Adblock support thread

What version of OpenWRT are you using? And what is your router?

I can give you recommendations but that will depend on the specs of your router and version of openwrt. Because larger block list requires bigger memory and at least a multi-core router.

Basic on the AdBlock you are using, you are probably using at least OpenWRT 22.03.

Try adding the ff (note this will make your block list a large one):

• OSID Full
• Steven Black (then on variants try fakenews)

I don't recommend Energized (personally) because based on experience even just the basic variant sometimes blocks legit/regular sites but it's up to you.

I'm using version 22.03.2 on a WAX202B.
Mediatek's spec sheet says it's a dual core and my status page says it has 500mb of memory.

Try adding the ff

What's the ff?

OSID Full
Steven Black

What's OSID Full and which Steven Black filters should I add?

sometimes blocks legit/regular sites

Which sites have you tried accessing that get blocked? And what does that mean? Does it just not let you go on those sites?

Might I suggest you re-read this:

You do need at least a basic understanding of how the package achieves it’s purpose.

My recommendation with any new packages would be to follow the recommendations of the README.md and using the suggested implementations contained within. Almost without exception Community Packages provide a pretty well fail safe basic install/run experience. You can always expand the capabilities once you have a functioning basic package and some familiarity with how it works.

You can also get more concise assistance by posting the recommended troubleshooting information. In this case at least:
/etc/init.d/adblock status and
uci export adblock

You also need a browser based ad-blocker and tracker as well to extend the reach of Adblock it can’t control.

Sorry.. I was going to say Energized, I forgot to mention it.. personal experience it blocked a known airlines in Asia, only found out when I was trying to book flights. And then, it also blocked some of sources (git) that I use for libraries in projects that I do.

For the details of each block list provider, read RuralRoots response.

I enabled OISD Full and it still didn't help. And I couldn't find any information about what ff is on the readme.

I read a couple packages that caught my eye and enabled them but they don't seem to help either.

What are community packages? Are those the source lists?

Also, should I manually add the sources from that test website?

Troubleshooting info:

::: adblock runtime information
  + adblock_status  : enabled
  + adblock_version : 4.1.5
  + blocked_domains : 338187
  + active_sources  : adaway, adguard, adguard_tracking, andryou, anti_ad, disconnect, firetv_tracking, games_tracking, 
                      oisd_full, smarttv_tracking, yoyo
  + dns_backend     : dnsmasq (-), /tmp/dnsmasq.d
  + run_utils       : download: /usr/bin/curl, sort: /usr/libexec/sort-coreutils, awk: /bin/busybox
  + run_ifaces      : trigger: lan, report: br-lan
  + run_directories : base: /tmp, backup: /tmp/adblock-Backup, report: /tmp/adblock-Report, jail: /tmp
  + run_flags       : backup: ✔, flush: ✘, force: ✔, search: ✘, report: ✔, mail: ✘, jail: ✘
  + last_run        : reload, 3m 42s, 509/400/368, 2022-11-13T05:17:35+00:00
  + system          : Netgear WAX202, OpenWrt 22.03.2 r19803-9a599fee93

config adblock 'global'
	option adb_debug '0'
	option adb_safesearch '0'
	option adb_dnsfilereset '0'
	option adb_mail '0'
	option adb_backup '1'
	option adb_dns 'dnsmasq'
	option adb_fetchutil 'curl'
	option adb_report '1'
	option adb_enabled '1'
	option adb_repiface 'br-lan'
	option adb_trigger 'lan'
	option adb_forcedns '1'
	list adb_zonelist 'lan'
	option adb_dnsinstance '0'
	list adb_portlist '53'
	list adb_portlist '853'
	list adb_portlist '5353'
	list adb_stb_sources 'hosts'
	list adb_sources 'adaway'
	list adb_sources 'adguard'
	list adb_sources 'adguard_tracking'
	list adb_sources 'andryou'
	list adb_sources 'anti_ad'
	list adb_sources 'disconnect'
	list adb_sources 'firetv_tracking'
	list adb_sources 'games_tracking'
	list adb_sources 'oisd_full'
	list adb_sources 'smarttv_tracking'
	list adb_sources 'yoyo'

Hi,

The configuration information is here - Adblock support thread - #2254 by esters

Did you run the tests on the LuCI Diagnostics page I've mentioned?

