((rc)) -eq 0 ] && [ -n "${rm_done}" ]
then
/etc/init.d/dnsmasq restart
/etc/init.d/firewall restart
fi
uhttpd_pid="$(ps | grep "[u]httpd.*\-h /www/adblock" | awk '{print $1}')"
if [ -n "${uhttpd_pid}" ]
then
kill -9 "${uhttpd_pid}"
fi
if [ -n "${rm_done}" ] || [ -n "${uhttpd_pid}" ]
then
"${adb_logger}" ${log_parm} -t "adblock[${adb_pid}] info " "all adblock related services stopped" 2>&1
fi
return 0
}

0
net/adblock/files/adblock.whitelist Normal file
View file

BIN
net/adblock/files/www/adblock/adblock.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 68 B

6
net/adblock/files/www/adblock/index.html Normal file
View file

@ -0,0 +1,6 @@
<html>
<head><meta charset="utf-8"></head>
<body>
<img src="/adblock.png" border="0" alt=""></img>
</body>
</html>