may need the addition of the nsfw list.
1 Like
Great, that shouldn't be very hard to implement, I'm sure I can push the update to the repo early next week. Are you willing to test the builds before then?
2 Likes
Liking the luci interface! @stangri out of the lists here:
which would you recommend enabling if not just defaults as you have it? The OISD list is right at the bottom. Does that mean if I enable it I don't need to enable the others? Overlapping entries are removed automatically right?
Also I have selective DNS hijacking. I can presumably disable force all lan clients. But maybe it'd be nice to allow overrides for certain lan clients to specific DNS servers? Or perhaps it just gets too complicated to generalize.
1 Like
This is my config (with personal allow/block-lists removed) from the x86_64-based router, but I believe I used the same config on the EdgeRouter-X as well:
config simple-adblock 'config'
option dns 'dnsmasq.servers'
option dns_instance '0'
option force_dns '1'
list force_dns_port '53'
list force_dns_port '853'
option canary_domains_icloud '0'
option canary_domains_mozilla '0'
option download_timeout '10'
option curl_retry '3'
option parallel_downloads '1'
option debug '0'
list allowed_domain 'cdn.jsdelivr.net'
list allowed_domain 'melmac.net'
list blocked_hosts_url 'https://adaway.org/hosts.txt'
list blocked_hosts_url 'https://cdn.jsdelivr.net/gh/hoshsadiq/adblock-nocoin-list/hosts.txt'
list blocked_hosts_url 'https://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext'
list blocked_hosts_url 'https://winhelp2002.mvps.org/hosts.txt'
list blocked_hosts_url 'https://someonewhocares.org/hosts/hosts'
list blocked_hosts_url 'http://sysctl.org/cameleon/hosts'
list blocked_hosts_url 'https://cdn.jsdelivr.net/gh/StevenBlack/hosts/hosts'
list blocked_hosts_url 'https://hosts.oisd.nl/'
option enabled '1'
option boot_delay '30'
option compressed_cache '1'
option config_update_enabled '1'
option config_update_url 'https://source.openwrt.melmac.net/simple-adblock/files/simple-adblock.conf.update'
option verbosity '1'
list blocked_domains_url 'https://cdn.jsdelivr.net/gh/AdguardTeam/cname-trackers@master/combined_disguised_trackers_justdomains.txt'
The config-update-url in my config file is set to pull the updates from my private repo, you may want to leave it with the github openwrt url instead.
1 Like
yes, disable force_dns in simple-adblock if you want to use your own dns hijacking rules.
LOL. That really depends what your grandparents and girlfriends are into 
Absoloutely willing to test! Thanks for getting involved with this
What's the difference between the oisd list already included as an option and the oisd dnsmasq list? Are they the same but different format or so they include different blocks?
It'd be nice if there was just one list that wasn't lists of lists.
In simple adblock there are six or so lists and I'm not sure which to enable and the extent of overlap between. Maybe I just enable them all and hope for the best?
For my actual DNS lookups I use cleanbrowsing family filter. Blocks the soul-destroying material on the net very well.
1 Like
What's the difference between the oisd list already included as an option and the oisd dnsmasq list? Are they the same but different format or so they include different blocks?
- Different source format dnsmasq vs hosts vs domains. dnsmasq oisd is already in native dnsmasq format, so in theory should take very little processing with sed.
In simple adblock there are six or so lists and I'm not sure which to enable and the extent of overlap between. Maybe I just enable them all and hope for the best?
- I'll probably just delete all the default ones and use oisd exclusivley.
For my actual DNS lookups I use cleanbrowsing family filter. Blocks the soul-destroying material on the net very well.
- I use two services in round-robin (quad9 & cloudfare). If one goes down I can still resolve dns lookups.... Lots of dns options out there to suit everyone tho.
Good question, maybe you should ask oisd folks that, given that dnsmasq file is much smaller than their domains file.
I've pushed an update to my repo:
[build] simple-adblock 1.9.2-6... [✓]
[build] luci-app-simple-adblock 1.9.2-6... [✓]
If you're updating (vs installing for the first time) the luci app, clear your browser cache to make sure you get the new version rendered.
In WebUI, if dnsmasq confg file option is not empty, it will hide (and delete on Save) all the other lists from your config.
2 Likes
I'll test too if I get some time. I looked at the source but couldn't see any checks through lines in the oisd file to filter out any nasties. But I'm likely missing something?
Also during installation and setting up of the OpenWrt packages and/or service start I got warning about three recommended packages coreutils- something. What happens if those are not installed does stuff still work or break? Or just not as fast processing or?
Without having changed anything at all on just the basic lists enabled by default most ads seem already taken care of.
1 Like
Well she's up and running no problemo. Awesome!
I don't know what sed commands etc you are running for this setup - I haven't looked. But it uses so little cpu (just like scripts in this thread) to pre-process.
The host or domain files with oisd full were pegging the cpu for a couple of minutes.
Where to next ??
