From 081f255ac3977800bd9281cc04691f15949f1f64 Mon Sep 17 00:00:00 2001 From: dirk Date: Wed, 16 Mar 2016 16:11:49 +0200 Subject: [PATCH] adblock: release 1.0.0 (backport from trunk) Bckport the adblock package from master. Signed-off-by: Hannu Nyman (backport from commit 9f719e4c2cb7f7aa75e21856e0a734087563294c) --- net/adblock/Makefile | 70 +++ net/adblock/files/README.md | 114 ++++ net/adblock/files/adblock-helper.sh | 639 ++++++++++++++++++++++ net/adblock/files/adblock-update.sh | 434 +++++++++++++++ net/adblock/files/adblock.blacklist | 0 net/adblock/files/adblock.conf | 98 ++++ net/adblock/files/adblock.hotplug | 21 + net/adblock/files/adblock.init | 71 +++ net/adblock/files/adblock.whitelist | 0 net/adblock/files/www/adblock/adblock.png | Bin 0 -> 68 bytes net/adblock/files/www/adblock/index.html | 6 + 11 files changed, 1453 insertions(+) create mode 100644 net/adblock/Makefile create mode 100644 net/adblock/files/README.md create mode 100644 net/adblock/files/adblock-helper.sh create mode 100755 net/adblock/files/adblock-update.sh create mode 100644 net/adblock/files/adblock.blacklist create mode 100644 net/adblock/files/adblock.conf create mode 100644 net/adblock/files/adblock.hotplug create mode 100755 net/adblock/files/adblock.init create mode 100644 net/adblock/files/adblock.whitelist create mode 100644 net/adblock/files/www/adblock/adblock.png create mode 100644 net/adblock/files/www/adblock/index.html diff --git a/net/adblock/Makefile b/net/adblock/Makefile new file mode 100644 index 0000000000..b11a62ceec --- /dev/null +++ b/net/adblock/Makefile @@ -0,0 +1,70 @@ +# +# Copyright (C) 2015-2016 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v3. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=adblock +PKG_VERSION:=1.0.0 +PKG_RELEASE:=1 +PKG_LICENSE:=GPL-3.0+ +PKG_MAINTAINER:=Dirk Brenken + +include $(INCLUDE_DIR)/package.mk + +define Package/$(PKG_NAME) + SECTION:=net + CATEGORY:=Network + TITLE:=Powerful adblock script to block ad/abuse domains + DEPENDS:=+wget + PKGARCH:=all +endef + +define Package/$(PKG_NAME)/description +Powerful adblock script to block ad/abuse domains. +Currently the script supports 16 domain blacklist sites plus manual black- and whitelist overrides. +Please see https://github.com/openwrt/packages/blob/master/net/adblock/files/README.md for further information. + +endef + +define Package/$(PKG_NAME)/conffiles +/etc/config/adblock +/etc/adblock/adblock.whitelist +/etc/adblock/adblock.blacklist +endef + +define Build/Prepare +endef + +define Build/Configure +endef + +define Build/Compile +endef + +define Package/$(PKG_NAME)/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) ./files/adblock-update.sh $(1)/usr/bin/ + $(INSTALL_DATA) ./files/adblock-helper.sh $(1)/usr/bin/ + + $(INSTALL_DIR) $(1)/etc/hotplug.d/iface + $(INSTALL_BIN) ./files/adblock.hotplug $(1)/etc/hotplug.d/iface/99-adblock + + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/adblock.init $(1)/etc/init.d/adblock + + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./files/adblock.conf $(1)/etc/config/adblock + + $(INSTALL_DIR) $(1)/etc/adblock + $(INSTALL_CONF) ./files/adblock.conf $(1)/etc/adblock/adblock.conf.default + $(INSTALL_CONF) ./files/adblock.blacklist $(1)/etc/adblock/ + $(INSTALL_CONF) ./files/adblock.whitelist $(1)/etc/adblock/ + + $(INSTALL_DIR) $(1)/www/adblock + $(INSTALL_DATA) ./files/www/adblock/* $(1)/www/adblock/ +endef + +$(eval $(call BuildPackage,$(PKG_NAME))) diff --git a/net/adblock/files/README.md b/net/adblock/files/README.md new file mode 100644 index 0000000000..3c90e1ca5e --- /dev/null +++ b/net/adblock/files/README.md @@ -0,0 +1,114 @@ +# adblock script for openwrt + +## Description +A lot of people already use adblocker plugins within their desktop browsers, but what if you are using your (smart) phone, tablet, watch or any other wlan gadget...getting rid of annoying ads, trackers and other abuse sites (like facebook ;-) is simple: block them with your router. When the dns server on your router receives dns requests, you will sort out queries that ask for the resource records of ad servers and return the local ip address of your router and the internal web server delivers a transparent pixel instead. + +## Main Features +* support of the following domain blocklist sources (free for private usage, for commercial use please check their individual licenses): + * [adaway](https://adaway.org) + * => infrequent updates, approx. 400 entries (enabled by default) + * [disconnect](https://disconnect.me) + * => numerous updates on the same day, approx. 6.500 entries (enabled by default) + * [dshield](http://dshield.org) + * => daily updates, approx. 4.500 entries + * [feodotracker](https://feodotracker.abuse.ch) + * => daily updates, approx. 0-10 entries + * [malwaredomains](http://malwaredomains.com) + * => daily updates, approx. 16.000 entries + * [malwaredomainlist](http://www.malwaredomainlist.com) + * => daily updates, approx. 1.500 entries + * [openphish](https://openphish.com) + * => numerous updates on the same day, approx. 1.800 entries + * [palevotracker](https://palevotracker.abuse.ch) + * => daily updates, approx. 15 entries + * [ruadlist/easylist](https://code.google.com/p/ruadlist) + * => weekly updates, approx. 2.000 entries + * [shallalist](http://www.shallalist.de) (categories "adv" "costtraps" "spyware" "tracker" "warez" enabled by default) + * => daily updates, approx. 32.000 entries (a short description of all shallalist categories can be found [online](http://www.shallalist.de/categories.html)) + * [spam404](http://www.spam404.com) + * => infrequent updates, approx. 5.000 entries + * [sysctl/cameleon](http://sysctl.org/cameleon) + * => weekly updates, approx. 21.000 entries + * [whocares](http://someonewhocares.org) + * => weekly updates, approx. 12.000 entries + * [winhelp](http://winhelp2002.mvps.org) + * => infrequent updates, approx. 15.000 entries + * [yoyo](http://pgl.yoyo.org/adservers) + * => weekly updates, approx. 2.500 entries (enabled by default) + * [zeustracker](https://zeustracker.abuse.ch) + * => daily updates, approx. 