* Supports a wide range of router modes, even AP modes are supported
* Full IPv4 and IPv6 support
* Provides top level domain compression ('tld compression'), this feature removes thousands of needless host entries from the blocklist and lowers the memory footprint for the DNS backend
-* Provides a 'DNS Shift', where the generated final DNS blocklist is moved to the backup directory and only a soft link to this file is set in memory. As long as your backup directory is located on an external drive, you should activate this option to save disk space.
+* Provides a 'DNS Blocklist Shift', where the generated final DNS blocklist is moved to the backup directory and only a soft link to this file is set in memory. As long as your backup directory is located on an external drive, you should activate this option to save valuable RAM.
* Source parsing by fast & flexible regex rulesets, all rules and feed information are placed in an external JSON file ('/etc/adblock/adblock.feeds')
* Overall duplicate removal in generated blocklist file 'adb_list.overall'
* Additional local allowlist for manual overrides, located in '/etc/adblock/adblock.allowlist' (only exact matches).
| adb_fetchparm | -, auto-detected | manually override the config options for the selected download utility |
| adb_fetchinsecure | 0, disabled | don't check SSL server certificates during download |
| adb_trigger | -, not set | trigger network interface or 'not set' to use a time-based startup |
-| adb_triggerdelay | 2 | additional trigger delay in seconds before adblock processing begins |
+| adb_triggerdelay | 5 | additional trigger delay in seconds before adblock processing begins |
| adb_debug | 0, disabled | set to 1 to enable the debug output |
| adb_nice | 0, standard prio. | valid nice level range 0-19 of the adblock processes |
+| adb_dnsshift | 0, disabled | shift the blocklist to the backup directory and only set a soft link to this file in memory |
| adb_dnsforce | 0, disabled | set to 1 to force DNS requests to the local resolver |
| adb_dnsdir | -, auto-detected | path for the generated blocklist file 'adb_list.overall' |
-| adb_dnstimeout | 10 | timeout in seconds to wait for a successful DNS backend restart |
+| adb_dnstimeout | 20 | timeout in seconds to wait for a successful DNS backend restart |
| adb_dnsinstance | 0, first instance | set to the relevant dns backend instance used by adblock (dnsmasq only) |
| adb_dnsflush | 0, disabled | set to 1 to flush the DNS Cache before & after adblock processing |
| adb_lookupdomain | localhost | domain to check for a successful DNS backend restart |
| adb_mailsender | no-reply@adblock | sender address for adblock notification E-Mails |
| adb_mailtopic | adblock notification | topic for adblock notification E-Mails |
| adb_mailprofile | adb_notify | mail profile used in 'msmtp' for adblock notification E-Mails |
-| adb_jail | 0 | set to 1 to enable the additional, restrictive 'adb_list.jail' creation |
+| adb_jail | 0 | create the additional restrictive 'adb_list.jail' |
| adb_jaildir | /tmp | path for the generated jail list |
<a id="examples"></a>
**Change the DNS backend to 'smartdns':**
No further configuration is needed, adblock deposits the final blocklist 'adb_list.overall' in '/tmp/smartdns' by default.
-**Use restrictive jail modes:**
-You can enable a restrictive 'adb_list.jail' to block access to all domains except those listed in the allowlist file. Usually this list will be generated as an additional list for guest or kidsafe configurations (for a separate dns server instance). If the jail directory points to your primary dns directory, adblock enables the restrictive jail mode automatically (jail mode only).
+**Use the jail mode, a restrictive DNS blocklist:**
+You can enable a restrictive 'adb_list.jail' to block access to all domains except those listed in the allowlist file. Usually this list will be generated as an additional list for guest or kidsafe configurations (for a separate dns server instance). If the jail directory points to your primary dns directory, the jail blocklist replaces your default blocklist.
