From d27b8c82a9895c6cf8fb9185c4e89ccbced4f237 Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Tue, 16 Feb 2016 19:50:38 +0100 Subject: [PATCH] adblock: 0.70.1 * fix root cause for https timeout issues * fix startup issues via luci * detach init start process to fix luci timeout issues * fix html header in adblock pages * fix adblock.conf options to single quotes Signed-off-by: Dirk Brenken --- net/adblock/Makefile | 2 +- net/adblock/files/adblock-helper.sh | 65 +++++---- net/adblock/files/adblock-update.sh | 10 +- net/adblock/files/adblock.conf | 156 ++++++++++----------- net/adblock/files/adblock.init | 13 +- net/adblock/files/www/adblock/adblock.html | 2 +- net/adblock/files/www/adblock/index.html | 2 +- 7 files changed, 130 insertions(+), 120 deletions(-) diff --git a/net/adblock/Makefile b/net/adblock/Makefile index 1b83c2a6fe..b0c8f5e58f 100644 --- a/net/adblock/Makefile +++ b/net/adblock/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adblock -PKG_VERSION:=0.70.0 +PKG_VERSION:=0.70.1 PKG_RELEASE:=1 PKG_LICENSE:=GPL-3.0+ PKG_MAINTAINER:=Dirk Brenken diff --git a/net/adblock/files/adblock-helper.sh b/net/adblock/files/adblock-helper.sh index 14ddede820..578e2fceb2 100644 --- a/net/adblock/files/adblock-helper.sh +++ b/net/adblock/files/adblock-helper.sh @@ -175,6 +175,7 @@ f_envparse() adb_prechain_ipv6="PREROUTING" adb_fwdchain_ipv6="forwarding_rule" adb_outchain_ipv6="output_rule" + adb_fetch="/usr/bin/wget" unset adb_srclist unset adb_revsrclist unset adb_errsrclist @@ -370,36 +371,40 @@ f_envcheck() # check ipv4/iptables configuration # - if [ -n "${adb_wanif4}" ] - then - f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-prerouting" "-p tcp -d ${adb_nullipv4} --dport 80 -j REDIRECT --to-ports ${adb_port}" - f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-dns1" "-p udp --dport 53 -j REDIRECT" - f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-dns2" "-p tcp --dport 53 -j REDIRECT" - f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adb-forward1" "-p tcp -d ${adb_nullipv4} -j REJECT --reject-with tcp-reset" - f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adb-forward2" "-d ${adb_nullipv4} -j REJECT --reject-with icmp-port-unreachable" - f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adb-output1" "-p tcp -d ${adb_nullipv4} -j REJECT --reject-with tcp-reset" - f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adb-output2" "-d ${adb_nullipv4} -j REJECT --reject-with icmp-port-unreachable" + if [ -n "${adb_wanif4}" ] && [ -n "${adb_wandev4}" ] + then + f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-prerouting" "! -i ${adb_wandev4} -p tcp -d ${adb_nullipv4} -m multiport --dports 80,443 -j REDIRECT --to-ports ${adb_port}" + f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-dns" "! -i ${adb_wandev4} -p udp --dport 53 -j REDIRECT" + f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-dns" "! -i ${adb_wandev4} -p tcp --dport 53 -j REDIRECT" + f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adb-forward" "! -i ${adb_wandev4} -p udp -d ${adb_nullipv4} -j REJECT --reject-with icmp-port-unreachable" + f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adb-forward" "! -i ${adb_wandev4} -p tcp -d ${adb_nullipv4} -j REJECT --reject-with tcp-reset" + f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adb-forward" "! -i ${adb_wandev4} -d ${adb_nullipv4} -j REJECT --reject-with icmp-proto-unreachable" + f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adb-output" "! -i ${adb_wandev4} -p udp -d ${adb_nullipv4} -j REJECT --reject-with icmp-port-unreachable" + f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adb-output" "! -i ${adb_wandev4} -p tcp -d ${adb_nullipv4} -j REJECT --reject-with tcp-reset" + f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adb-output" "! -i ${adb_wandev4} -d ${adb_nullipv4} -j REJECT --reject-with icmp-proto-unreachable" if [ "${fw_done}" = "true" ] then - f_log "created volatile IPv4 firewall ruleset for adblock" + f_log "created volatile IPv4 firewall ruleset" fw_done="false" fi fi # check ipv6/ip6tables configuration # - if [ -n "${adb_wanif6}" ] - then - f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-prerouting" "-p tcp -d ${adb_nullipv6} --dport 80 -j REDIRECT --to-ports ${adb_port}" - f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-dns1" "-p udp --dport 53 -j REDIRECT" - f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-dns2" "-p tcp --dport 53 -j REDIRECT" - f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adb-forward1" "-p tcp -d ${adb_nullipv6} -j REJECT --reject-with tcp-reset" - f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adb-forward2" "-d ${adb_nullipv6} -j REJECT --reject-with icmp-port-unreachable" - f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adb-output1" "-p tcp -d ${adb_nullipv6} -j REJECT --reject-with tcp-reset" - f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adb-output2" "-d ${adb_nullipv6} -j REJECT --reject-with icmp-port-unreachable" + if [ -n "${adb_wanif6}" ] && [ -n "${adb_wandev6}" ] + then + f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-prerouting" "! -i ${adb_wandev6} -p tcp -d ${adb_nullipv6} -m multiport --dports 80,443 -j REDIRECT --to-ports ${adb_port}" + f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-dns" "! -i ${adb_wandev6} -p udp --dport 53 -j REDIRECT" + f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-dns" "! -i ${adb_wandev6} -p tcp --dport 53 -j REDIRECT" + f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adb-forward" "! -i ${adb_wandev6} -p udp -d ${adb_nullipv6} -j REJECT --reject-with icmp-port-unreachable" + f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adb-forward" "! -i ${adb_wandev6} -p tcp -d ${adb_nullipv6} -j REJECT --reject-with tcp-reset" + f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adb-forward" "! -i ${adb_wandev6} -d ${adb_nullipv6} -j REJECT --reject-with icmp-proto-unreachable" + f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adb-output" "! -i ${adb_wandev6} -p udp -d ${adb_nullipv6} -j REJECT --reject-with icmp-port-unreachable" + f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adb-output" "! -i ${adb_wandev6} -p tcp -d ${adb_nullipv6} -j REJECT --reject-with tcp-reset" + f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adb-output" "! -i ${adb_wandev6} -d ${adb_nullipv6} -j REJECT --reject-with icmp-proto-unreachable" if [ "${fw_done}" = "true" ] then - f_log "created volatile IPv6 firewall ruleset for adblock" + f_log "created volatile IPv6 firewall ruleset" fw_done="false" fi fi @@ -411,7 +416,7 @@ f_envcheck() then if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ] then - uhttpd -h "/www/adblock" -k 0 -N 100 -T 5 -D -E "/adblock.html" -p "${adb_ipv4}:${adb_port}" -p "[${adb_ipv6}]:${adb_port}">/dev/null 2>&1 + uhttpd -h "/www/adblock" -k 5 -N 200 -t 0 -T 1 -D -S -E "/adblock.html" -p "${adb_ipv4}:${adb_port}" -p "[${adb_ipv6}]:${adb_port}">/dev/null 2>&1 rc=${?} if [ $((rc)) -eq 0 ] then @@ -422,7 +427,7 @@ f_envcheck() fi elif [ -n "${adb_wanif4}" ] then - uhttpd -h "/www/adblock" -k 0 -N 100 -T 5 -D -E "/adblock.html" -p "${adb_ipv4}:${adb_port}" >/dev/null 2>&1 + uhttpd -h "/www/adblock" -k 5 -N 200 -t 0 -T 1 -D -S -E "/adblock.html" -p "${adb_ipv4}:${adb_port}" >/dev/null 2>&1 rc=${?} if [ $((rc)) -eq 0 ] then @@ -433,7 +438,7 @@ f_envcheck() fi elif [ -n "${adb_wanif6}" ] then - uhttpd -h "/www/adblock" -k 0 -N 100 -T 5 -D -E "/adblock.html" -p "[${adb_ipv6}]:${adb_port}" >/dev/null 2>&1 + uhttpd -h "/www/adblock" -k 5 -N 200 -t 0 -T 1 -D -S -E "/adblock.html" -p "[${adb_ipv6}]:${adb_port}" >/dev/null 2>&1 rc=${?