440 entries +* zero-conf like automatic installation & setup, usually no manual changes needed (i.e. ip address, network devices etc.) +* full IPv4 and IPv6 support +* each blocklist source will be updated and processed separately +* timestamp check to download and process only updated adblock list sources +* overall duplicate removal in separate adblock lists (will be automatically disabled on low memory systems) +* adblock source list parsing by fast & flexible regex rulesets +* additional white- and blacklist support for manual overrides +* quality checks during & after update of adblock lists to ensure a reliable dnsmasq service +* basic adblock statistics via iptables packet counters for each chain +* status & error logging to stdout and syslog +* use a dynamic uhttpd instance as an adblock pixel server +* use dynamic iptables rulesets for adblock related redirects/rejects +* openwrt init system support (start/stop/restart/reload) +* hotplug support, the adblock start will be triggered by wan 'ifup' event +* optional: adblock list backup/restore (disabled by default) + +## Prerequisites +* [openwrt](https://openwrt.org), tested with latest stable release (Chaos Calmer 15.05) and with current trunk (Designated Driver > r47025) +* usual openwrt setup with 'iptables' & 'uhttpd', additional required software packages: + * wget + * optional: 'kmod-ipt-nat6' for IPv6 support +* the above dependencies and requirements will be checked during package installation & script runtime + +## Designated Driver Installation & Usage +* install the adblock package (*opkg install adblock*) +* start the adblock service with */etc/init.d/adblock start* and check *logread -e "adblock"* for adblock related information +* optional: enable/disable your required adblock list sources in */etc/config/adblock* - 'adaway', 'disconnect' and 'yoyo' are enabled by default +* optional: maintain the adblock service in luci under 'System => Startup' + +## LuCI adblock companion package +For easy management of the various blocklist sources and and the adblock options there is also a nice & efficient LuCI frontend available. +Please install the package 'luci-app-adblock' (*opkg install luci-app-adblock*). Then you will find the application in LuCI located under 'Services' menu. +Thanks to Hannu Nyman for this great adblock LuCI frontend! + +## Chaos Calmer installation notes +* currently the adblock package is *not* part of the CC package repository +* download the latest adblock package *adblock_x.xx.x-1_all.ipk* from a development snapshot [package directory](https://downloads.openwrt.org/snapshots/trunk/ar71xx/nand/packages/packages) +* due to server hardware troubles the package directory link above may not work, if so please check the [main openwrt download area](https://downloads.openwrt.org) manually +* manual transfer the package to your router and install the opkg package as usual + +## Tweaks +* there is no need to enable all blacklist sites at once, for normal use one to three adblock list sources should be sufficient +* if you really need to handle all blacklists at once add an usb stick or any other storage device to enlarge your temp directory with a swap partition => see [openwrt wiki](https://wiki.openwrt.org/doc/uci/fstab) for further details +* add personal domain white- or blacklist entries as an additional blocklist source, one domain per line (wildcards & regex are not allowed!), by default both empty lists are located in */etc/adblock* +* enable the backup/restore feature, to restore automatically the latest stable backup of your adblock lists in case of any (partial) processing error (i.e. a single blocklist source server is down). Please use an (external) solid partition and *not* your volatile router temp directory for this +* for a scheduled call of the adblock service via */etc/init.d/adblock start* add an appropriate crontab entry +* in case of any script runtime errors, you should enable script debugging: for this please change the value of the main 'DEBUG' switch, you'll find it in the header of */usr/bin/adblock-update.sh* + +## Further adblock config options +* usually the adblock autodetection works quite well and no manual config overrides are needed, all options apply to 'global' adblock config section: + * adb\_enabled => main switch to enable/disable adblock service (default: '1', enabled) + * adb\_cfgver => config version string (do not change!) - adblock checks this entry and automatically applies the current config, if none or an older revision was found. + * adb\_wanif => name of the logical wan interface (default: 'wan') + * adb\_lanif => name of the logical lan interface (default: 'lan') + * adb\_port => port of the adblock uhttpd instance (default: '65535') + * adb\_nullipv4 => IPv4 blackhole ip address (default: '192.0.2.1') + * adb\_nullipv6 => IPv6 blackhole ip address (default: '::ffff:c000:0201') + * adb\_forcedns => redirect all DNS queries to local dnsmasq resolver (default: '1', enabled) + +## Background +This adblock package is a dns/dnsmasq based adblock solution for openwrt. +Queries to ad/abuse domains are never forwarded and always replied with a local IP address which may be IPv4 or IPv6. +For that purpose adblock uses an ip address from the private 'TEST-NET-1' subnet (192.0.2.1 / ::ffff:c000:0201) by default. +Furthermore all ad/abuse queries will be filtered by ip(6)tables and redirected to internal adblock pixel server (in PREROUTING chain) or rejected (in FORWARD or OUTPUT chain). +All iptables and uhttpd related adblock additions are non-destructive, no hard-coded changes in 'firewall.user', 'uhttpd' config or any other openwrt related config files. There is *no* adblock background daemon running, the (scheduled) start of the adblock service keeps only the adblock lists up-to-date. + +## Support +Please join the adblock discussion in this [openwrt forum thread](https://forum.openwrt.org/viewtopic.php?id=59803) or contact me by mail + +## Removal +* stop all adblock related services with */etc/init.d/adblock stop* +* optional: remove the adblock package (*opkg remove adblock*) + +Have fun! +Dirk diff --git a/net/adblock/files/adblock-helper.sh b/net/adblock/files/adblock-helper.sh new file mode 100644 index 0000000000..5bcb81ad87 --- /dev/null +++ b/net/adblock/files/adblock-helper.sh @@ -0,0 +1,639 @@ +#!/bin/sh +# function library used by adblock-update.sh +# written by Dirk Brenken (openwrt@brenken.org) + +##################################### +# f_envload: load adblock environment +# +f_envload() +{ + local cfg_version + + # get version string from default adblock configuration file + # + cfg_version="$(/sbin/uci -q get adblock.global.adb_cfgver)" + cfg_enabled="$(/sbin/uci -q get adblock.global.adb_enabled)" + rc=$? + if [ $((rc)) -ne 0 ] || [ "${cfg_version}" != "${adb_scriptver%.