**Manually override the download options:**
By default adblock uses the following pre-configured download options:
To get the status in the CLI, just call _/etc/init.d/adblock status_ or _/etc/init.d/adblock status\_service_:
```
-~#@blackhole:~# /etc/init.d/adblock status
+~# /etc/init.d/adblock status
::: adblock runtime information
+ adblock_status : enabled
- + adblock_version : 4.4.0-r1
- + blocked_domains : 1 154 208
+ + adblock_version : 4.4.1-r2
+ + blocked_domains : 881 753
+ active_feeds : 1hosts, certpl, cpbl, doh_blocklist, hagezi, winspy
- + dns_backend : dnsmasq (-), /mnt/data/adblock/backup, 92.87 MB
+ + dns_backend : dnsmasq (2.92_alpha5-r1), /mnt/data/adblock/backup, 73.12 MB
+ run_utils : download: /usr/bin/curl, sort: /usr/libexec/sort-coreutils, awk: /usr/bin/gawk
- + run_ifaces : trigger: trm_wwan, report: br-lan
- + run_directories : base: /mnt/data/adblock, backup: /mnt/data/adblock/backup, report: /mnt/data/adblock/report, jail: -
+ + run_ifaces : trigger: trm_wwan , report: br-lan
+ + run_directories : base: /mnt/data/adblock, backup: /mnt/data/adblock/backup, report: /mnt/data/adblock/report, jail: /tmp
+ run_flags : shift: ✔, force: ✔, flush: ✘, tld: ✔, search: ✘, report: ✔, mail: ✘, jail: ✘
- + last_run : mode: reload, 2025-04-10T20:34:17+02:00, duration: 0m 55s, 682.52 MB available
- + system_info : OpenWrt One, mediatek/filogic, OpenWrt 24.10-SNAPSHOT r28584-a51b1a98e0
+ + last_run : mode: restart, 2025-05-03T11:43:03+02:00, duration: 0m 44s, 707.25 MB available
+ + system_info : OpenWrt One, mediatek/filogic, OpenWrt 24.10-SNAPSHOT r28628-cc1b909a6b
```
**Change/add adblock feeds**
adb_finaldir=""
adb_backupdir="/tmp/adblock-backup"
adb_reportdir="/tmp/adblock-report"
-adb_jaildir=""
+adb_jaildir="/tmp"
adb_pidfile="/var/run/adblock.pid"
adb_allowlist="/etc/adblock/adblock.allowlist"
adb_blocklist="/etc/adblock/adblock.blocklist"
adb_repchunksize="1"
adb_represolve="0"
adb_lookupdomain="localhost"
-adb_action="${1:-"start"}"
+adb_action="${1}"
adb_packages=""
adb_cnt=""
# load dns backend config
#
f_dns() {
- local util utils dns_section dns_info mem_free dir
+ local dns dns_list dns_section dns_info free_mem dir
- mem_free="$("${adb_awkcmd}" '/^MemAvailable/{printf "%s",int($2/1000)}' "/proc/meminfo" 2>/dev/null)"
- if [ "${adb_action}" = "start" ] && [ -z "${adb_trigger}" ]; then
- sleep ${adb_triggerdelay}
+ free_mem="$("${adb_awkcmd}" '/^MemAvailable/{printf "%s",int($2/1000)}' "/proc/meminfo" 2>/dev/null)"
+ if [ "${adb_action}" = "boot" ] && [ -z "${adb_trigger}" ]; then
+ sleep ${adb_triggerdelay:-"5"}
fi
if [ -z "${adb_dns}" ]; then
- utils="knot-resolver bind-server unbound-daemon smartdns dnsmasq-full dnsmasq-dhcpv6 dnsmasq"
- for util in ${utils}; do
- if printf "%s" "${adb_packages}" | "${adb_jsoncmd}" -ql1 -e "@.packages[\"${util}\"]" >/dev/null 2>&1; then
- case "${util}" in
+ dns_list="knot-resolver bind-server unbound-daemon smartdns dnsmasq-full dnsmasq-dhcpv6 dnsmasq"