} if [ $((rc)) -eq 0 ] then @@ -583,7 +588,7 @@ f_firewall() # f_log() { - local log_term + local log_parm local log_msg="${1}" local log_rc="${2}" local class="info " @@ -592,7 +597,7 @@ f_log() # if [ -t 1 ] then - log_term="-s" + log_parm="-s" fi # log to different output devices, set log class accordingly @@ -605,7 +610,7 @@ f_log() log_rc=", rc: ${log_rc}" log_msg="${log_msg}${log_rc}" fi - /usr/bin/logger ${log_term} -t "adblock[${adb_pid}] ${class}" "${log_msg}" + /usr/bin/logger ${log_parm} -t "adblock[${adb_pid}] ${class}" "${log_msg}" if [ "${log_ok}" = "true" ] then printf "%s\n" "$(/bin/date "+%d.%m.%Y %H:%M:%S") adblock[${adb_pid}] ${class}: ${log_msg}" >> "${adb_logfile}" @@ -732,14 +737,14 @@ f_exit() if [ -n "${adb_wanif4}" ] then ipv4_prerouting="$(${iptv4} -t nat -vnL | awk '$11 ~ /^adb-prerouting$/ {sum += $1} END {print sum}')" - ipv4_forward="$(${iptv4} -vnL | awk '$11 ~ /^adb-forward[12]$/ {sum += $1} END {print sum}')" - ipv4_output="$(${iptv4} -vnL | awk '$11 ~ /^adb-output[12]$/ {sum += $1} END {print sum}')" + ipv4_forward="$(${iptv4} -vnL | awk '$11 ~ /^adb-forward$/ {sum += $1} END {print sum}')" + ipv4_output="$(${iptv4} -vnL | awk '$11 ~ /^adb-output$/ {sum += $1} END {print sum}')" fi if [ -n "${adb_wanif6}" ] then ipv6_prerouting="$(${iptv6} -t nat -vnL | awk '$11 ~ /^adb-prerouting$/ {sum += $1} END {print sum}')" - ipv6_forward="$(${iptv6} -vnL | awk '$11 ~ /^adb-forward[12]$/ {sum += $1} END {print sum}')" - ipv6_output="$(${iptv6} -vnL | awk '$11 ~ /^adb-output[12]$/ {sum += $1} END {print sum}')" + ipv6_forward="$(${iptv6} -vnL | awk '$11 ~ /^adb-forward$/ {sum += $1} END {print sum}')" + ipv6_output="$(${iptv6} -vnL | awk '$11 ~ /^adb-output$/ {sum += $1} END {print sum}')" fi if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ] then diff --git a/net/adblock/files/adblock-update.sh b/net/adblock/files/adblock-update.sh index 3df2dbac9c..b23d82d151 100755 --- a/net/adblock/files/adblock-update.sh +++ b/net/adblock/files/adblock-update.sh @@ -45,7 +45,7 @@ fi # get current directory, script- and openwrt version # adb_scriptdir="${0%/*}" -adb_scriptver="0.70.0" +adb_scriptver="0.70.1" openwrt_version="$(cat /etc/openwrt_version 2>/dev/null)" # source in adblock function library @@ -100,7 +100,7 @@ then # only process shallalist archive with updated timestamp, # extract and merge only domains of selected shallalist categories # - shalla_time="$(wget ${wget_parm} --timeout=10 --server-response --spider "${adb_arc_shalla}" 2>&1 | grep -F "Last-Modified: " 2>/dev/null | tr -d '\r' 2>/dev/null)" + shalla_time="$(${adb_fetch} ${wget_parm} --timeout=5 --server-response --spider "${adb_arc_shalla}" 2>&1 | grep -F "Last-Modified: " 2>/dev/null | tr -d '\r' 2>/dev/null)" shalla_time="${shalla_time/*: /}" if [ -z "${shalla_time}" ] then @@ -109,7 +109,7 @@ then fi if [ -z "${list_time}" ] || [ "${list_time}" != "${shalla_time}" ] then - wget ${wget_parm} --timeout="${adb_maxtime}" --output-document="${shalla_archive}" "${adb_arc_shalla}" 2>/dev/null + ${adb_fetch} ${wget_parm} --timeout="${adb_maxtime}" --output-document="${shalla_archive}" "${adb_arc_shalla}" 2>/dev/null rc=${?} if [ $((rc)) -eq 0 ] then @@ -184,7 +184,7 @@ do then url_time="${shalla_time}" else - url_time="$(wget ${wget_parm} --timeout=10 --server-response --spider "${url}" 2>&1 | grep -F "Last-Modified: " 2>/dev/null | tr -d '\r' 2>/dev/null)" + url_time="$(${adb_fetch} ${wget_parm} --timeout=5 --server-response --spider "${url}" 2>&1 | grep -F "Last-Modified: " 2>/dev/null | tr -d '\r' 2>/dev/null)" url_time="${url_time/*: /}" fi if [ -z "${url_time}" ] @@ -203,7 +203,7 @@ do tmp_domains="$(cat "${shalla_file}" 2>/dev/null)" rc=${?