*}" ] + then + cp -pf "/etc/adblock/adblock.conf.default" "/etc/config/adblock" + rc=$? + if [ $((rc)) -eq 0 ] + then + f_log "new default adblock configuration applied, please check your settings in '/etc/config/adblock'" + else + f_log "original adblock configuration not found, please (re-)install the adblock package via 'opkg install adblock --force-maintainer'" "${rc}" + f_exit + fi + elif [ $((rc)) -eq 0 ] && [ $((cfg_enabled)) -ne 1 ] + then + rc=-1 + f_log "adblock is currently disabled, please run 'uci set adblock.global.adb_enabled=1' and 'uci commit adblock' to enable this service" + f_exit + fi + + # source in openwrt function library + # + if [ -r "/lib/functions.sh" ] + then + . "/lib/functions.sh" + else + rc=110 + f_log "openwrt function library not found" "${rc}" + f_exit + fi + + # source in openwrt network library + # + if [ -r "/lib/functions/network.sh" ] + then + . "/lib/functions/network.sh" + else + rc=115 + f_log "openwrt network library not found" "${rc}" + f_exit + fi + + # check opkg availability and get list with all installed openwrt packages + # + if [ -r "/var/lock/opkg.lock" ] + then + rc=-1 + f_log "adblock installation finished, 'opkg' currently locked by package installer" + f_exit + fi + pkg_list="$(opkg list-installed)" + if [ -z "${pkg_list}" ] + then + rc=120 + f_log "empty openwrt package list" "${rc}" + f_exit + fi +} + +###################################################### +# f_envparse: parse adblock config and set environment +# +f_envparse() +{ + # set initial defaults, + # may be overwritten by setting appropriate adblock config options in global section of /etc/config/adblock + # + adb_wanif="wan" + adb_lanif="lan" + adb_port="65535" + adb_nullipv4="192.0.2.1" + adb_nullipv6="::ffff:c000:0201" + adb_blacklist="/etc/adblock/adblock.blacklist" + adb_whitelist="/etc/adblock/adblock.whitelist" + adb_forcedns=1 + + # function to read global options by callback + # + config_cb() + { + local type="${1}" + local name="${2}" + if [ "${type}" = "adblock" ] + then + option_cb() + { + local option="${1}" + local value="${2}" + eval "${option}=\"${value}\"" + } + else + reset_cb + fi + } + + # function to iterate through config list, read only options in "enabled" sections + # + adb_cfglist="adb_backupdir adb_src" + unset adb_sources + parse_config() + { + local config="${1}" + config_get switch "${config}" "enabled" + if [ "${switch}" = "1" ] + then + for option in ${adb_cfglist} + do + config_get value "${config}" "${option}" + if [ -n "${value}" ] + then + if [ "${option}" = "adb_src" ] + then + if [ "${config}" = "shalla" ] + then + categories() + { + local cat="${1}" + adb_cat_shalla="${adb_cat_shalla} ${cat}" + } + eval "adb_arc_shalla=\"${value}\"" + config_list_foreach "shalla" "adb_catlist" "categories" + else + adb_sources="${adb_sources} ${value}" + fi + else + eval "${option}=\"${value}\"" + fi + fi + done + fi + } + + # load adblock config and start parsing functions + # + config_load adblock + config_foreach parse_config service + config_foreach parse_config source + + # set more script defaults (can't be overwritten by adblock config options) + # + adb_count=0 + adb_minspace=12000 + adb_tmpfile="$(mktemp -tu)" + adb_tmpdir="$(mktemp -p /tmp -d)" + adb_dnsdir="/tmp/dnsmasq.d" + adb_dnsprefix="adb_list" + adb_prechain_ipv4="prerouting_rule" + adb_fwdchain_ipv4="forwarding_rule" + adb_outchain_ipv4="output_rule" + adb_prechain_ipv6="PREROUTING" + adb_fwdchain_ipv6="forwarding_rule" + adb_outchain_ipv6="output_rule" + adb_fetch="/usr/bin/wget" + unset adb_srclist adb_revsrclist adb_errsrclist + + # set adblock source ruleset definitions + # + rset_core="([A-Za-z0-9_-]+\.){1,}[A-Za-z]+" + rset_adaway="awk '\$0 ~/^127\.0\.0\.1[ \t]+${rset_core}/{print tolower(\$2)}'" + rset_blacklist="awk '\$1 ~/^${rset_core}/{print tolower(\$1)}'" + rset_disconnect="awk '\$1 ~/^${rset_core}/{print tolower(\$1)}'" + rset_dshield="awk '\$1 ~/^${rset_core}/{print tolower(\$1)}'" + rset_feodo="awk '\$1 ~/^${rset_core}/{print tolower(\$1)}'" + rset_malware="awk '\$1 ~/^${rset_core}/{print tolower(\$1)}'" + rset_malwarelist="awk '\$0 ~/^127\.0\.0\.1[ \t]+${rset_core}/{print tolower(\$2)}'" + rset_openphish="awk -F '/' '\$3 ~/^${rset_core}/{print tolower(\$3)}'" + rset_palevo="awk '\$1 ~/^${rset_core}/{print tolower(\$1)}'" + rset_ruadlist="awk -F '[|^]' '\$0 ~/^\|\|${rset_core}\^$/{print tolower(\$3)}'" + rset_shalla="awk -F '/' '\$1 ~/^${rset_core}/{print tolower(\$1)}'" + rset_spam404="awk '\$1 ~/^${rset_core}/{print tolower(\$1)}'" + rset_sysctl="awk '\$0 ~/^127\.0\.0\.1[ \t]+${rset_core}/{print tolower(\$2)}'" + rset_whocares="awk '\$0 ~/^127\.0\.0\.1[ \t]+${rset_core}/{print tolower(\$2)}'" + rset_winhelp="awk '\$0 ~/^0\.0\.0\.0[ \t]+${rset_core}/{print tolower(\$2)}'" + rset_yoyo="awk '\$1 ~/^${rset_core}/{print tolower(\$1)}'" + rset_zeus="awk '\$1 ~/^${rset_core}/{print tolower(\$1)}'" + + # get logical wan update interfaces (with default route) and their device names + # + network_find_wan adb_wanif4 + network_find_wan6 adb_wanif6 + if [ -z "${adb_wanif4}" ] && [ -z "${adb_wanif6}" ] + then + rc=125 + f_log "no valid IPv4/IPv6 wan update interface found" "${rc}" + f_exit + elif [ "${adb_wanif4}" = "${adb_lanif}" ] || [ "${adb_wanif6}" = "${adb_lanif}" ] + then + rc=125 + f_log "LAN only (${adb_lanif}) network, no valid IPv4/IPv6 wan update interface found" "${rc}" + f_exit + else + network_get_device adb_wandev4 "${adb_wanif4}" + network_get_device adb_wandev6 "${adb_wanif6}" + break + fi + + # get lan ip addresses + # + network_get_ipaddr adb_ipv4 "${adb_lanif}" + network_get_ipaddr6 adb_ipv6 "${adb_lanif}" + if [ -z "${adb_ipv4}" ] && [ -z "${adb_ipv6}" ] + then + rc=130 + f_log "no valid IPv4/IPv6 configuration for given logical LAN interface found (${adb_lanif}), please set 'adb_lanif' manually" "${rc}" + f_exit + fi +} + +################################################# +# f_envcheck: check/set environment prerequisites +# +f_envcheck() +{ + local check + + # check general package dependencies + # + f_depend "uhttpd" + f_depend "wget" + f_depend "iptables" + f_depend "kmod-ipt-nat" + + # check ipv6 related package dependencies + # + if [ -n "${adb_wanif6}" ] + then + check="$(printf "${pkg_list}" | grep "^ip6tables -")" + if [ -z "${check}" ] + then + f_log "package 'ip6tables' not found, IPv6 support will be disabled" + unset adb_wanif6 + else + check="$(printf "${pkg_list}" | grep "^kmod-ipt-nat6 -")" + if [ -z "${check}" ] + then + f_log "package 'kmod-ipt-nat6' not found, IPv6 support will be disabled" + unset adb_wanif6 + fi + fi + fi + + # check ca-certificates package and set wget parms accordingly + # + wget_parm="--no-config --quiet --tries=1 --no-cache --no-cookies --max-redirect=0 --dns-timeout=5 --connect-timeout=5 --read-timeout=5" + check="$(printf "${pkg_list}" | grep "^ca-certificates -")" + if [ -z "${check}" ] + then + wget_parm="${wget_parm} --no-check-certificate" + fi + + # check adblock blacklist/whitelist configuration + # + if [ ! -r "${adb_blacklist}" ] + then + f_log "adblock blacklist not found, source will be disabled" + fi + if [ ! -r "${adb_whitelist}" ] + then + f_log "adblock whitelist not found, source will be disabled" + fi + + # check adblock temp directory + # + if [ -n "${adb_tmpdir}" ] && [ -d "${adb_tmpdir}" ] + then + f_space "${adb_tmpdir}" + if [ "${space_ok}" = "false" ] + then + if [ $((av_space)) -le 2000 ] + then + rc=135 + f_log "not enough free space in '${adb_tmpdir}' (avail. ${av_space} kb)" "${rc}" + f_exit + else + f_log "not enough free space to handle all adblock list sources at once in '${adb_tmpdir}' (avail. ${av_space} kb)" + fi + fi + else + rc=135 + f_log "temp directory not found" "${rc}" + f_exit + fi + + # memory check + # + mem_total="$(awk '$1 ~ /^MemTotal/ {printf $2}' "/proc/meminfo")" + mem_free="$(awk '$1 ~ /^MemFree/ {printf $2}' "/proc/meminfo")" + mem_swap="$(awk '$1 ~ /^SwapTotal/ {printf $2}' "/proc/meminfo")" + if [ $((mem_total)) -le 64000 ] && [ $((mem_swap)) -eq 0 ] + then + mem_ok="false" + f_log "not enough free memory, overall sort processing will be disabled (total: ${mem_total}, free: ${mem_free}, swap: ${mem_swap})" + fi + + # check backup configuration + # + if [ -n "${adb_backupdir}" ] && [ -d "${adb_backupdir}" ] + then + f_space "${adb_backupdir}" + if [ "${space_ok}" = "false" ] + then + f_log "not enough free space in '${adb_backupdir}'(avail. ${av_space} kb), backup/restore will be disabled" + backup_ok="false" + else + f_log "backup/restore will be enabled" + backup_ok="true" + fi + else + backup_ok="false" + f_log "backup/restore will be disabled" + fi + + # check ipv4/iptables configuration + # + if [ -n "${adb_wanif4}" ] && [ -n "${adb_wandev4}" ] + then + f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-prerouting" "! -i ${adb_wandev4} -p tcp -d ${adb_nullipv4} -m multiport --dports 80,443 -j REDIRECT --to-ports ${adb_port}" + f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adb-forward" "! -i ${adb_wandev4} -d ${adb_nullipv4} -j REJECT --reject-with icmp-host-unreachable" + f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adb-output" "! -i ${adb_wandev4} -d ${adb_nullipv4} -j REJECT --reject-with icmp-host-unreachable" + if [ $((adb_forcedns)) -eq 1 ] + then + f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-dns" "! -i ${adb_wandev4} -p udp --dport 53 -j REDIRECT" + f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-dns" "! -i ${adb_wandev4} -p tcp --dport 53 -j REDIRECT" + fi + if [ "${fw_done}" = "true" ] + then + f_log "created volatile IPv4 firewall ruleset" + fw_done="false" + fi + fi + + # check ipv6/ip6tables configuration + # + if [ -n "${adb_wanif6}" ] && [ -n "${adb_wandev6}" ] + then + f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-prerouting" "! -i ${adb_wandev6} -p tcp -d ${adb_nullipv6} -m multiport --dports 80,443 -j REDIRECT --to-ports ${adb_port}" + f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adb-forward" "! -i ${adb_wandev6} -d ${adb_nullipv6} -j REJECT --reject-with icmp6-addr-unreachable" + f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adb-output" "! -i ${adb_wandev6} -d ${adb_nullipv6} -j REJECT --reject-with icmp6-addr-unreachable" + if [ $((adb_forcedns)) -eq 1 ] + then + f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-dns" "! -i ${adb_wandev6} -p udp --dport 53 -j REDIRECT" + f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-dns" "! -i ${adb_wandev6} -p tcp --dport 53 -j REDIRECT" + fi + if [ "${fw_done}" = "true" ] + then + f_log "created volatile IPv6 firewall ruleset" + fw_done="false" + fi + fi + + # check volatile adblock uhttpd instance configuration + # + rc="$(ps | grep -q "[u]httpd.*\-h /www/adblock"; printf ${?})" + if [ $((rc)) -ne 0 ] + then + if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ] + then + uhttpd -h "/www/adblock" -k 5 -N 200 -t 0 -T 1 -D -S -E "/index.html" -p "${adb_ipv4}:${adb_port}" -p "[${adb_ipv6}]:${adb_port}" + rc=${?} + elif [ -n "${adb_wanif4}" ] + then + uhttpd -h "/www/adblock" -k 5 -N 200 -t 0 -T 1 -D -S -E "/index.html" -p "${adb_ipv4}:${adb_port}" + rc=${?} + elif [ -n "${adb_wanif6}" ] + then + uhttpd -h "/www/adblock" -k 5 -N 200 -t 0 -T 1 -D -S -E "/index.html" -p "[${adb_ipv6}]:${adb_port}" + rc=${?} + fi + if [ $((rc)) -eq 0 ] + then + f_log "created volatile uhttpd instance" + else + f_log "failed to initialize volatile uhttpd instance" "${rc}" + f_restore + fi + fi + + # set dnsmasq defaults + # + if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ] + then + adb_dnsformat="awk -v ipv4="${adb_nullipv4}" -v ipv6="${adb_nullipv6}" '{print \"address=/\"\$0\"/\"ipv4\"\n\"\"address=/\"\$0\"/\"ipv6}'" + elif [ -n "${adb_wanif4}" ] + then + adb_dnsformat="awk -v ipv4="${adb_nullipv4}" '{print \"address=/\"\$0\"/\"ipv4}'" + elif [ -n "${adb_wanif6}" ] + then + adb_dnsformat="awk -v ipv6="${adb_nullipv6}" '{print \"address=/\"\$0\"/\"ipv6}'" + fi + + # remove no longer used opkg package list + # + unset pkg_list +} + +###################################### +# f_depend: check package dependencies +# +f_depend() +{ + local check + local package="${1}" + + check="$(printf "${pkg_list}" | grep "^${package} -")" + if [ -z "${check}" ] + then + rc=140 + f_log "package '${package}' not found" "${rc}" + f_exit + fi +} + +############################################## +# f_firewall: set iptables rules for ipv4/ipv6 +# +f_firewall() +{ + local ipt + local iptv4="/usr/sbin/iptables" + local iptv6="/usr/sbin/ip6tables" + local proto="${1}" + local table="${2}" + local ctype="${3}" + local chain="${4}" + local notes="${5}" + local rules="${6}" + + # select appropriate iptables executable + # + if [ "${proto}" = "IPv4" ] + then + ipt="${iptv4}" + else + ipt="${iptv6}" + fi + + # check whether iptables rule already applied and proceed accordingly + # + rc="$("${ipt}" -w -t "${table}" -C "${chain}" -m comment --comment "${notes}" ${rules}; printf ${?