+ for dns in ${dns_list}; do
+ if printf "%s" "${adb_packages}" | "${adb_jsoncmd}" -ql1 -e "@.packages[\"${dns}\"]" >/dev/null 2>&1; then
+ case "${dns}" in
"knot-resolver")
- util="kresd"
+ dns="kresd"
;;
"bind-server")
- util="named"
+ dns="named"
;;
"unbound-daemon")
- util="unbound"
+ dns="unbound"
;;
"dnsmasq-full" | "dnsmasq-dhcpv6")
- util="dnsmasq"
+ dns="dnsmasq"
;;
esac
- if [ -x "$(command -v "${util}")" ]; then
- adb_dns="${util}"
- uci_set adblock global adb_dns "${util}"
+ if [ -x "$(command -v "${dns}")" ]; then
+ adb_dns="${dns}"
+ uci_set adblock global adb_dns "${dns}"
f_uci "adblock"
break
fi
for dir in "${adb_dnsdir:-"/tmp"}" "${adb_backupdir:-"/tmp"}" "${adb_jaildir:-"/tmp"}"; do
[ ! -d "${dir}" ] && mkdir -p "${dir}"
done
- if [ "${adb_dnsflush}" = "1" ] || [ "${mem_free}" -lt "64" ]; then
+ if [ "${adb_dnsflush}" = "1" ] || [ "${free_mem}" -lt "64" ]; then
printf "%b" "${adb_dnsheader}" >"${adb_finaldir}/${adb_dnsfile}"
f_dnsup
elif [ ! -f "${adb_finaldir}/${adb_dnsfile}" ]; then
# load fetch utility
#
f_fetch() {
- local util utils insecure update="0"
+ local fetch fetch_list insecure update="0"
adb_fetchcmd="$(command -v "${adb_fetchcmd}")"
if [ ! -x "${adb_fetchcmd}" ]; then
- utils="curl wget-ssl libustream-openssl libustream-wolfssl libustream-mbedtls"
- for util in ${utils}; do
- if printf "%s" "${adb_packages}" | "${adb_jsoncmd}" -ql1 -e "@.packages[\"${util}\"]" >/dev/null 2>&1; then
- case "${util}" in
+ fetch_list="curl wget-ssl libustream-openssl libustream-wolfssl libustream-mbedtls"
+ for fetch in ${fetch_list}; do
+ if printf "%s" "${adb_packages}" | "${adb_jsoncmd}" -ql1 -e "@.packages[\"${fetch}\"]" >/dev/null 2>&1; then
+ case "${fetch}" in
"wget-ssl")
- util="wget"
+ fetch="wget"
;;
"libustream-openssl" | "libustream-wolfssl" | "libustream-mbedtls")
- util="uclient-fetch"
+ fetch="uclient-fetch"
;;
esac
- if [ -x "$(command -v "${util}")" ]; then
+ if [ -x "$(command -v "${fetch}")" ]; then
update="1"
- adb_fetchcmd="$(command -v "${util}")"
- uci_set adblock global adb_fetchcmd "${util}"
+ adb_fetchcmd="$(command -v "${fetch}")"
+ uci_set adblock global adb_fetchcmd "${fetch}"
f_uci "adblock"
break
fi
out_rc="${?}"
eval "${adb_dnsallow}" "${adb_tmpdir}/tmp.raw.${src_name}" >"${adb_tmpdir}/tmp.add.${src_name}"
if [ "${adb_jail}" = "1" ] && [ "${adb_dnsstop}" != "0" ]; then
- rm -f "${adb_jaildir}/${adb_dnsjail}"
- [ -n "${adb_dnsheader}" ] && printf "%b" "${adb_dnsheader}" >>"${adb_jaildir}/${adb_dnsjail}"
- "${adb_catcmd}" "${adb_tmpdir}/tmp.add.${src_name}" >>"${adb_jaildir}/${adb_dnsjail}"
- printf "%b\n" "${adb_dnsstop}" >>"${adb_jaildir}/${adb_dnsjail}"
+ printf "%b" "${adb_dnsheader}" >"${adb_tmpdir}/${adb_dnsjail}"
+ "${adb_catcmd}" "${adb_tmpdir}/tmp.add.${src_name}" >>"${adb_tmpdir}/${adb_dnsjail}"
+ printf "%b\n" "${adb_dnsstop}" >>"${adb_tmpdir}/${adb_dnsjail}"
fi
fi
;;
out_rc="${?}"