} else - tmp_domains="$(wget ${wget_parm} --timeout="${adb_maxtime}" --output-document=- "${url}" 2>/dev/null)" + tmp_domains="$(${adb_fetch} ${wget_parm} --timeout="${adb_maxtime}" --output-document=- "${url}" 2>/dev/null)" rc=${?} fi else diff --git a/net/adblock/files/adblock.conf b/net/adblock/files/adblock.conf index 495477f720..5681d4c346 100644 --- a/net/adblock/files/adblock.conf +++ b/net/adblock/files/adblock.conf @@ -1,81 +1,81 @@ # adblock configuration, for further information # see '/etc/adblock/README.md' -config adblock "global" - option adb_enabled "1" - option adb_cfgver "0.70" - option adb_blacklist "/etc/adblock/adblock.blacklist" - option adb_whitelist "/etc/adblock/adblock.whitelist" - -config service "backup" - option enabled "0" - option adb_backupdir "/tmp" - -config service "debuglog" - option enabled "0" - option adb_logfile "/tmp/adb_debug.log" - -config source "adaway" - option enabled "1" - option adb_src_adaway "https://adaway.org/hosts.txt&ruleset=rset_adaway" - -config source "disconnect" - option enabled "1" - option adb_src_disconnect "https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt&ruleset=rset_disconnect" - -config source "dshield" - option enabled "0" - option adb_src_dshield "http://www.dshield.org/feeds/suspiciousdomains_Low.txt&ruleset=rset_dshield" - -config source "feodo" - option enabled "0" - option adb_src_feodo "https://feodotracker.abuse.ch/blocklist/?download=domainblocklist&ruleset=rset_feodo" - -config source "malware" - option enabled "0" - option adb_src_malware "https://mirror.cedia.org.ec/malwaredomains/justdomains&ruleset=rset_malware" - -config source "malwarelist" - option enabled "0" - option adb_src_malwarelist "http://www.malwaredomainlist.com/hostslist/hosts.txt&ruleset=rset_malwarelist" - -config source "openphish" - option enabled "0" - option adb_src_openphish "https://openphish.com/feed.txt&ruleset=rset_openphish" - -config source "palevo" - option enabled "0" - option adb_src_palevo "https://palevotracker.abuse.ch/blocklists.php?download=domainblocklist&ruleset=rset_palevo" - -config source "ruadlist" - option enabled "0" - option adb_src_ruadlist "https://easylist-downloads.adblockplus.org/ruadlist+easylist.txt&ruleset=rset_ruadlist" - -config source "shalla" - option enabled "0" - option adb_arc_shalla "http://www.shallalist.de/Downloads/shallalist.tar.gz" - list adb_catlist "adv" - list adb_catlist "costtraps" - list adb_catlist "spyware" - list adb_catlist "tracker" - list adb_catlist "warez" - -config source "spam404" - option enabled "0" - option adb_src_spam404 "http://spam404bl.com/spam404scamlist.txt&ruleset=rset_spam404" - -config source "whocares" - option enabled "0" - option adb_src_whocares "http://someonewhocares.org/hosts/hosts&ruleset=rset_whocares" - -config source "winhelp" - option enabled "0" - option adb_src_winhelp "http://winhelp2002.mvps.org/hosts.txt&ruleset=rset_winhelp" - -config source "yoyo" - option enabled "1" - option adb_src_yoyo "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=one-line&showintro=0&mimetype=plaintext&ruleset=rset_yoyo" - -config source "zeus" - option enabled "0" - option adb_src_zeus "https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist&ruleset=rset_zeus" +config adblock 'global' + option adb_enabled '1' + option adb_cfgver '0.70' + option adb_blacklist '/etc/adblock/adblock.blacklist' + option adb_whitelist '/etc/adblock/adblock.whitelist' + +config service 'backup' + option enabled '0' + option adb_backupdir '/tmp' + +config service 'debuglog' + option enabled '0' + option adb_logfile '/tmp/adb_debug.log' + +config source 'adaway' + option enabled '1' + option adb_src_adaway 'https://adaway.org/hosts.txt&ruleset=rset_adaway' + +config source 