* Provides a 'DNS Shift', where the generated final DNS blocklist is moved to the backup directory and only a soft link to this file is set in memory. As long as your backup directory is located on an external drive, you should activate this option to save disk space.
* Source parsing by fast & flexible regex rulesets, all rules and feed information are placed in an external JSON file ('/etc/adblock/adblock.feeds')
* Overall duplicate removal in generated blocklist file 'adb_list.overall'
+* Additional local allowlist for manual overrides, located in '/etc/adblock/adblock.allowlist' (only exact matches).
* Additional local blocklist for manual overrides, located in '/etc/adblock/adblock.blocklist'
-* Additional local allowlist for manual overrides, located in '/etc/adblock/adblock.allowlist'
* Quality checks during blocklist update to ensure a reliable DNS backend service
* Minimal status & error logging to syslog, enable debug logging to receive more output
* Procd based init system support ('start', 'stop', 'restart', 'reload', 'enable', 'disable', 'running', 'status', 'suspend', 'resume', 'query', 'report')
* Provides comprehensive runtime information
* Provides a detailed DNS Query Report with DNS related information about client requests, top (blocked) domains and more
* Provides a powerful query function to quickly find blocked (sub-)domains, e.g. to allow certain domains
-* Includes an option to generate an additional, restrictive 'adb_list.jail' to block access to all domains except those listed in the whitelist file. You can use this restrictive blocklist manually e.g. for guest wifi or kidsafe configurations
+* Includes an option to generate an additional, restrictive 'adb_list.jail' to block access to all domains except those listed in the allowlist file. You can use this restrictive blocklist manually e.g. for guest wifi or kidsafe configurations
* Includes an option to force DNS requests to the local resolver
* Automatic blocklist backup & restore, these backups will be used in case of download errors and during startup
* Send notification E-Mails, see example configuration below
-* Add new adblock feeds on your own, see example below
+* Add new adblock feeds on your own with the 'Custom Feed Editor' in LuCI or via CLI, see example below
* Strong LuCI support, all relevant options are exposed to the web frontend
<a id="prerequisites"></a>
* Install 'adblock' (_opkg install adblock_). The adblock service is enabled by default
* Install the LuCI companion package 'luci-app-adblock' (_opkg install luci-app-adblock_)
* It's strongly recommended to use the LuCI frontend to easily configure all aspects of adblock, the application is located in LuCI under the 'Services' menu
-* Update from a former adblock version is easy. During the update a backup is made of the old configuration '/etc/config/adblock-backup' and replaced by the new config - that's all
<a id="adblock-cli-interface"></a>
## Adblock CLI interface
| adb_dnstimeout | 10 | timeout in seconds to wait for a successful DNS backend restart |
| adb_dnsinstance | 0, first instance | set to the relevant dns backend instance used by adblock (dnsmasq only) |
| adb_dnsflush | 0, disabled | set to 1 to flush the DNS Cache before & after adblock processing |
-| adb_dnsallow | -, not set | set to 1 to disable selective DNS whitelisting (RPZ-PASSTHRU) |
-| adb_lookupdomain | example.com | external domain to check for a successful DNS backend restart or 'false' to disable this check |
+| adb_lookupdomain | localhost | domain to check for a successful DNS backend restart |