})" + if [ $((rc)) -ne 0 ] + then + "${ipt}" -w -t "${table}" -"${ctype}" "${chain}" -m comment --comment "${notes}" ${rules} + rc=${?} + if [ $((rc)) -eq 0 ] + then + fw_done="true" + else + f_log "failed to initialize volatile ${proto} firewall rule '${notes}'" "${rc}" + f_restore + fi + fi +} + +########################################## +# f_log: log messages to stdout and syslog +# +f_log() +{ + local log_parm + local log_msg="${1}" + local log_rc="${2}" + local class="info " + + # check for terminal session + # + if [ -t 1 ] + then + log_parm="-s" + fi + + # log to different output devices and set log class accordingly + # + if [ -n "${log_msg}" ] + then + if [ $((log_rc)) -gt 0 ] + then + class="error" + log_rc=", rc: ${log_rc}" + log_msg="${log_msg}${log_rc}" + fi + /usr/bin/logger ${log_parm} -t "adblock[${adb_pid}] ${class}" "${log_msg}" 2>&1 + fi +} + +################################################ +# f_space: check mount points/space requirements +# +f_space() +{ + local mp="${1}" + + # check relevant mount points in a subshell + # + if [ -d "${mp}" ] + then + av_space="$(df "${mp}" | tail -n1 | awk '{printf $4}')" + if [ $((av_space)) -lt $((adb_minspace)) ] + then + space_ok="false" + fi + fi +} + +################################################################## +# f_restore: restore last adblock list backups and restart dnsmasq +# +f_restore() +{ + local rm_done + local restore_done + + # remove bogus adblock lists + # + if [ -n "${adb_revsrclist}" ] + then + rm_done="$(find "${adb_dnsdir}" -maxdepth 1 -type f \( ${adb_revsrclist} \) -print -exec rm -f "{}" \;)" + rc=${?} + if [ $((rc)) -eq 0 ] && [ -n "${rm_done}" ] + then + f_log "all bogus adblock lists removed" + elif [ $((rc)) -ne 0 ] + then + f_log "error during removal of bogus adblock lists" "${rc}" + f_exit + fi + fi + + # restore backups + # + if [ "${backup_ok}" = "true" ] && [ "$(printf "${adb_backupdir}/${adb_dnsprefix}."*)" != "${adb_backupdir}/${adb_dnsprefix}.*" ] + then + restore_done="$(find "${adb_backupdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" -print -exec cp -pf "{}" "${adb_dnsdir}" \;)" + rc=${?} + if [ $((rc)) -eq 0 ] && [ -n "${restore_done}" ] + then + f_log "all available backups restored" + elif [ $((rc)) -ne 0 ] + then + f_log "error during restore of adblock lists" "${rc}" + f_exit + fi + else + f_log "no backups found, nothing to restore" + fi + + # (re-)try dnsmasq restart without bogus adblock lists / with backups + # + if [ -n "${restore_done}" ] || [ -n "${rm_done}" ] + then + /etc/init.d/dnsmasq restart + sleep 1 + rc="$(ps | grep -q "[d]nsmasq"; printf ${?})" + if [ $((rc)) -eq 0 ] + then + rc=0 + adb_count="$(head -qn -3 "${adb_dnsdir}/${adb_dnsprefix}."* | wc -l)" + if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ] + then + adb_count="$((adb_count / 2))" + fi + f_log "adblock lists with overall ${adb_count} domains loaded" + else + rc=145 + f_log "dnsmasq restart failed, please check 'logread' output" "${rc}" + fi + fi + f_exit +} + +################################### +# f_exit: delete (temporary) files, +# generate statistics and exit +# +f_exit() +{ + local ipv4_prerouting=0 + local ipv4_forward=0 + local ipv4_output=0 + local ipv6_prerouting=0 + local ipv6_forward=0 + local ipv6_output=0 + local iptv4="/usr/sbin/iptables" + local iptv6="/usr/sbin/ip6tables" + + # delete temporary files & directories + # + if [ -f "${adb_tmpfile}" ] + then + rm -f "${adb_tmpfile}" + fi + if [ -d "${adb_tmpdir}" ] + then + rm -rf "${adb_tmpdir}" + fi + + # final log message and iptables statistics + # + if [ $((rc)) -eq 0 ] + then + if [ -n "${adb_wanif4}" ] + then + ipv4_prerouting="$(${iptv4} -t nat -vnL | awk '$11 ~ /^adb-prerouting$/ {sum += $1} END {printf sum}')" + ipv4_forward="$(${iptv4} -vnL | awk '$11 ~ /^adb-forward$/ {sum += $1} END {printf sum}')" + ipv4_output="$(${iptv4} -vnL | awk '$11 ~ /^adb-output$/ {sum += $1} END {printf sum}')" + fi + if [ -n "${adb_wanif6}" ] + then + ipv6_prerouting="$(${iptv6} -t nat -vnL | awk '$10 ~ /^adb-prerouting$/ {sum += $1} END {printf sum}')" + ipv6_forward="$(${iptv6} -vnL | awk '$10 ~ /^adb-forward$/ {sum += $1} END {printf sum}')" + ipv6_output="$(${iptv6} -vnL | awk '$10 ~ /^adb-output$/ {sum += $1} END {printf sum}')" + fi + f_log "adblock firewall statistics (IPv4/IPv6):" + f_log "${ipv4_prerouting}/${ipv6_prerouting} packets redirected in PREROUTING chain" + f_log "${ipv4_forward}/${ipv6_forward} packets rejected in FORWARD chain" + f_log "${ipv4_output}/${ipv6_output} packets rejected in OUTPUT chain" + f_log "domain adblock processing finished successfully (${adb_scriptver}, ${openwrt_version}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))" + elif [ $((rc)) -gt 0 ] + then + f_log "domain adblock processing failed (${adb_scriptver}, ${openwrt_version}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))" + else + rc=0 + fi + rm -f "${adb_pidfile}" + exit ${rc} +} diff --git a/net/adblock/files/adblock-update.sh b/net/adblock/files/adblock-update.sh new file mode 100755 index 0000000000..71878e87b8 --- /dev/null +++ b/net/adblock/files/adblock-update.sh @@ -0,0 +1,434 @@ +#!