* status & error logging to stdout and syslog
* use of dynamic uhttpd instance as adblock pixel server
* openwrt init system support (start/stop/restart/reload)
+* hotplug support, adblock start will be triggered by wan 'ifup' event
* optional features (disabled by default):
* adblock list backup/restore
* debug logging to separate file
* optional: 'kmod-ipt-nat6' for IPv6 support
* the above dependencies and requirements will be checked during package installation & script runtime
-## Usage
-* install the adblock package (*opkg install adblock*)
+## Installation & Usage
+* install the adblock package (*opkg update & opkg install adblock*)
* start the adblock service with */etc/init.d/adblock start* and check *logread -e "adblock"* for adblock related information
* optional: enable/disable your required adblock list sources in */etc/config/adblock* - 'adaway', 'disconnect' and 'yoyo' are enabled by default
* optional: maintain the adblock service in luci under 'System => Startup'
Please install the package 'luci-app-adblock'. Then you will find the application in LuCI located under 'Services' menu.
Thanks to Hannu Nyman for this great adblock LuCI frontend!
+## CC installation notes
+* currently the adblock package is *not* part of the CC package repository
+* download the latest adblock package *adblock_x.xx.x-1_all.ipk* from a DD snapshot [package directory](https://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/packages)
+* manual transfer the package to your router and install the opkg package as usual
+
## Tweaks
* there is no need to enable all blacklist sites at once, for normal use one to three adblock list sources should be sufficient
* if you really need to handle all blacklists at once add an usb stick or any other storage device to supersize your temp directory with a swap partition => see [openwrt wiki](https://wiki.openwrt.org/doc/uci/fstab) for further details
* adb\_port => port of the adblock uhttpd instance (default: '65535')
* adb\_nullipv4 => IPv4 blackhole ip address (default: '192.0.2.1')
* adb\_nullipv6 => IPv6 blackhole ip address (default: '::ffff:c000:0201')
- * adb\_probeipv4 => IPv4 address used for uplink online check (default: '8.8.8.8')
- * adb\_probeipv6 => IPv6 address used for uplink online check (default: '2001:4860:4860::8888')
- * adb\_maxtime => download timeout limit in seconds (default: '60')
- * adb\_maxloop => startup timeout limit in seconds to wait for an active wan interface (default: '20')
## Background
This adblock package is a dns/dnsmasq based adblock solution for openwrt.
adb_port="65535"
adb_nullipv4="192.0.2.1"
adb_nullipv6="::ffff:c000:0201"
- adb_probeipv4="8.8.8.8"
- adb_probeipv6="2001:4860:4860::8888"
- adb_maxtime="60"
- adb_maxloop="20"
adb_blacklist="/etc/adblock/adblock.blacklist"
adb_whitelist="/etc/adblock/adblock.whitelist"
# get logical wan update interfaces (with default route) and their device names
#
- while [ $((adb_cnt)) -le $((adb_maxloop)) ]
- do
- network_find_wan adb_wanif4 2>/dev/null
- network_find_wan6 adb_wanif6 2>/dev/null
- if [ -z "${adb_wanif4}" ] && [ -z "${adb_wanif6}" ]
- then
- network_flush_cache
- elif [ "${adb_wanif4}" = "${adb_lanif}" ] || [ "${adb_wanif6}" = "${adb_lanif}" ]
- then
- rc=125
- f_log "LAN only (${adb_lanif}) network, no valid IPv4/IPv6 wan update interface found" "${rc}"
- f_exit
- else
- network_get_device adb_wandev4 "${adb_wanif4}" 2>/dev/null
- network_get_device adb_wandev6 "${adb_wanif6}" 2>/dev/null
- if [ -n "${adb_wandev4}" ]
- then
- rc="$(ping -q -4 -c1 -W1 -I${adb_wandev4} "${adb_probeipv4}" >/dev/null 2>&1; printf ${?})"
- if [ $((rc)) -eq 0 ]
- then
- f_log "get active IPv4 wan update interface/device (${adb_wanif4}/${adb_wandev4})"
- break
- fi
- elif [ -n "${adb_wandev6}" ]
- then
- rc="$(ping -q -6 -c1 -W1 -I${adb_wandev6} "${adb_probeipv6}" >/dev/null 2>&1; printf ${?})"
- if [ $((rc)) -eq 0 ]
- then
- f_log "get active IPv6 wan update interface/device (${adb_wanif6}/${adb_wandev6})"
- break
- fi
- fi
- fi
- if [ $((adb_cnt)) -ge $((adb_maxloop)) ]
- then
- rc=125
- f_log "no valid IPv4/IPv6 wan update interface found" "${rc}"
- f_exit
- fi
- adb_cnt=$((adb_cnt + 1))
- done
+ network_find_wan adb_wanif4 2>/dev/null
+ network_find_wan6 adb_wanif6 2>/dev/null