| adb_portlist | 53 853 5353 | space separated list of firewall ports which should be redirected locally |
| adb_report | 0, disabled | set to 1 to enable the background tcpdump gathering process for reporting |
-| adb_reportdir | /tmp | path for DNS related report files |
+| adb_reportdir | /tmp/adblock-report | path for DNS related report files |
| adb_repiface | -, auto-detected | name of the reporting interface or 'any' used by tcpdump |
| adb_replisten | 53 | space separated list of reporting port(s) used by tcpdump |
| adb_repchunkcnt | 5 | report chunk count used by tcpdump |
| adb_repchunksize | 1 | report chunk size used by tcpdump in MB |
| adb_represolve | 0, disabled | resolve reporting IP addresses using reverse DNS (PTR) lookups |
| adb_tld | 1, enabled | set to 0 to disable the top level domain compression (tld) function |
-| adb_backupdir | /tmp | path for adblock backups |
+| adb_backupdir | /tmp/adblock-backup | path for adblock backups |
| adb_tmpbase | /tmp | path for all adblock related runtime operations, e.g. downloading, sorting, merging etc. |
| adb_safesearch | 0, disabled | enforce SafeSearch for google, bing, brave, duckduckgo, yandex, youtube and pixabay |
| adb_safesearchlist | -, not set | Limit SafeSearch to certain provider (see above) |
| adb_mail | 0, disabled | set to 1 to enable notification E-Mails in case of a processing errors |
| adb_mailreceiver | -, not set | receiver address for adblock notification E-Mails |
| adb_mailsender | no-reply@adblock | sender address for adblock notification E-Mails |
-| adb_mailtopic | adblock notification | topic for adblock notification E-Mails |
+| adb_mailtopic | adblock notification | topic for adblock notification E-Mails |
| adb_mailprofile | adb_notify | mail profile used in 'msmtp' for adblock notification E-Mails |
| adb_jail | 0 | set to 1 to enable the additional, restrictive 'adb_list.jail' creation |
| adb_jaildir | /tmp | path for the generated jail list |
No further configuration is needed, adblock deposits the final blocklist 'adb_list.overall' in '/tmp/smartdns' by default.
**Use restrictive jail modes:**
-You can enable a restrictive 'adb_list.jail' to block access to all domains except those listed in the whitelist file. Usually this list will be generated as an additional list for guest or kidsafe configurations (for a separate dns server instance). If the jail directory points to your primary dns directory, adblock enables the restrictive jail mode automatically (jail mode only).
+You can enable a restrictive 'adb_list.jail' to block access to all domains except those listed in the allowlist file. Usually this list will be generated as an additional list for guest or kidsafe configurations (for a separate dns server instance). If the jail directory points to your primary dns directory, adblock enables the restrictive jail mode automatically (jail mode only).
**Manually override the download options:**
By default adblock uses the following pre-configured download options:
adb_dnscachecmd="-"
adb_dnsinstance="${adb_dnsinstance:-"0"}"
adb_dnsuser="${adb_dnsuser:-"root"}"
- adb_dnsdir="${adb_dnsdir}"
+ adb_dnsdir="${adb_dnsdir:-"/tmp"}"
adb_dnsheader="${adb_dnsheader:-""}"
adb_dnsdeny="${adb_dnsdeny:-"0"}"
adb_dnsallow="${adb_dnsallow:-"1"}"
# set external config options
#
f_extconf() {
- local config config_option section zone port fwcfg
+ local config section zone port fwcfg
case "${adb_dns}" in
+ "dnsmasq")
+ config="dhcp"
+ if [ "${adb_dnsshift}" = "1" ] &&