/bin/sh +# ad/abuse domain blocking script for dnsmasq/openwrt +# written by Dirk Brenken (openwrt@brenken.org) + +# This is free software, licensed under the GNU General Public License v3. +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# set the C locale +# +LC_ALL=C + +# script debug switch (disabled by default) +# set 'DEBUG=1' to enable script debugging +# +DEBUG=0 +if [ $((DEBUG)) -eq 0 ] +then + exec 2>/dev/null +fi + +# pid handling +# +adb_pid="${$}" +adb_pidfile="/var/run/adblock.pid" + +if [ -r "${adb_pidfile}" ] +then + rc=255 + /usr/bin/logger -s -t "adblock[${adb_pid}] error" "adblock service already running ($(cat ${adb_pidfile}))" + exit ${rc} +else + printf "${adb_pid}" > "${adb_pidfile}" +fi + +# get current directory, script- and openwrt version +# +adb_scriptdir="${0%/*}" +adb_scriptver="1.0.0" +openwrt_version="$(cat /etc/openwrt_version)" + +# source in adblock function library +# +if [ -r "${adb_scriptdir}/adblock-helper.sh" ] +then + . "${adb_scriptdir}/adblock-helper.sh" +else + rc=254 + /usr/bin/logger -s -t "adblock[${adb_pid}] error" "adblock function library not found" + rm -f "${adb_pidfile}" + exit ${rc} +fi + +# call trap function on error signals (HUP, INT, QUIT, BUS, SEGV, TERM) +# +trap "rc=250; f_log 'error signal received/trapped' '${rc}'; f_exit" 1 2 3 10 11 15 + +# load environment +# +f_envload + +# start logging +# +f_log "domain adblock processing started (${adb_scriptver}, ${openwrt_version}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))" + +# parse environment +# +f_envparse + +# check environment +# +f_envcheck + +# start shallalist (pre-)processing +# +if [ -n "${adb_arc_shalla}" ] +then + # start shallalist processing + # + shalla_archive="${adb_tmpdir}/shallalist.tar.gz" + shalla_file="${adb_tmpdir}/shallalist.txt" + src_name="shalla" + adb_dnsfile="${adb_dnsdir}/${adb_dnsprefix}.${src_name}" + if [ -r "${adb_dnsfile}" ] + then + list_time="$(awk '$0 ~ /^# last modified/ {printf substr($0,18)}' "${adb_dnsfile}")" + fi + f_log "=> (pre-)processing adblock source '${src_name}'" + + # only process shallalist archive with updated timestamp, + # extract and merge only domains of selected shallalist categories + # + shalla_time="$(${adb_fetch} ${wget_parm} --server-response --spider "${adb_arc_shalla}" 2>&1 | awk '$0 ~ /Last-Modified/ {printf substr($0,18)}')" + if [ -z "${shalla_time}" ] + then + shalla_time="$(date)" + f_log " no online timestamp received, current date will be used" + fi + if [ -z "${list_time}" ] || [ "${list_time}" != "${shalla_time}" ] + then + ${adb_fetch} ${wget_parm} --output-document="${shalla_archive}" "${adb_arc_shalla}" + rc=${?} + if [ $((rc)) -eq 0 ] + then + > "${shalla_file}" + for category in ${adb_cat_shalla} + do + tar -xOzf "${shalla_archive}" BL/${category}/domains >> "${shalla_file}" + rc=${?} + if [ $((rc)) -ne 0 ] + then + f_log " archive extraction failed (${category})" + break + fi + done + + # remove temporary files + # + rm -f "${shalla_archive}" + rm -rf "${adb_tmpdir}/BL" + if [ $((rc)) -eq 0 ] + then + adb_sources="${adb_sources} ${shalla_file}&ruleset=rset_shalla" + f_log " source archive (pre-)processing finished" + else + rc=0 + fi + else + rc=0 + adb_errsrclist="-name ${adb_dnsprefix}.${src_name}" + f_log " source archive download failed" + fi + else + adb_srclist="! -name ${adb_dnsprefix}.${src_name}" + f_log " source archive doesn't change, no update required" + fi +fi + +# add blacklist source to active adblock domain sources +# +if [ -s "${adb_blacklist}" ] +then + adb_sources="${adb_sources} ${adb_blacklist}&ruleset=rset_blacklist" +fi + +# loop through active adblock domain sources, +# download sources, prepare output and store all extracted domains in temp file +# +for src in ${adb_sources} +do + url="${src/\&ruleset=*/}" + src_name="${src/*\&ruleset=rset_/}" + adb_dnsfile="${adb_dnsdir}/${adb_dnsprefix}.${src_name}" + if [ -r "${adb_dnsfile}" ] + then + list_time="$(awk '$0 ~ /^# last modified/ {printf substr($0,18)}' "${adb_dnsfile}")" + fi + f_log "=> processing adblock source '${src_name}'" + + # prepare find statement with active adblock list sources + # + if [ -z "${adb_srclist}" ] + then + adb_srclist="! -name ${adb_dnsprefix}.${src_name}" + else + adb_srclist="${adb_srclist} -a ! -name ${adb_dnsprefix}.${src_name}" + fi + + # only download adblock list with newer/updated timestamp + # + if [ "${src_name}" = "blacklist" ] + then + url_time="$(date -r "${adb_blacklist}")" + elif [ "${src_name}" = "shalla" ] + then + url_time="${shalla_time}" + else + url_time="$(${adb_fetch} ${wget_parm} --server-response --spider "${url}" 2>&1 | awk '$0 ~ /Last-Modified/ {printf substr($0,18)}')" + fi + if [ -z "${url_time}" ] + then + url_time="$(date)" + f_log " no online timestamp received, current date will be used" + fi + if [ -z "${list_time}" ] || [ "${list_time}" != "${url_time}" ] + then + if [ "${src_name}" = "blacklist" ] + then + tmp_domains="$(cat "${adb_blacklist}")" + rc=${?} + elif [ "${src_name}" = "shalla" ] + then + tmp_domains="$(cat "${shalla_file}")" + rc=${?} + else + tmp_domains="$(${adb_fetch} ${wget_parm} --output-document=- "${url}")" + rc=${?} + fi + else + f_log " source doesn't change, no update required" + continue + fi + + # check download result and prepare domain output by regex patterns + # + if [ $((rc)) -eq 0 ] && [ -n "${tmp_domains}" ] + then + eval "src_rset=\${rset_${src_name}}" + count="$(printf "%s\n" "${tmp_domains}" | eval "${src_rset}" | tee "${adb_tmpfile}" | wc -l)" + f_log " source download finished (${count} entries)" + if [ "${src_name}" = "shalla" ] + then + rm -f "${shalla_file}" + fi + unset tmp_domains + elif [ $((rc)) -eq 0 ] && [ -z "${tmp_domains}" ] + then + f_log " empty source download finished" + continue + else + rc=0 + if [ -z "${adb_errsrclist}" ] + then + adb_errsrclist="-name ${adb_dnsprefix}.${src_name}" + else + adb_errsrclist="${adb_errsrclist} -o -name ${adb_dnsprefix}.${src_name}" + fi + f_log " source download failed" + continue + fi + + # remove whitelist domains, sort domains and make them unique, + # finally rewrite ad/abuse domain information to separate dnsmasq files + # + if [ $((count)) -gt 0 ] && [ -n "${adb_tmpfile}" ] + then + if [ -s "${adb_whitelist}" ] + then + grep -Fvxf "${adb_whitelist}" "${adb_tmpfile}" | sort -u | eval "${adb_dnsformat}" > "${adb_dnsfile}" + rc=${?} + else + sort -u "${adb_tmpfile}" | eval "${adb_dnsformat}" > "${adb_dnsfile}" + rc=${?} + fi + + # prepare find statement with revised adblock list sources + # + if [ -z "${adb_revsrclist}" ] + then + adb_revsrclist="-name ${adb_dnsprefix}.${src_name}" + else + adb_revsrclist="${adb_revsrclist} -o -name ${adb_dnsprefix}.${src_name}" + fi + + # write preliminary footer + # + if [ $((rc)) -eq 0 ] + then + printf "%s\n" "#---------------------------------------------" >> "${adb_dnsfile}" + printf "%s\n" "# last modified: ${url_time}" >> "${adb_dnsfile}" + printf "%s\n" "##" >> "${adb_dnsfile}" + f_log " domain merging finished" + else + f_log " domain merging failed" "${rc}" + f_restore + fi + else + f_log " empty domain input received" + continue + fi +done + +# remove disabled adblock lists and their backups +# +if [ -n "${adb_srclist}" ] +then + rm_done="$(find "${adb_dnsdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" \( ${adb_srclist} \) -print -exec rm -f "{}" \;)" + rc=${?