+ if [ -z "${adb_wanif4}" ] && [ -z "${adb_wanif6}" ]
+ then
+ rc=125
+ f_log "no valid IPv4/IPv6 wan update interface found" "${rc}"
+ f_exit
+ elif [ "${adb_wanif4}" = "${adb_lanif}" ] || [ "${adb_wanif6}" = "${adb_lanif}" ]
+ then
+ rc=125
+ f_log "LAN only (${adb_lanif}) network, no valid IPv4/IPv6 wan update interface found" "${rc}"
+ f_exit
+ else
+ network_get_device adb_wandev4 "${adb_wanif4}" 2>/dev/null
+ network_get_device adb_wandev6 "${adb_wanif6}" 2>/dev/null
+ break
+ fi
# get lan ip addresses
#
# check ca-certificates package and set wget parms accordingly
#
+ wget_parm="--no-config --quiet --tries=1 --no-cache --no-cookies --max-redirect=0 --dns-timeout=5 --connect-timeout=5 --read-timeout=5"
check="$(printf "${pkg_list}" | grep "^ca-certificates -" 2>/dev/null)"
if [ -z "${check}" ]
then
- wget_parm="--no-config --no-check-certificate --quiet --tries=1 --no-cache --no-cookies --max-redirect=0 --dns-timeout=5"
- else
- wget_parm="--no-config --quiet --tries=1 --no-cache --no-cookies --max-redirect=0 --dns-timeout=5"
+ wget_parm="${wget_parm} --no-check-certificate"
fi
# check adblock blacklist/whitelist configuration
f_exit
fi
- # check total and swap memory
+ # memory check
#
- mem_total="$(grep -F "MemTotal" "/proc/meminfo" 2>/dev/null | grep -o "[0-9]*" 2>/dev/null)"
- mem_free="$(grep -F "MemFree" "/proc/meminfo" 2>/dev/null | grep -o "[0-9]*" 2>/dev/null)"
- swap_total="$(grep -F "SwapTotal" "/proc/meminfo" 2>/dev/null | grep -o "[0-9]*" 2>/dev/null)"
- if [ $((mem_total)) -le 64000 ] && [ $((swap_total)) -eq 0 ]
+ mem_total="$(awk '$1 ~ /^MemTotal/ {print $2}' "/proc/meminfo" 2>/dev/null)"
+ mem_free="$(awk '$1 ~ /^MemFree/ {print $2}' "/proc/meminfo" 2>/dev/null)"
+ mem_swap="$(awk '$1 ~ /^SwapTotal/ {print $2}' "/proc/meminfo" 2>/dev/null)"
+ if [ $((mem_total)) -le 64000 ] && [ $((mem_swap)) -eq 0 ]
then
adb_unique=0
- f_log "not enough memory, overall sort/unique processing will be disabled"
- f_log "please consider adding an external swap device to supersize your temp directory (total: ${mem_total}, free: ${mem_free}, swap: ${mem_swap})"
+ f_log "not enough memory, overall sort processing will be disabled (total: ${mem_total}, free: ${mem_free}, swap: ${mem_swap})"
fi
# check backup configuration
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-prerouting" "! -i ${adb_wandev4} -p tcp -d ${adb_nullipv4} -m multiport --dports 80,443 -j REDIRECT --to-ports ${adb_port}"
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-dns" "! -i ${adb_wandev4} -p udp --dport 53 -j REDIRECT"
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-dns" "! -i ${adb_wandev4} -p tcp --dport 53 -j REDIRECT"
- f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adb-forward" "! -i ${adb_wandev4} -p udp -d ${adb_nullipv4} -j REJECT --reject-with icmp-port-unreachable"
- f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adb-forward" "! -i ${adb_wandev4} -p tcp -d ${adb_nullipv4} -j REJECT --reject-with tcp-reset"
- f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adb-forward" "! -i ${adb_wandev4} -d ${adb_nullipv4} -j REJECT --reject-with icmp-proto-unreachable"
- f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adb-output" "! -i ${adb_wandev4} -p udp -d ${adb_nullipv4} -j REJECT --reject-with icmp-port-unreachable"
- f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adb-output" "! -i ${adb_wandev4} -p tcp -d ${adb_nullipv4} -j REJECT --reject-with tcp-reset"
- f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adb-output" "! -i ${adb_wandev4} -d ${adb_nullipv4} -j REJECT --reject-with icmp-proto-unreachable"
+ f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adb-forward" "! -i ${adb_wandev4} -d ${adb_nullipv4} -j REJECT --reject-with icmp-host-unreachable"
+ f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adb-output" "! -i ${adb_wandev4} -d ${adb_nullipv4} -j REJECT --reject-with icmp-host-unreachable"
if [ "${fw_done}" = "true" ]
then
f_log "created volatile IPv4 firewall ruleset"
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-prerouting" "! -i ${adb_wandev6} -p tcp -d ${adb_nullipv6} -m multiport --dports 80,443 -j REDIRECT --to-ports ${adb_port}"
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-dns" "! -i ${adb_wandev6} -p udp --dport 53 -j REDIRECT"