+ ! uci_get ${config} @dnsmasq[${adb_dnsinstance}] addnmount | "${adb_grepcmd}" -q "${adb_backupdir}"; then
+ uci -q add_list ${config}.@dnsmasq[${adb_dnsinstance}].addnmount="${adb_backupdir}"
+ elif [ "${adb_dnsshift}" = "0" ] &&
+ uci_get ${config} @dnsmasq[${adb_dnsinstance}] addnmount | "${adb_grepcmd}" -q "${adb_backupdir}"; then
+ uci -q del_list ${config}.@dnsmasq[${adb_dnsinstance}].addnmount="${adb_backupdir}"
+ fi
+ ;;
"kresd")
config="resolver"
- if [ "${adb_enabled}" = "1" ] && ! uci_get ${config} kresd rpz_file >/dev/null 2>&1; then
+ if [ "${adb_enabled}" = "1" ] &&
+ ! uci_get ${config} kresd rpz_file | "${adb_grepcmd}" -q "${adb_finaldir}/${adb_dnsfile}"; then
uci -q add_list ${config}.kresd.rpz_file="${adb_finaldir}/${adb_dnsfile}"
- elif [ "${adb_enabled}" = "0" ] && [ -n "${config_option}" ]; then
+ elif [ "${adb_enabled}" = "0" ] &&
+ uci_get ${config} kresd rpz_file | "${adb_grepcmd}" -q "${adb_finaldir}/${adb_dnsfile}"; then
uci -q del_list ${config}.kresd.rpz_file="${adb_finaldir}/${adb_dnsfile}"
fi
;;
"smartdns")
config="smartdns"
- if [ "${adb_enabled}" = "1" ] && ! uci_get ${config} @${config}[${adb_dnsinstance}] conf_files >/dev/null 2>&1; then
+ if [ "${adb_enabled}" = "1" ] &&
+ ! uci_get ${config} @${config}[${adb_dnsinstance}] conf_files | "${adb_grepcmd}" -q "${adb_finaldir}/${adb_dnsfile}"; then
uci -q add_list ${config}.@${config}[${adb_dnsinstance}].conf_files="${adb_finaldir}/${adb_dnsfile}"
- elif [ "${adb_enabled}" = "0" ] && [ -n "${config_option}" ]; then
+ elif [ "${adb_enabled}" = "0" ] &&
+ uci_get ${config} @${config}[${adb_dnsinstance}] conf_files | "${adb_grepcmd}" -q "${adb_finaldir}/${adb_dnsfile}"; then
uci -q del_list ${config}.@${config}[${adb_dnsinstance}].conf_files="${adb_finaldir}/${adb_dnsfile}"
fi
;;
restart_rc="${?}"
fi
;;
- "dnsmasq")
- if [ "${adb_dnsshift}" = "1" ] &&
- ! uci_get dhcp @dnsmasq[${adb_dnsinstance}] addnmount >/dev/null 2>&1; then
- uci -q add_list dhcp.@dnsmasq[${adb_dnsinstance}].addnmount="${adb_backupdir}"
- fi
- "/etc/init.d/${adb_dns}" restart >/dev/null 2>&1
- restart_rc="${?}"
- uci -q revert dhcp
- ;;
*)
"/etc/init.d/${adb_dns}" restart >/dev/null 2>&1
restart_rc="${?}"
if [ "${feed_cnt}" -lt "${etag_cnt}" ]; then
"${adb_sedcmd}" -i "/^${feed}/d" "${adb_backupdir}/adblock.etag"
else
- "${adb_sedcmd}" -i "/^${feed}${feed_suffix}/d" "${adb_backupdir}/adblock.etag"
+ "${adb_sedcmd}" -i "/^${feed}${feed_suffix//\//\\/}/d" "${adb_backupdir}/adblock.etag"
fi
- printf "%-50s%s\n" "${feed}${feed_suffix}" "${etag_id}" >>"${adb_backupdir}/adblock.etag"
+ printf "%-80s%s\n" "${feed}${feed_suffix}" "${etag_id}" >>"${adb_backupdir}/adblock.etag"
out_rc="2"
fi
fi
# etag handling on reload
#
- etag_rc="0"
- src_cnt="$(printf "%s" "${src_cat}" | "${adb_wccmd}" -w)"
- for suffix in ${src_cat}; do
- if [ -n "${adb_etagparm}" ] && [ "${adb_action}" = "reload" ]; then
+ if [ -n "${adb_etagparm}" ] && [ "${adb_action}" = "reload" ]; then
+ etag_rc="0"
+ src_cnt="$(printf "%s" "${src_cat}" | "${adb_wccmd}" -w)"
+ for suffix in ${src_cat}; do
if ! f_etag "${src_name}" "${src_url}" "${suffix}" "${src_cnt}"; then
etag_rc="$(( etag_rc + 1))"
fi
- fi
- done
- if [ "${etag_rc}" = "0" ];then
- if f_list restore; then
- continue
+ done
+ if [ "${etag_rc}" = "0" ];then
+ if f_list restore; then
+ continue
+ fi
fi
fi
# normal download
: >"${src_tmpcat}"
fi
done
- # list preparation
- #
f_list prepare
) &
else
"${adb_fetchcmd}" ${adb_fetchparm} "${src_tmpload}" "${src_url}" >/dev/null 2>&1
src_rc="${?}"
fi
- # list preparation
- #
f_list prepare
) &
fi
projects / feed / packages.git / commitdiff