1 Like
It seems we need to understand the difference between that and:
And whether the processing time (as you say pegging of the cpu for a few minutes) is worth it to work with hosts or for some other reason.
And also to what extent simple-adblock makes sense to use for this use case vs the simple scripts proposed above. It is nice having the luci interface and future flexibility to chop and change depending on what happens with oisd and also things like force download lists when we want, rather than just on every day or something. And I like that with simple-adblock we can have some checking for nasties.
A big plus for me for oisd is that having worked with the various lists in simple-adblock in by default, stuff like Google shopping links didn't work, whereas now they do. Debateable whether that's needed but for me the wife acceptance factor demands that Google shopping works, and as you say oisd does seem to do a good job at enabling ad blocking whilst keeping stuff working.
1 Like
In the version 1.9.3-1 I've added a link to the README explaining the dnsmasq_config_file_url option.
To me it is worth it, as default oisd dnsmasq config file doesn't seem to block some ads on the sites I'm visiting and I also want to allow certain domains which are otherwise blocked.
What simple-adblock brings to the table is WebUI allowing you to start/stop/disable ad-blocking, it's a nice PROCD-compatible init script, so no more fumbling with downloading things on start, it can also create (and re-use on boot-up) a gzip of the block-file in persistent memory to speed up the router restart. It does perform a sanity check on the downloaded list, so if you, for example, get a Cloudflare or ISP error trying to download the config file, simple-adblock will sanitize the file and will keep dnsmasq working.
Or people may want to use the init script as a template and write their own code in, just to simplify boot/start/stop handling while using all the sed filters already defined.
If you're using a script to trigger download and dnsmasq restart anyways, now there are options, you can use a more robust simple-adblock as that script or you can use your own script, to each their own.
2 Likes
Ah sorry meant difference between the oisd dnsmasq and hosts files. As you wrote earlier perhaps we need to ask the oisd maintainers. As you indicate, here:
it seems there are significant differences.
Nice explanation, thanks. I've been playing around with it all for a while and it seems well crafted. Albeit it is sluggish in processing downloaded lists. Maybe that can be sped up somehow - perhaps with some C optimisation or other optimisations?
By the way I really like the idea of gzip block-file to speed up router restart, but I have a question concerning the same.
To what extent do we need to worry about this potentially contributing to write wear of the router flash memory? Would this rather be a reason to use a USB stick? Or alternative option like upload/download from OneDrive mount. Or GitHub? Or is this an irrelevant consideration? Maybe this is a question for @hnyman who seems to understand these issues very well.
1 Like
Just want to point out the gzip in persistent memory is disabled by default.
1 Like
@Lynx I don't think there is any difference in blocking ability between different oisd file formats. The dnsmasq list just uses wildcards so is a lot smaller.
eg dnsmasq oisd only needs one line:
address=/hop.clickbank.net/#
hosts oisd full uses:
0.0.0.0 zzzzz.1weekdiet.hop.clickbank.net
0.0.0.0 zzzzz.2weekdiet.hop.clickbank.net
0.0.0.0 zzzzz.anacooking.hop.clickbank.net
... (and keeps going...)
But thanks @stangri for give another way/option to use dsmasq native files (including oisd). Couple questions if I may. Is/will simple-adblock cleaning out malformed dnsmasq input lines, so as not upset dnsmasq running? And are some steps taken if things go wrong? Ie a running router with no blocking is better than a non-running router, or use last good list. These are where we were headed with the bash script.
Can simple-adblock currently use --max-filesize for curl? Just to ignore those filesize blowouts oisd previously has had occasionally? The size blowout crashed someones 128mb router, although kept running fine on my r7800/512mb.
@stangri Something may be going wrong? I can click on eg zzzzz.anacooking.hop.clickbank.net and it resolves. This was blocked with the startup script I was using. simple-adblock says it's active.
If dnsmasq is not being called to resolve it, it won't be blocked, so I'd start resetting the DNS cache on your computer.
Also try if it gets resolved on the router and/or run /etc/init.d/simple-adblock check clickbank.net to see if it's in the list.
Well I cleared cache, tried different browser, ipconfig /flushdns, and restarting dnsmasq and that site is still resolving.
root@OpenWrt:~# ping zzzzz.anacooking.hop.clickbank.net
PING zzzzz.anacooking.hop.clickbank.net (52.35.220.72): 56 data bytes
/etc/init.d/simple-adblock check clickbank.net is returning this however:
Found 3 matches for 'clickbank.net' in '/var/run/simple-adblock/dnsmasq.servers'.
address=/1.psfree.pay.clickbank.net/#
address=/hop.clickbank.net/#
address=/zzz.clickbank.net/#
In other news, this command from your script only took about 4 seconds to process the whole oisd.txt dnsmasq file! So fast.
'\|^address=/[[:alnum:]_.-].*/#|!d'
(or sed -i '\|^address=/[[:alnum:]_.-].*/#|!d' /tmp/oisd.txt)