if [ "${out_rc}" = "0" ] && [ -s "${src_tmpfile}" ]; then
f_list backup
- elif [ "${adb_action}" != "start" ]; then
+ elif [ "${adb_action}" != "boot" ] && [ "${adb_action}" != "start" ]; then
f_log "info" "preparation of '${src_name}' failed, rc: ${src_rc}"
f_list restore
out_rc="${?}"
fi
else
f_log "info" "download of '${src_name}' failed, url: ${src_url}, rule: ${src_rset:-"-"}, categories: ${src_cat:-"-"}, rc: ${src_rc}"
- if [ "${adb_action}" != "start" ]; then
+ if [ "${adb_action}" != "boot" ] && [ "${adb_action}" != "start" ]; then
f_list restore
out_rc="${?}"
fi
else
out_rc=4
fi
- if [ "${adb_action}" != "start" ] && [ "${adb_action}" != "restart" ] && [ "${adb_action}" != "resume" ] && [ -n "${src_name}" ] && [ "${out_rc}" != "0" ]; then
+ if [ "${adb_action}" != "boot" ] && [ "${adb_action}" != "start" ] && [ "${adb_action}" != "restart" ] &&
+ [ "${adb_action}" != "resume" ] && [ -n "${src_name}" ] && [ "${out_rc}" != "0" ]; then
adb_feed="${adb_feed/${src_name}}"
fi
;;
# update runtime information
#
f_jsnup() {
- local pids object feeds end_time runtime utils mem_dns mem_free status="${1:-"enabled"}"
+ local pids object feeds end_time runtime utils dns dns_ver dns_mem free_mem status="${1:-"enabled"}"
if [ -n "${adb_dnspid}" ]; then
pids="$("${adb_pgrepcmd}" -P "${adb_dnspid}" 2>/dev/null)"
for pid in ${adb_dnspid} ${pids}; do
- mem_dns="$((mem_dns + $("${adb_awkcmd}" '/^VmSize/{printf "%s", $2}' "/proc/${pid}/status" 2>/dev/null)))"
+ dns_mem="$((dns_mem + $("${adb_awkcmd}" '/^VmSize/{printf "%s", $2}' "/proc/${pid}/status" 2>/dev/null)))"
done
- mem_dns="$("${adb_awkcmd}" -v mem="${mem_dns}" 'BEGIN{printf "%.2f", mem/1024}' 2>/dev/null)"
+ case "${adb_dns}" in
+ "kresd")
+ dns="knot-resolver"
+ ;;
+ "named")
+ dns="bind-server"
+ ;;
+ "unbound")
+ dns="unbound-daemon"
+ ;;
+ "dnsmasq")
+ dns="dnsmasq\", \"dnsmasq-full\", \"dnsmasq-dhcpv6"
+ ;;
+ esac
+ dns_ver="$(printf "%s" "${adb_packages}" | "${adb_jsoncmd}" -ql1 -e "@.packages[\"${dns:-"${adb_dns}"}\"]")"
+ dns_mem="$("${adb_awkcmd}" -v mem="${dns_mem}" 'BEGIN{printf "%.2f", mem/1024}' 2>/dev/null)"
fi
- mem_free="$("${adb_awkcmd}" '/^MemAvailable/{printf "%.2f", $2/1024}' "/proc/meminfo" 2>/dev/null)"
+ free_mem="$("${adb_awkcmd}" '/^MemAvailable/{printf "%.2f", $2/1024}' "/proc/meminfo" 2>/dev/null)"
adb_cnt="$("${adb_awkcmd}" -v cnt="${adb_cnt}" 'BEGIN{res="";pos=0;for(i=length(cnt);i>0;i--){res=substr(cnt,i,1)res;pos++;if(pos==3&&i>1){res=" "res;pos=0;}}; printf"%s",res}')"
case "${status}" in
end_time="$(date "+%s")"
duration="$(((end_time - adb_starttime) / 60))m $(((end_time - adb_starttime) % 60))s"
fi
- runtime="mode: ${adb_action}, $(date -Iseconds), duration: ${duration:-"-"}, ${mem_free:-0} MB available"
- ;;
- "error"|"stopped")
- adb_cnt="0"
+ runtime="mode: ${adb_action}, $(date -Iseconds), duration: ${duration:-"-"}, ${free_mem:-0} MB available"
;;
"resume")
status="enabled"
adb_cnt="0"
status="paused"
;;
+ *)
+ adb_cnt="0"
+ ;;
