* simple but yet powerful adblock engine: adblock does not use error prone external iptables rulesets, http pixel server instances and things like that
* automatically selects dnsmasq or unbound as dns backend
* automatically selects uclient-fetch or wget as download utility (other tools like curl or aria2c are supported as well)
+* support http only mode (without installed ssl library) for all non-SSL blocklist sources
* automatically supports a wide range of router modes, even AP modes are supported
* full IPv4 and IPv6 support
* supports tld compression (top level domain compression), this feature removes thousands of needless host entries from the block lists and lowers the memory footprint for the dns backends
* suspend & resume adblock actions temporarily without block list reloading
* runtime information available via LuCI & via 'status' init command
* query function to quickly identify blocked (sub-)domains, e.g. for whitelisting
+* optional: force dns requests to local resolver
+* optional: force overall sort / duplicate removal for low memory devices (handle with care!)
* optional: automatic block list backup & restore, backups will be (de-)compressed and restored on the fly in case of any runtime error
* optional: add new adblock sources on your own via uci config
* a usual setup with an enabled dns backend at minimum - dump AP modes without a working dns backend are _not_ supported
* a download utility:
* to support all blocklist sources a full version (with ssl support) of 'wget', 'uclient-fetch' with one of the 'libustream-*' ssl libraries, 'aria2c' or 'curl' is required
- * for limited devices with real memory constraints, adblock provides also a plain http option and supports wget-nossl and uclient-fetch (wihout libustream-ssl), too
+ * for limited devices with real memory constraints, adblock provides also a plain http option and supports wget-nossl and uclient-fetch (without libustream-ssl), too
* for more configuration options see examples below
## LEDE trunk Installation & Usage
* **restrict procd interface trigger:** restrict the procd interface trigger to a (list of) certain interface(s) (default: wan). To disable it at all, remove all entries
* **suspend & resume adblocking:** to quickly switch the adblock service 'on' or 'off', simply use _/etc/init.d/adblock [suspend|resume]_
* **domain query:** to query the active block lists for a specific domain, please run _/etc/init.d/adblock query `<DOMAIN>`_ (see example below)
-* **divert dns requests:** to force dns requests to your local dns resolver add an appropriate firewall rule (see example below)
* **add new list sources:** you could add new block list sources on your own via uci config, all you need is a source url and an awk one-liner (see example below)
* **disable active dns probing in windows 10:** to prevent a yellow exclamation mark on your internet connection icon (which wrongly means connected, but no internet), please change the following registry key/value from "1" to "0" _HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet\EnableActiveProbing_
* adb\_iface => set the procd interface trigger to a (list of) lan / wan interface(s) (default: 'wan')
* adb\_fetch => full path to a different download utility, see example below (default: not set, use wget)
* adb\_fetchparm => options for the download utility, see example below (default: not set, use wget options)
- * adb\_triggerdelay => additional trigger delay in seconds before adblock processing starts (default: '1')
+ * adb\_triggerdelay => additional trigger delay in seconds before adblock processing starts (default: '2')
+ * adb\_forcedns => force dns requests to local resolver (default: '0', disabled)
+ * adb\_forcesrt => force overall sort on low memory devices with less than 64 MB RAM (default: '0', disabled)
## Examples
**change default dns backend to 'unbound':**
In the example above whitelist "www.doubleclick.net" to free the submitted domain.
</code></pre>
-**divert dns requests to local dns resolver in /etc/config/firewall:**
-<pre><code>
-config redirect
- option name 'Divert DNS'
- option src 'lan'
- option proto 'tcp udp'
- option src_dport '53'
- option dest_port '53'
- option target 'DNAT'
-</code></pre>
-
**add a new block list source:**
<pre><code>
1. the easy way ...
#
LC_ALL=C
PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-adb_ver="2.6.0-2"
+adb_ver="2.6.1"
adb_sysver="$(ubus -S call system board | jsonfilter -e '@.release.description')"
adb_enabled=1
adb_debug=0
+adb_forcesrt=0
+adb_forcedns=0
adb_backup=0
adb_backupdir="/mnt"
adb_whitelist="/etc/adblock/adblock.whitelist"
#
config_load adblock
config_foreach parse_config source
+
+ # force dns to local resolver
+ #
+ if [ ${adb_forcedns} -eq 1 ] && [ -z "$(uci -q get firewall.adblock_dns)" ]
+ then
+ uci -q set firewall.adblock_dns="redirect"
+ uci -q set firewall.adblock_dns.src="lan"
+ uci -q set firewall.adblock_dns.proto="tcp udp"
+ uci -q set firewall.adblock_dns.src_dport="53"
+ uci -q set firewall.adblock_dns.dest_port="53"
+ uci -q set firewall.adblock_dns.target="DNAT"
+ elif [ ${adb_forcedns} -eq 0 ] && [ -n "$(uci -q get firewall.adblock_dns)" ]
+ then
+ uci -q delete firewall.adblock_dns
+ fi
+ if [ -n "$(uci -q changes firewall)" ]
+ then
+ uci -q commit firewall
+ /etc/init.d/firewall reload >/dev/null 2>&1
+ fi
}
# f_envcheck: check/set environment prerequisites
# download block list
#
- f_log "debug" "name: ${src_name}, enabled: ${enabled}, backup: ${adb_backup}, dns: ${adb_dns}, fetch: ${adb_fetchinfo}, memory: ${mem_total}"
+ f_log "debug" "name: ${src_name}, enabled: ${enabled}, backup: ${adb_backup}, dns: ${adb_dns}, fetch: ${adb_fetchinfo}, memory: ${mem_total}, force srt/dns: ${adb_forcesrt}/${adb_forcedns}"
if [ "${src_name}" = "blacklist" ]
then
cat "${url}" 2>/dev/null > "${adb_tmpload}"
#
for src_name in $(ls -dASr "${adb_tmpdir}/${adb_dnsprefix}"* 2>/dev/null)
do
- if [ ${mem_total} -ge 64000 ]
+ if [ ${mem_total} -ge 64000 ] || [ ${adb_forcesrt} -eq 1 ]
then
if [ -s "${adb_tmpdir}/blocklist.overall" ]
then
projects / feed / packages.git / commitdiff