'disconnect' + option enabled '1' + option adb_src_disconnect 'https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt&ruleset=rset_disconnect' + +config source 'dshield' + option enabled '0' + option adb_src_dshield 'http://www.dshield.org/feeds/suspiciousdomains_Low.txt&ruleset=rset_dshield' + +config source 'feodo' + option enabled '0' + option adb_src_feodo 'https://feodotracker.abuse.ch/blocklist/?download=domainblocklist&ruleset=rset_feodo' + +config source 'malware' + option enabled '0' + option adb_src_malware 'https://mirror.cedia.org.ec/malwaredomains/justdomains&ruleset=rset_malware' + +config source 'malwarelist' + option enabled '0' + option adb_src_malwarelist 'http://www.malwaredomainlist.com/hostslist/hosts.txt&ruleset=rset_malwarelist' + +config source 'openphish' + option enabled '0' + option adb_src_openphish 'https://openphish.com/feed.txt&ruleset=rset_openphish' + +config source 'palevo' + option enabled '0' + option adb_src_palevo 'https://palevotracker.abuse.ch/blocklists.php?download=domainblocklist&ruleset=rset_palevo' + +config source 'ruadlist' + option enabled '0' + option adb_src_ruadlist 'https://easylist-downloads.adblockplus.org/ruadlist+easylist.txt&ruleset=rset_ruadlist' + +config source 'shalla' + option enabled '0' + option adb_arc_shalla 'http://www.shallalist.de/Downloads/shallalist.tar.gz' + list adb_catlist 'adv' + list adb_catlist 'costtraps' + list adb_catlist 'spyware' + list adb_catlist 'tracker' + list adb_catlist 'warez' + +config source 'spam404' + option enabled '0' + option adb_src_spam404 'http://spam404bl.com/spam404scamlist.txt&ruleset=rset_spam404' + +config source 'whocares' + option enabled '0' + option adb_src_whocares 'http://someonewhocares.org/hosts/hosts&ruleset=rset_whocares' + +config source 'winhelp' + option enabled '0' + option adb_src_winhelp 'http://winhelp2002.mvps.org/hosts.txt&ruleset=rset_winhelp' + +config source 'yoyo' + option enabled '1' + option adb_src_yoyo 'https://pgl.yoyo.org/adservers/serverlist.php?hostformat=one-line&showintro=0&mimetype=plaintext&ruleset=rset_yoyo' + +config source 'zeus' + option enabled '0' + option adb_src_zeus 'https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist&ruleset=rset_zeus' diff --git a/net/adblock/files/adblock.init b/net/adblock/files/adblock.init index f1fb677b33..96e5644370 100755 --- a/net/adblock/files/adblock.init +++ b/net/adblock/files/adblock.init @@ -10,18 +10,23 @@ adb_logger="/usr/bin/logger" if [ -t 1 ] then - log_term="-s" + log_parm="-s" + unset bg_parm +else + unset log_parm + bg_parm="&" fi if [ -r "${adb_pidfile}" ] then - "${adb_logger}" ${log_term} -t "adblock[${adb_pid}] error" "adblock service already running ($(cat ${adb_pidfile} 2>/dev/null))" + "${adb_logger}" ${log_parm} -t "adblock[${adb_pid}] error" "adblock service already running ($(cat ${adb_pidfile} 2>/dev/null))" exit 255 fi start() { - "${adb_script}" + eval "${adb_script}" ${bg_parm} + return 0 } restart() @@ -53,7 +58,7 @@ stop() if [ -n "${rm_done}" ] || [ -n "${uhttpd_pid}" ] then - "${adb_logger}" ${log_term} -t "adblock[${adb_pid}] info " "all adblock related services stopped" + "${adb_logger}" ${log_parm} -t "adblock[${adb_pid}] info " "all adblock related services stopped" fi return 0 } diff --git a/net/adblock/files/www/adblock/adblock.html b/net/adblock/files/www/adblock/adblock.html index 56fd1c008d..29cdf586e8 100644 --- a/net/adblock/files/www/adblock/adblock.html +++ b/net/adblock/files/www/adblock/adblock.html @@ -1,5 +1,5 @@ - + diff --git a/net/adblock/files/www/adblock/index.html b/net/adblock/files/www/adblock/index.html index 56fd1c008d..29cdf586e8 100644 --- a/net/adblock/files/www/adblock/index.html +++ b/net/adblock/files/www/adblock/index.html @@ -1,5 +1,5 @@ - + -- 2.30.2