Hi,

Unfortunately I dont have Luci installed. SSH access only. Do you know how can it test it from the cli?

Thanks!

ping -4 openwrt.org

ping -6 openwrt.org

root@C2600:/# ping -4 openwrt.org
PING openwrt.org (139.59.209.225): 56 data bytes
64 bytes from 139.59.209.225: seq=0 ttl=57 time=40.431 ms
64 bytes from 139.59.209.225: seq=1 ttl=57 time=40.138 ms
^C
--- openwrt.org ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 40.138/40.284/40.431 ms
root@C2600:/# ping -6 openwrt.org
PING openwrt.org (2a03:b0c0:3:d0::1af1:1): 56 data bytes
ping: sendto: Network unreachable

Then try to download on the router/cmd line manually, e.g.:

cd /tmp
uclient-fetch -O- https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt >/dev/null

What is weird, on the first try it gave the same error:
“Operation not permitted”

The I ran the command again and it worked:

root@C2600:/tmp# uclient-fetch -O- https://adguardteam.github.io/AdG
uardSDNSFilter/Filters/filter.txt >/dev/null
Downloading 'https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt'
Connecting to 185.199.109.153:443
Writing to stdout
-                    100% |*******************************|   966k  0:00:00 ETA
Download completed (989844 bytes)

That's expected cause your router still tries to route via IPv6 (the working example request routes via IPv4). Search for "Failed to send request: Operation not permitted" in this forum and fix your underlying IPv4-only DNS/DHCP setup.

Of course you could force uclient-fetch to use IPv4 ... but that fixes only your download errors in adblock and not the root cause. Said that, to fix your adblock download errors add the following to /etc/config/adblock:

option adb_fetchparm '-4 --timeout=20 -O'

@keina You already have a very good number of blocked domains, this is probably mainly due to oisd_full. Now if you think AdBlock is still not working, then the issue is probably not with AdBlock anymore which is possibly beyond the scope of this thread.

There could be a number of reasons that your computer and/or browser is bypassing the DNS of your router. Or something in your configuration in your openwrt router is actually the one bypassing the block list. Or your actual network setup might be the cause. Again there are so many possibly things happening.

AdBlock is not actually the one that will block or allow websites to be opened. What it does is it curates all the selected block list and merge it into one big list that it will save to be used by what ever DNS server (dnsmasq by default for OpenWRT) of your router is using.

Now the better question would be... What is your computer or browser or network or router using as DNS server? Are you using a VPN or similar kind of service?

Oh and I think you are using an apple based computer, with the latest MacOS Monterey and Ventura, Apple introduced a new option Limit IP Address Tracking on the Network Preferences, this could have additional complications to your setup. I'm also a mac user and I really haven't tested how that option works or if it even does work due to that my setup, I have made sure my router's DNS won't be bypassed by any device connected to my network even over DNS over HTTPS or TLS (this is too advanced to be discussed here).

EDIT - The issue was caused by a incorrect DNSSEC setup:

# /etc/config/dhcp
..
        option dnssec '0'
        option dnsseccheckunsigned '0'
...

# logread -e adblock

Mon Nov 14 11:41:11 2022 user.info adblock-4.1.5[29887]: adblock instance started ::: action: restart, priority: 0, pid: 29887
Mon Nov 14 11:41:34 2022 user.info adblock-4.1.5[29887]: blocklist with overall 54748 blocked domains loaded successfully (TP-Link Archer C2600, OpenWrt 22.03.2 r19803-9a599fee93)