} + if [ $((rc)) -eq 0 ] && [ -n "${rm_done}" ] + then + f_log "disabled adblock lists removed" + if [ "${backup_ok}" = "true" ] + then + rm_done="$(find "${adb_backupdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" \( ${adb_srclist} \) -print -exec rm -f "{}" \;)" + rc=${?} + if [ $((rc)) -eq 0 ] && [ -n "${rm_done}" ] + then + f_log "disabled adblock list backups removed" + elif [ $((rc)) -ne 0 ] + then + f_log "error during removal of disabled adblock list backups" "${rc}" + f_exit + fi + fi + elif [ $((rc)) -ne 0 ] + then + f_log "error during removal of disabled adblock lists" "${rc}" + f_exit + fi +else + rm_done="$(find "${adb_dnsdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" -print -exec rm -f "{}" \;)" + rc=${?} + if [ $((rc)) -eq 0 ] && [ -n "${rm_done}" ] + then + f_log "all adblock lists removed" + if [ "${backup_ok}" = "true" ] + then + rm_done="$(find "${adb_backupdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" -print -exec rm -f "{}" \;)" + rc=${?} + if [ $((rc)) -eq 0 ] && [ -n "${rm_done}" ] + then + f_log "all adblock list backups removed" + elif [ $((rc)) -ne 0 ] + then + f_log "error during removal of all adblock list backups" "${rc}" + f_exit + fi + fi + elif [ $((rc)) -ne 0 ] + then + f_log "error during removal of all adblock lists" "${rc}" + f_exit + fi +fi + +# partial restore of adblock lists in case of download errors +# +if [ "${backup_ok}" = "true" ] && [ -n "${adb_errsrclist}" ] +then + restore_done="$(find "${adb_backupdir}" -maxdepth 1 -type f \( ${adb_errsrclist} \) -print -exec cp -pf "{}" "${adb_dnsdir}" \;)" + rc=${?} + if [ $((rc)) -eq 0 ] && [ -n "${restore_done}" ] + then + f_log "partial restore done" + elif [ $((rc)) -ne 0 ] + then + f_log "error during partial restore" "${rc}" + f_exit + fi +fi + +# make separate adblock lists entries unique +# +if [ "${mem_ok}" != "false" ] +then + if [ -n "${adb_revsrclist}" ] + then + f_log "remove duplicates in separate adblock lists" + + # generate a temporary unique overall list + # + head -qn -3 "${adb_dnsdir}/${adb_dnsprefix}."* | sort -u > "${adb_dnsdir}/tmp.overall" + + # loop through all separate lists, ordered by size (ascending) + # + for list in $(ls -Sr "${adb_dnsdir}/${adb_dnsprefix}."*) + do + # check original separate list vs. temporary overall list, + # rewrite only duplicate entries back to temporary separate list + # + list="${list/*./}" + sort "${adb_dnsdir}/tmp.overall" "${adb_dnsdir}/${adb_dnsprefix}.${list}" | uniq -d > "${adb_dnsdir}/tmp.${list}" + + # rewrite only unique entries back to temporary overall list + # + tmp_unique="$(sort "${adb_dnsdir}/tmp.overall" "${adb_dnsdir}/tmp.${list}" | uniq -u)" + printf "%s\n" "${tmp_unique}" > "${adb_dnsdir}/tmp.overall" + + # write unique result back to original separate list (with list footer) + # + tail -qn 3 "${adb_dnsdir}/$adb_dnsprefix.${list}" >> "${adb_dnsdir}/tmp.${list}" + mv -f "${adb_dnsdir}/tmp.${list}" "${adb_dnsdir}/${adb_dnsprefix}.${list}" + done + rm -f "${adb_dnsdir}/tmp.overall" + fi +fi + +# set separate list count & get overall count +# +for list in $(ls -Sr "${adb_dnsdir}/${adb_dnsprefix}."*) +do + list="${list/*./}" + count="$(head -qn -3 "${adb_dnsdir}/${adb_dnsprefix}.${list}" | wc -l)" + if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ] + then + count=$((count / 2)) + fi + if [ "$(tail -qn 1 "${adb_dnsdir}/${adb_dnsprefix}.${list}")" = "##" ] + then + last_line="# ${0##*/} (${adb_scriptver}) - ${count} ad\/abuse domains blocked" + sed -i "s/^##$/${last_line}/" "${adb_dnsdir}/${adb_dnsprefix}.${list}" + fi + adb_count=$((adb_count + count)) +done + +# restart dnsmasq with newly generated or deleted adblock lists, +# check dnsmasq startup afterwards +# +if [ -n "${adb_revsrclist}" ] || [ -n "${rm_done}" ] || [ -n "${restore_done}" ] +then + /etc/init.d/dnsmasq restart + sleep 1 + rc="$(ps | grep -q "[d]nsmasq"; printf ${?})" + if [ $((rc)) -eq 0 ] + then + f_log "adblock lists with overall ${adb_count} domains loaded" + else + rc=100 + f_log "dnsmasq restart failed, please check 'logread' output" "${rc}" + f_restore + fi +else + f_log "adblock lists with overall ${adb_count} domains are still valid, no dnsmasq restart required" +fi + +# create adblock list backups +# +if [ "${backup_ok}" = "true" ] && [ -n "${adb_revsrclist}" ] && [ "$(printf "${adb_dnsdir}/${adb_dnsprefix}."*)" != "${adb_dnsdir}/${adb_dnsprefix}.*" ] +then + backup_done="$(find "${adb_dnsdir}" -maxdepth 1 -type f \( ${adb_revsrclist} \) -print -exec cp -pf "{}" "${adb_backupdir}" \;)" + rc=${?} + if [ $((rc)) -eq 0 ] && [ -n "${backup_done}" ] + then + f_log "new adblock list backups generated" + elif [ $((rc)) -ne 0 ] + then + f_log "error during backup of adblock lists" "${rc}" + f_exit + fi +fi + +# remove temporary files and exit +# +f_exit diff --git a/net/adblock/files/adblock.blacklist b/net/adblock/files/adblock.blacklist new file mode 100644 index 0000000000..e69de29bb2 diff --git a/net/adblock/files/adblock.conf b/net/adblock/files/adblock.conf new file mode 100644 index 0000000000..cb18787dcc --- /dev/null +++ b/net/adblock/files/adblock.conf @@ -0,0 +1,98 @@ +# adblock configuration, for further information +# see 'https://github.com/openwrt/packages/blob/master/net/adblock/files/README.md' + +config adblock 'global' + option adb_enabled '1' + option adb_cfgver '1.0' + option adb_blacklist '/etc/adblock/adblock.blacklist' + option adb_whitelist '/etc/adblock/adblock.whitelist' + option adb_forcedns '1' + +config service 'backup' + option enabled '0' + option adb_backupdir '/mnt' + +config source 'adaway' + option enabled '1' + option adb_src 'https://adaway.org/hosts.txt&ruleset=rset_adaway' + option adb_srcdesc 'focus on mobile ads, infrequent updates, approx. 400 entries' + +config source 'disconnect' + option enabled '1' + option adb_src 'https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt&ruleset=rset_disconnect' + option adb_srcdesc 'mozilla driven content blocklist, numerous updates on the same day, approx. 