Hi @stangri, is there any interest in expanding the concept of allowlist for dnsmasq to explicitly allow a subdomain of a blocked domain?
The use case would be a blocked domain such as:
server=/g.doubleclick.net/
where there are many subdomains being blocked. If I only need to allow pubads.g.doubleclick.net to let my wife's favorite phone app work, today I would need to allow the entire g.doubleclick.net domain so that the sed processing would remove it from the blocklist.
But by explicitly adding:
server=/pubads.g.doubleclick.net/#
to the final blocklist, I can specifically allow pubads while still blocking all other subdomains of g.doubleclick.net. The dnsmasq # syntax says "use the standard servers for this domain" and the more specific domain overrides the more generic parent domain block.
I show a potential patch below, if interested.
diff --git a/net/adblock-fast/files/etc/init.d/adblock-fast b/net/adblock-fast/files/etc/init.d/adblock-fast
index c962c1fd3..3e8727582 100755
--- a/net/adblock-fast/files/etc/init.d/adblock-fast
+++ b/net/adblock-fast/files/etc/init.d/adblock-fast
@@ -1440,6 +1440,13 @@ $(sed '/^[[:space:]]*$/d' "$A_TMP")"
json add error 'errorMovingDataFile'
fi
case "$dns" in
+ dnsmasq.servers)
+ if [ -n "${allowed_domain}" ]; then
+ for hf in ${allowed_domain}; do
+ echo "server=/${hf}/#" >> "$outputFile"
+ done
+ fi
+ ;;
unbound.adb_list)
sed -i '1 i\server:' "$outputFile"
;;
Thank you for suggesting this. Let me sleep on how it's best to integrate it with the current method of allow-listing domains by removing them from block-list.
It does, you need to flush your browser cache so it fetches the new version from the router.
Sorry for misleading you about the browser cache, but I'd be curious to find out why the newer version hasn't been installed with just opkg update; opkg install adblock-fast luci-app-adblock-fast.
The newest version (available from my repo) is 1.1.2-4, but I haven't submitted it to the OpenWrt packages yet.
I want to restrict internet access of specific IoT clients.
This means clients can only access specific domains for firmware upgrade etc.
In the context of a DNS blocker this would be a whitelist for specific clients.
Can you please advise how to realise this request with Adblock-fast?
When I try to open webpage htts://energis.de I get 403 Forbidden error.
Using another router w/o Adblock-fast I cannot reproduce this issue.
Therefore my conclusion is that this domain is blocked.
And I need to enter it in Luci > Services > Adblock Fast > Allowed Domains.
However, after saving the new settings I still get 403 Forbidden error.
Hi, I'm using version 1.1.2-3. The file size will not be stored in config, still, and even the web UI can't know the file size now. Function getFileUrlFilesizes will get a 0 size. I have tried rules without any available problems, and even flashed a new fresh firmware, but does't help.
Thanks for pointing it out, there was a report either at OpenWrt or my own github repo before, if it's from you as well, I'm sorry I didn't have the time to look into it earlier.
Fixed in 1.1.2-4, this version should be storing new sizes for enabled lists. I'll create PR for snapshots and 23.05 branches before the end of the week, you can grab updated sources and binaries from upstream repo for now.