I apologize but I have hit a dead end. I launched the tcpdump utility on the WAN interface (eth0.2) with ipv6 protocol and still I can't figure out why I cannot download 'adaway' and 'adguard' sources:

root@C2600:/tmp# tcpdump -i eth0.2 -n -vv ip6
tcpdump: listening on eth0.2, link-type EN10MB (Ethernet), capture size 262144 bytes
23:13:49.222284 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::1 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 32
        hop limit 64, Flags [other stateful], pref medium, router lifetime 1800s, reachable time 0ms, retrans timer 0ms
          mtu option (5), length 8 (1):  1472
            0x0000:  0000 0000 05c0
          source link-address option (1), length 8 (1): f8:75:88:2a:3b:b5
            0x0000:  f875 882a 3bb5

Sun Nov 13 23:14:19 2022 user.info adblock-4.1.5[10963]: download of 'adaway' failed, url: https://raw.githubusercontent.com/AdAway/adaway.github.io/master/hosts.txt, rule: /^127\.0\.0\.1[[:space:]]+([[:alnum:]_-]{1,63}\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}, categories: -, rc: 4, log: Downloading 'https://raw.githubusercontent.com/AdAway/adaway.github.io/master/hosts.txt' Failed to send request: Operation not permitted
Sun Nov 13 23:14:19 2022 user.info adblock-4.1.5[10963]: download of 'adguard' failed, url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt, rule: BEGIN{FS="[/|^|\r]"}/^\|\|([[:alnum:]_-]{1,63}\.)+[[:alpha:]]+[\/\^\r]+$/{print tolower($3)}, categories: -, rc: 4, log: Downloading 'https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt' Failed to send request: Operation not permitted

# /etc/config/network
...
# config globals 'globals'
#       option ula_prefix 'fd6c:3ceb:7ed3::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.51.1'
        option netmask '255.255.255.0'
#       option ip6assign '60'
        option ip6assign '0'
        option ipv6 '0'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'
        option ipv6 '0'
        option peerdns '0'
        list dns '195.122.12.241'
        list dns '80.232.230.241'

config interface 'wan6'
        option device 'eth0.2'
        option proto 'dhcpv6'
        option disabled '1'
...

# /etc/config/dhcp
...
config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '100'
        option leasetime '24h'
        option dhcpv4 'server'
        option dhcpv6 'disabled'
        option ra 'disabled'
        list ra_flags 'none'
        option ra_slaac '0'
        option ra_dns '0'
...

service | grep -i odhcpd
/etc/init.d/odhcpd                disabled         stopped

# logread | grep -i ipv6
Sun Nov 13 23:14:26 2022 daemon.info dnsmasq-dhcp[1]: IPv6 router advertisement enabled

EDIT - 14.11.2022

After changing the adb_fetchutil to 'wget' I got the following message:

Mon Nov 14 10:36:05 2022 user.info adblock-4.1.5[22420]: download of 'adaway' failed, url: https://raw.githubusercontent.com/AdAway/adaway.github.io/master/hosts.txt, rule: /^127\.0\.0\.1[[:space:]]+([[:alnum:]_-]{1,63}\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}, c
ategories: -, rc: 4, log: --2022-11-14 10:36:05--  https://raw.githubusercontent.com/AdAway/adaway.github.io/master/hosts.txt Resolving raw.githubusercontent.com... failed: Name does not resolve. wget: unable to resolve host address 'raw.githubusercontent.com'
Mon Nov 14 10:36:05 2022 user.info adblock-4.1.5[22420]: download of 'adguard' failed, url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt, rule: BEGIN{FS="[/|^|\r]"}/^\|\|([[:alnum:]_-]{1,63}\.)+[[:alpha:]]+[\/\^\r]+$/{print tolower($3)}, categories: -
, rc: 4, log: --2022-11-14 10:36:05--  https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt Resolving adguardteam.github.io... failed: Name does not resolve. wget: unable to resolve host address 'adguardteam.github.io'