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-dns" "! -i ${adb_wandev6} -p tcp --dport 53 -j REDIRECT"
- f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adb-forward" "! -i ${adb_wandev6} -p udp -d ${adb_nullipv6} -j REJECT --reject-with icmp-port-unreachable"
- f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adb-forward" "! -i ${adb_wandev6} -p tcp -d ${adb_nullipv6} -j REJECT --reject-with tcp-reset"
- f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adb-forward" "! -i ${adb_wandev6} -d ${adb_nullipv6} -j REJECT --reject-with icmp-proto-unreachable"
- f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adb-output" "! -i ${adb_wandev6} -p udp -d ${adb_nullipv6} -j REJECT --reject-with icmp-port-unreachable"
- f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adb-output" "! -i ${adb_wandev6} -p tcp -d ${adb_nullipv6} -j REJECT --reject-with tcp-reset"
- f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adb-output" "! -i ${adb_wandev6} -d ${adb_nullipv6} -j REJECT --reject-with icmp-proto-unreachable"
+ f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adb-forward" "! -i ${adb_wandev6} -d ${adb_nullipv6} -j REJECT --reject-with icmp6-addr-unreachable"
+ f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adb-output" "! -i ${adb_wandev6} -d ${adb_nullipv6} -j REJECT --reject-with icmp6-addr-unreachable"
if [ "${fw_done}" = "true" ]
then
f_log "created volatile IPv6 firewall ruleset"
fi
if [ -n "${adb_wanif6}" ]
then
- ipv6_prerouting="$(${iptv6} -t nat -vnL | awk '$11 ~ /^adb-prerouting$/ {sum += $1} END {print sum}')"
- ipv6_forward="$(${iptv6} -vnL | awk '$11 ~ /^adb-forward$/ {sum += $1} END {print sum}')"
- ipv6_output="$(${iptv6} -vnL | awk '$11 ~ /^adb-output$/ {sum += $1} END {print sum}')"
+ ipv6_prerouting="$(${iptv6} -t nat -vnL | awk '$10 ~ /^adb-prerouting$/ {sum += $1} END {print sum}')"
+ ipv6_forward="$(${iptv6} -vnL | awk '$10 ~ /^adb-forward$/ {sum += $1} END {print sum}')"
+ ipv6_output="$(${iptv6} -vnL | awk '$10 ~ /^adb-output$/ {sum += $1} END {print sum}')"
fi
if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ]
then
# get current directory, script- and openwrt version
#
adb_scriptdir="${0%/*}"
-adb_scriptver="0.80.0"
+adb_scriptver="0.80.1"
openwrt_version="$(cat /etc/openwrt_version 2>/dev/null)"
# source in adblock function library
# only process shallalist archive with updated timestamp,
# extract and merge only domains of selected shallalist categories
#
- shalla_time="$(${adb_fetch} ${wget_parm} --timeout=5 --server-response --spider "${adb_arc_shalla}" 2>&1 | grep -F "Last-Modified: " 2>/dev/null | tr -d '\r' 2>/dev/null)"
+ shalla_time="$(${adb_fetch} ${wget_parm} --server-response --spider "${adb_arc_shalla}" 2>&1 | grep -F "Last-Modified: " 2>/dev/null | tr -d '\r' 2>/dev/null)"
shalla_time="${shalla_time/*: /}"
if [ -z "${shalla_time}" ]
then
fi
if [ -z "${list_time}" ] || [ "${list_time}" != "${shalla_time}" ]
then
- ${adb_fetch} ${wget_parm} --timeout="${adb_maxtime}" --output-document="${shalla_archive}" "${adb_arc_shalla}" 2>/dev/null
+ ${adb_fetch} ${wget_parm} --output-document="${shalla_archive}" "${adb_arc_shalla}" 2>/dev/null
rc=${?}
if [ $((rc)) -eq 0 ]
then
then
url_time="${shalla_time}"
else
- url_time="$(${adb_fetch} ${wget_parm} --timeout=5 --server-response --spider "${url}" 2>&1 | grep -F "Last-Modified: " 2>/dev/null | tr -d '\r' 2>/dev/null)"
+ url_time="$(${adb_fetch} ${wget_parm} --server-response --spider "${url}" 2>&1 | grep -F "Last-Modified: " 2>/dev/null | tr -d '\r' 2>/dev/null)"
url_time="${url_time/*: /}"
fi
if [ -z "${url_time}" ]
tmp_domains="$(cat "${shalla_file}" 2>/dev/null)"
rc=${?}
else
- tmp_domains="$(${adb_fetch} ${wget_parm} --timeout="${adb_maxtime}" --output-document=- "${url}" 2>/dev/null)"
+ tmp_domains="$(${adb_fetch} ${wget_parm} --output-document=- "${url}" 2>/dev/null)"
rc=${?}
fi
else
# restart dnsmasq with newly generated or deleted adblock lists,
# check dnsmasq startup afterwards
#
-if [ -n "${adb_revsrclist}" ] || [ -n "${rm_done}" ]
+if [ -n "${adb_revsrclist}" ] || [ -n "${rm_done}" ] || [ -n "${restore_done}" ]
then
/etc/init.d/dnsmasq restart >/dev/null 2>&1
sleep 2
git.99rst.org / openwrt-packages.git / commitdiff