Adblock support thread

I upgraded, this works very well, thanks!

I'm on Adblock 2.7.1 w/latest trunk and Adblock isn't starting at boot, I checked /etc/rc.d and it shows S50adblock which seems to be correct according to the last info in this thread, I went ahead and ran /etc/init.d/adblock disable/enable just to see if it would call a new one and it didn't (remains S50adblock), wan is listed as the triggered interface. Just wondering if @didbot or anyone has any ideas, here are my global settings -

config adblock 'global'
	option adb_debug '0'
	option adb_forcesrt '0'
	option adb_forcedns '0'
	option adb_iface 'wan'
	option adb_triggerdelay '2'
	option adb_whitelist '/etc/adblock/adblock.whitelist'
	option adb_whitelist_rset '\$1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\"^\"\$1\"\\\|[.]\"\$1)}'
	option adb_rtfile '/tmp/adb_runtime.json'
	option adb_manmode '0'
	option adb_backup '1'
	option adb_backupdir '/mnt/storage/adblock'
	option adb_enabled '1'

Default lists are enabled (adaway/disconnect/yoyo). Also, Adblock starts fine manually with init or at boot if put in rc.local

edit - there was nothing in logs with debug logging enabled

Hi, add an (additional) lan trigger interface, e.g.

option adb_iface 'wan lan'

and retry ... maybe you have to raise the trigger delay, too.

good luck!

1 Like

Thanks @didbot, adding wan6 got it working (left trigger delay at 2).

Hi, good day

I have the following situation (for those who have interest in my background history).

In my girlfriend's house, i have Adblock running on my router very well and I very happy with it (many thanks for the developers for the hard work), recently, my girl's mom got an android tablet and became to download games on it, then she get obsess with a solitaire game full of ads. Usually she don't play at her home but recently she start to play with her android tablet at home, then she notice that the solitaire game refuse to load in her home (soon i discovered that the game refuse to load if it can't get and ad from the Internet), I've tried to convince her to change to a less invasive solitaire game (in terms of ads) but she refuse (because she had her progress in this game, because she likes more this game,.....). At the end, I recently ended up disabling the Adblock module because she can't play her full of ads game at her home

My question is, Is there a way that I can allow only one ip address or selective ip address to be non block by Adblock?

Greetings, and again, thanks for all the hard work.

Simply use a static ip address on this tablet and assign a non-local DNS server (like 8.8.8.8). In this case please do not use the "Force local DNS" switch in adblock or any other firewall rule that redirect port 53 to your local resolver.

@dibdot That completely solve my problem, many thanks.

I have been using adblock with luci-app-adblock with great success. Only a few questions/remarks:

  1. Optional: force dns requests to local resolver may rewrite all DNS queries in the network subrange. As this is based no iptables rules, firewall rules are not deleted upon removal of adblock. If not already in documentation, this should be documented.
  2. There are probably marvelous features to develop around "edit blacklist" and "edit whitelist". As I understand, these are in fact personal blacklists. Maybe they should be linked to some kind of "honeypot" feature. For example sshguard.

For example, ssh-guard can write to /etc/host.allow:
https://www.sshguard.net/docs/setup/#tcp-wrapper

So if we could move /etc/host.allow between those two lines, this could also inform whitelist and blacklist.
This is just an example, there are many other tools.

Maybe fail2ban is a better approach then sshguard to handle a honeypot:
https://www.fail2ban.org/wiki/index.php/Main_Page

Besides, sshguard is written in pure C and therefor lightwise.
I will integrate it in LEDE as a first package experience.

1 Like

Maybe I didn't get your point, sshguard is an IP-based log parser / blocking utility - adblock on the other hand only relies on (sub-)domains, could you clarify your "honeypot feature"? Thanks.

Hi there,

I have installed your AdBlock on my new Turris Omnia. But now im strugling with the Setup because i get an Error Message:

adblock[27192] info : AP mode detected, please set local LuCI instance to ports <> 80/443

I think the Solution to Set the Port diffrent would be one of the least... right? Is there any better Solution? Or when no how can i change this? Havn't found andy Infos about this :frowning:

thanks for your help

Hi,

where did you find this ancient version of adblock?:astonished:
For current adblock releases please check the first post, install the latest snapshot release, read the online doc and go from there ...

To my knowledge the Turris router uses its own DNS resolver (knot) and this backend is currently not supported. You can use dnsmasq, unbound or bind as DNS backend by now. If you need proper knot support, contact me by mail (see online doc).

You are right, I did not get the point about domains v.s. IPs. By the way, fail2ban is able to find reverse DNS names.

Anyhow, a honeypot is a "pot of honey, which acts like a glue attracting insects" in order to produce a blacklist/banlist of IPs. For example, ssh TCP port 22 on WAN when running SSH on port 1022, or TCP port 80 if you are not running a webserver on WAN.

I used to run a honeypot on my webserver and could produce a huge blacklist/banlist. Those blacklist are interesting, because you can manage them directly and ban IPs forever (unless you decide to unban).

Using LEDE, I would like to combine adblock with iptables mechanisms to be able to manage my own blacklist. So my first need would be to be able to integrate blacklisted IPs and domain names, for example produced by fail2ban.

By the way, although fail2ban is Python, we need it in LEDE, as there is no real equivalent today. I will start a separate thread about fail2ban.

Hi Everyone,

I have installed adblock 2.6.2 to my AP running Openwrt Chaos Calmer 15.05.1. The AP is connected to a cable modem/router supplied by ISP.

I have the following questions:

  1. In order to have adblocking take effect, all WiFi connected devices have to set their DNS to the IP address of the AP. Otherwise, the default "Obtain DNS automatically" would use the DNS supplied by the modem/router and adblocking is not working. Is this normal?
  2. Is it possible to have adblocking effect even though "Obtain DNS automatically" is used in WiFi devices? May be setting the DNS in the modem/router to IP of AP may help but it has been confirmed that the modem/router does not allow user to change its DNS entries.
  3. Can "Force local DNS" option in adblock Luci do the trick? Do I need to enable firewall in the AP to use this option?

Just configure the DHCP service on your ISP router to advertise the DNS of your AP.[quote="kingfish, post:166, topic:507"]

  1. Can "Force local DNS" option in adblock Luci do the trick? Do I need to enable firewall in the AP to use this option?
    [/quote]
    No, it's a firewall rule (between lan/wan) and therefore not working in AP mode.

Hi dibdot,
Unfortunately the modem/router provided by ISP does not have settings for changing its default DNS entries.

Then implement a kind of "double NAT" solution, e.g.: attach all local wired and wireless network devices to your LEDE/adblock router on a different subnet (e.g. 192.168.2.), with NAT between that and the 192.168.1. LAN network provided by your ISP.

Any chance this selective adblock feature could be included to adblock 2.x ?

What should be implemented? Simply use another DNS server than the local one.

Dear @dibdot
I want get the neweset adblock in LEDE 17.01 firmware,how to compile in LEDE 17.01 tree environment

I found luci-app-adblock is new,but adblock allways is 2.6.2 in my firmware, after compiling LEDE 17.01

please help,thank you