So this is a DNS issue but what is causing this ? As you can see in the first query there is no result, in the second it finds it.

root@C2600:/# nslookup raw.githubusercontent.com
Server:         127.0.0.1
Address:        127.0.0.1:53

Non-authoritative answer:

Non-authoritative answer:

root@C2600:/# nslookup raw.githubusercontent.com
Server:         127.0.0.1
Address:        127.0.0.1:53

Non-authoritative answer:
Name:   raw.githubusercontent.com
Address: 185.199.110.133
Name:   raw.githubusercontent.com
Address: 185.199.109.133
Name:   raw.githubusercontent.com
Address: 185.199.108.133
Name:   raw.githubusercontent.com
Address: 185.199.111.133

Non-authoritative answer:
Name:   raw.githubusercontent.com
Address: 2606:50c0:8003::154
Name:   raw.githubusercontent.com
Address: 2606:50c0:8000::154
Name:   raw.githubusercontent.com
Address: 2606:50c0:8002::154
Name:   raw.githubusercontent.com
Address: 2606:50c0:8001::154

root@C2600:/# nslookup adguardteam.github.io
Server:         127.0.0.1
Address:        127.0.0.1:53

Non-authoritative answer:

Non-authoritative answer:

root@C2600:/# nslookup adguardteam.github.io
Server:         127.0.0.1
Address:        127.0.0.1:53

Non-authoritative answer:
Name:   adguardteam.github.io
Address: 185.199.110.153
Name:   adguardteam.github.io
Address: 185.199.109.153
Name:   adguardteam.github.io
Address: 185.199.108.153
Name:   adguardteam.github.io
Address: 185.199.111.153

Non-authoritative answer:
Name:   adguardteam.github.io
Address: 2606:50c0:8001::153
Name:   adguardteam.github.io
Address: 2606:50c0:8003::153
Name:   adguardteam.github.io
Address: 2606:50c0:8000::153
Name:   adguardteam.github.io
Address: 2606:50c0:8002::153

As @AcidSlide notes, there doesn't appear to be a problem with your config. It's running, you have upwards of 388K blocked domains loaded . . . ? ¯\_(ツ)_/¯

/etc/init.d/adblock report cli | head -n44

This will produce four stanzas -
Adblock DNS-Query Report - Report Period, Total Queries, and Total # & % Blocked
Top 10 Clients - Counters and local hostnames ranked by high to low
Top 10 Domains - Counters and domain names ranked by high to low
Top 10 Blocked Domains -Counters and domain names that have been blocked by Adblock

/etc/init.d/adblock report cli | tail -n+44 | grep NX

This will produce a list of any NX domains that have been blocked by Adblock from either your sources or blacklists.

For anyone who interested, I made a little adblock blocklist targeted specifically at Roku ads. This blocks only the annoying main menu ads, not video ads. The good news, is a little while after you start using it, the whole ad window goes transparent. The list URL can be used directly in the simple adblock UI, or the domains copied out and used in the custom section of the big UI.

With this software, Is it possible to log DNS requests and block requests and accepted requests

Problem: Adblock does not seem to use blocklist backup. Details: I have configured it to have 31 black-listed domains and to use various blocklists, leading to 50000+ blocked sites. However, very often the LuCI user interface shows that only 31 sites are blocked. I suspect the cause is that the OpenWrt router and the cable modem are powered on by a timer every morning. Internet is probably not yet available when OpenWrt has finished booting. However, I have checked the "Blocklist Backup" function in adblock. I believe that should be used if the downloads fail?

If a backup is available it will be used during startup. Is your backup folder on a non volatile device (usb stick etc.)? If not (default is /tmp aka RAM), than there are no backups during boot.

You should define a Trigger interface and raise the Trigger Delay - e.g. to 30 seconds or more - so that the adblock service finds a working internet connection.