esac
json_init
json_add_string "${object}" "${object}"
done
json_close_array
- json_add_string "dns_backend" "${adb_dns:-"-"} (${adb_dnscachecmd##*/}), ${adb_finaldir:-"-"}, ${mem_dns:-"0"} MB"
+ json_add_string "dns_backend" "${adb_dns:-"-"} (${dns_ver:-"-"}), ${adb_finaldir:-"-"}, ${dns_mem:-"0"} MB"
json_add_string "run_utils" "${utils:-"-"}"
json_add_string "run_ifaces" "trigger: ${adb_trigger:-"-"}, report: ${adb_repiface:-"-"}"
- json_add_string "run_directories" "base: ${adb_tmpbase}, backup: ${adb_backupdir}, report: ${adb_reportdir}, jail: ${adb_jaildir:-"-"}"
+ json_add_string "run_directories" "base: ${adb_tmpbase}, dns: ${adb_dnsdir}, backup: ${adb_backupdir}, report: ${adb_reportdir}, jail: ${adb_jaildir:-"-"}"
json_add_string "run_flags" "shift: $(f_char ${adb_dnsshift}), force: $(f_char ${adb_dnsforce}), flush: $(f_char ${adb_dnsflush}), tld: $(f_char ${adb_tld}), search: $(f_char ${adb_safesearch}), report: $(f_char ${adb_report}), mail: $(f_char ${adb_mail}), jail: $(f_char ${adb_jail})"
json_add_string "last_run" "${runtime:-"-"}"
json_add_string "system_info" "${adb_sysver}"
done
wait
- if [ "${adb_dns}" != "raw" ] && [ "${adb_jail}" = "1" ] && [ "${adb_jaildir}" = "${adb_dnsdir}" ]; then
- printf "%b" "${adb_dnsheader}" >"${adb_finaldir}/${adb_dnsfile}"
- chown "${adb_dnsuser}" "${adb_jaildir}/${adb_dnsjail}" 2>/dev/null
- if f_dnsup; then
- if [ "${adb_action}" != "resume" ]; then
- f_jsnup "enabled"
+ # jail mode preparation
+ #
+ if [ "${adb_jail}" = "1" ] && [ "${adb_dnsstop}" != "0" ]; then
+ if [ "${adb_jaildir}" = "${adb_dnsdir}" ]; then
+ "${adb_catcmd}" "${adb_tmpdir}/${adb_dnsjail}" >"${adb_finaldir}/${adb_dnsfile}"
+ chown "${adb_dnsuser}" "${adb_finaldir}/${adb_dnsfile}" 2>/dev/null
+ if [ "${adb_dnsshift}" = "1" ] && [ ! -L "${adb_dnsdir}/${adb_dnsfile}" ]; then
+ ln -fs "${adb_finaldir}/${adb_dnsfile}" "${adb_dnsdir}/${adb_dnsfile}"
+ elif [ "${adb_dnsshift}" = "0" ] && [ -s "${adb_backupdir}/${adb_dnsfile}" ]; then
+ rm -f "${adb_backupdir}/${adb_dnsfile}"
fi
- f_log "info" "restrictive jail mode enabled successfully (${adb_sysver})"
+ if f_dnsup; then
+ if [ "${adb_action}" != "resume" ]; then
+ f_jsnup "enabled"
+ fi
+ f_log "info" "restrictive jail mode enabled successfully (${adb_sysver})"
+ else
+ f_log "err" "dns backend restart in jail mode failed"
+ fi
+ f_rmtemp
+ return
else
- f_log "err" "dns backend restart in jail mode failed"
+ "${adb_catcmd}" "${adb_tmpdir}/${adb_dnsjail}" >"${adb_jaildir}/${adb_dnsjail}"
+ chown "${adb_dnsuser}" "${adb_jaildir}/${adb_dnsjail}" 2>/dev/null
+ f_log "info" "additional restrictive jail blocklist placed in ${adb_jaildir}"
fi
- f_rmtemp
- return
- elif [ -f "${adb_finaldir}/${adb_dnsjail}" ]; then
- rm -f "${adb_finaldir}/${adb_dnsjail}"
- f_dnsup
fi
# safe search preparation
"query")
f_query "${2}"
;;
- "start" | "reload")
+ "boot" | "start" | "reload")
f_env
f_main
;;
projects / feed / packages.git / commitdiff