6.500 entries' + +config source 'dshield' + option enabled '0' + option adb_src 'http://www.dshield.org/feeds/suspiciousdomains_Low.txt&ruleset=rset_dshield' + option adb_srcdesc 'broad blocklist for suspicious domains, daily updates, approx. 4.500 entries' + +config source 'feodo' + option enabled '0' + option adb_src 'https://feodotracker.abuse.ch/blocklist/?download=domainblocklist&ruleset=rset_feodo' + option adb_srcdesc 'focus on feodo botnet domains, daily updates, approx. 0-10 entries' + +config source 'malware' + option enabled '0' + option adb_src 'https://mirror.cedia.org.ec/malwaredomains/justdomains&ruleset=rset_malware' + option adb_srcdesc 'broad blocklist for malware domains, daily updates, approx. 16.000 entries' + +config source 'malwarelist' + option enabled '0' + option adb_src 'http://www.malwaredomainlist.com/hostslist/hosts.txt&ruleset=rset_malwarelist' + option adb_srcdesc 'generic blocklist for malware domains, daily updates, approx. 1.500 entries' + +config source 'openphish' + option enabled '0' + option adb_src 'https://openphish.com/feed.txt&ruleset=rset_openphish' + option adb_srcdesc 'focus on phishing domains, numerous updates on the same day, approx. 1.800 entries' + +config source 'palevo' + option enabled '0' + option adb_src 'https://palevotracker.abuse.ch/blocklists.php?download=domainblocklist&ruleset=rset_palevo' + option adb_srcdesc 'focus on palevo worm domains, daily updates, approx. 15 entries' + +config source 'ruadlist' + option enabled '0' + option adb_src 'https://easylist-downloads.adblockplus.org/ruadlist+easylist.txt&ruleset=rset_ruadlist' + option adb_srcdesc 'focus on russian ad related domains plus generic easylist additions, weekly updates, approx. 2.000 entries' + +config source 'shalla' + option enabled '0' + option adb_src 'http://www.shallalist.de/Downloads/shallalist.tar.gz' + option adb_srcdesc 'broad blocklist subdivided in different categories (adv, costtraps, spyware, tracker and warez enabled by default), daily updates, approx. 32.000 entries' + list adb_catlist 'adv' + list adb_catlist 'costtraps' + list adb_catlist 'spyware' + list adb_catlist 'tracker' + list adb_catlist 'warez' + +config source 'spam404' + option enabled '0' + option adb_src 'https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt&ruleset=rset_spam404' + option adb_srcdesc 'generic blocklist for suspicious domains, infrequent updates, approx. 5.000 entries' + +config source 'sysctl' + option enabled '0' + option adb_src 'http://sysctl.org/cameleon/hosts&ruleset=rset_sysctl' + option adb_srcdesc 'generic blocklist for ad related domains, weekly updates, approx. 21.000 entries' + +config source 'whocares' + option enabled '0' + option adb_src 'http://someonewhocares.org/hosts/hosts&ruleset=rset_whocares' + option adb_srcdesc 'broad blocklist for suspicious domains, weekly updates, approx. 12.000 entries' + +config source 'winhelp' + option enabled '0' + option adb_src 'http://winhelp2002.mvps.org/hosts.txt&ruleset=rset_winhelp' + option adb_srcdesc 'broad blocklist for suspicious domains, infrequent updates, approx. 15.000 entries' + +config source 'yoyo' + option enabled '1' + option adb_src 'https://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=0&mimetype=plaintext&ruleset=rset_yoyo' + option adb_srcdesc 'focus on ad related domains, weekly updates, approx. 2.500 entries' + +config source 'zeus' + option enabled '0' + option adb_src 'https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist&ruleset=rset_zeus' + option adb_srcdesc 'focus on zeus botnet domains, daily updates, approx. 440 entries' diff --git a/net/adblock/files/adblock.hotplug b/net/adblock/files/adblock.hotplug new file mode 100644 index 0000000000..0aa6196878 --- /dev/null +++ b/net/adblock/files/adblock.hotplug @@ -0,0 +1,21 @@ +#!/bin/sh +# + +adb_pid="${$}" +adb_pidfile="/var/run/adblock.pid" +adb_logger="/usr/bin/logger" + +if [ -f "${adb_pidfile}" ] || [ "${ACTION}" != "ifup" ] +then + exit 0 +fi + +. /lib/functions/network.sh +network_find_wan adb_wanif4 +network_find_wan6 adb_wanif6 + +if [ "${INTERFACE}" = "${adb_wanif4}" ] || [ "${INTERFACE}" = "${adb_wanif6}" ] +then + /etc/init.d/adblock start + "${adb_logger}" -t "adblock[${adb_pid}] info " "adblock service started due to '${ACTION}' of '${INTERFACE}' interface" +fi diff --git a/net/adblock/files/adblock.init b/net/adblock/files/adblock.init new file mode 100755 index 0000000000..47b11dd729 --- /dev/null +++ b/net/adblock/files/adblock.init @@ -0,0 +1,71 @@ +#!/bin/sh /etc/rc.common +# + +START=99 + +exec 2>/dev/null +adb_pid="${$}" +adb_script="/usr/bin/adblock-update.sh" +adb_pidfile="/var/run/adblock.pid" +adb_logger="/usr/bin/logger" + +if [ -t 1 ] +then + log_parm="-s" + unset bg_parm +else + unset log_parm + bg_parm="&" +fi + +if [ -r "${adb_pidfile}" ] +then + "${adb_logger}" ${log_parm} -t "adblock[${adb_pid}] error" "adblock service already running ($(cat ${adb_pidfile})" 2>&1 + exit 255 +fi + +boot() +{ + return 0 +} + +start() +{ + eval "${adb_script}" ${bg_parm} + return 0 +} + +restart() +{ + stop + start +} + +reload() +{ + stop + start +} + +stop() +{ + rm_done="$(find "/tmp/dnsmasq.d" -maxdepth 1 -type f -name "adb_list.*" -print -exec rm -f "{}" \;)" + rc=${?} + if [ $((rc)) -eq 0 ] && [ -n "${rm_done}" ] + then + /etc/init.d/dnsmasq restart + /etc/init.d/firewall restart + fi + + uhttpd_pid="$(ps | grep "[u]httpd.*\-h /www/adblock" | awk '{print $1}')" + if [ -n "${uhttpd_pid}" ] + then + kill -9 "${uhttpd_pid}" + fi + + if [ -n "${rm_done}" ] || [ -n "${uhttpd_pid}" ] + then + "${adb_logger}" ${log_parm} -t "adblock[${adb_pid}] info " "all adblock related services stopped" 2>&1 + fi + return 0 +} diff --git a/net/adblock/files/adblock.whitelist b/net/adblock/files/adblock.whitelist new file mode 100644 index 0000000000..e69de29bb2 diff --git a/net/adblock/files/www/adblock/adblock.png b/net/adblock/files/www/adblock/adblock.png new file mode 100644 index 0000000000000000000000000000000000000000..9da19eacad3b03bb08bbddbbf4ac48dd78b3d838 GIT binary patch literal 68 zcmeAS@N?(olHy`uVBq!ia0vp^j3CUx0wlM}@Gt=>Zci7-kcv6Uzs@r-FtIZ-&5|)J Q1PU{Fy85}Sb4q9e0B4a5jsO4v literal 0 HcmV?d00001 diff --git a/net/adblock/files/www/adblock/index.html b/net/adblock/files/www/adblock/index.html new file mode 100644 index 0000000000..29cdf586e8 --- /dev/null +++ b/net/adblock/files/www/adblock/index.html @@ -0,0 +1,6 @@ + + + + + + -- 2.30.2