Adblock support thread

I am using it as router with LAN/WAN. Not as AP.
Any way to debug this further? I can provide you the command outputs from router.

I am using it as router with LAN/WAN.
Not as AP.
Any way to debug this further? I can provide you the command outputs from
router.

Check your firewall config (/etc/config/firewall) ... you should find something like that:

config redirect 'adblock_dns'
        option name 'Adblock DNS'
        option src 'lan'
        option proto 'tcp udp'
        option src_dport '53'
        option dest_port '53'
        option target 'DNAT'

if your source 'lan' zone has a different name change this rule manually and restart your firewall.

Above config is already present in /etc/config/firewall.
Zone name is also same, "lan".

Is it possible to limit the blocking to certain devices? I would like to only block ads for my phones and tablets but not for my PC.

@rabe I don't think so. I am curious myself though.
As per suggestions in this thread, one option you have is to use google dns service (8.8.8.8) in devices you don't want to adblock. You will have to keep "Force Local DNS" option disabled.

1 Like

Just configure your PC to use a non-local dns resolver like 9.9.9.9, 8.8.8.8 or something like that.

1 Like

Thanks, this worked of course. I didn't thought about that simple solution.

But it would be still useful if this plugin had a feature to limit the blocking only to some devices.

This plugin helped to make my old iOS devices usable for browsing again, since old iOS versions don't support native ad-blockers. Thanks!

@dibdot any suggestion for my problem?
Has this particular config worked for you or others?

no, sorry I have no further idea - it simply works for me.

@dibdot You mean to say your blacklists works even if you set 8.8.8.8 as DNS on your pc?
May I know the adblock and LEDE version you are using?
There is nothing special in my PC, so I am surprised why it's not working for me.

For whatever reason the firewall rule does not work for you ...

root@x250:/home/dirk# nslookup doubleclick.net
Server:		10.168.1.1
Address:	10.168.1.1#53

** server can't find doubleclick.net: NXDOMAIN

root@x250:/home/dirk# nslookup doubleclick.net 8.8.8.8
Server:		8.8.8.8
Address:	8.8.8.8#53

** server can't find doubleclick.net: NXDOMAIN

... and of course I'm using always the latest adblock version ...:wink:

root@adb2go:~# /etc/init.d/adblock status
::: adblock runtime information
  + adblock_status  : enabled
  + adblock_version : 3.1.1
  + overall_domains : 27998
  + fetch_utility   : wget (built-in)
  + dns_backend     : unbound (/var/lib/unbound)
  + last_rundate    : 11.12.2017 09:38:41
  + system_release  : GL-MIFI, OpenWrt SNAPSHOT r5488-893a1ede2e

Mine is dnsmasq. Do you think that would make a difference?

All of a sudden I found this feature to be working today.
To be sure I also checked and found the adblock iptables rule in NAT table.
I think dns cache is playing a role here.
Is there any way to check if adblock+dnsmasq is ready and loaded with all the rules?
Also any way to clear dns caches from router?
I would like to do that while doing the testing.

Adblock restarts the dns backend after blocklist processing, therefore all dns caches on the router will be flushed.
If you observe dns caching oddities than you should check/clear the client side caches, e.g.

windows: ipconfig /flushdns
macOS: sudo killall -HUP mDNSResponder

Sorry for asking but im a bit confused here...
What if i got more than 1 lan interface configured, like lan_guest and wifi_guest ??
Does option src 'lan' cover all of these (diffrent vlan's and subnet ranges) or do i need to add them as well ?

The firewall in OpenWrt is zone oriented, for further reading see here.
You can map one or more interfaces to one zone, depends on your configuration. Please open a separate thread if you have further questions regarding firewall configuration.

Well thanks for the link but i dont fully understand.
I got 3 different fw zones in Luci (lan, lan_guest, wan) and my adblock is still working when im on my guest lan or guest wifi so i guess its allright... It's option src 'lan' but im fine as long as it works.
Also got Adblock DNS under portforwardings (From any host in lan)...

Please do not mix different things here ...

Adblock block abuse domains by using your DNS backend (usually dnsmasq). As long as your networks/interfaces use the same dnsmasq instance all adblock related domains will be blocked.

On the other hand you can enable an optional firewall rule to force clients to use your local dns resolver - this has nothing todo with adblocking itself. It's disabled by default and personally I do not use this option ... anyway it may be useful for some ancient android clients with hardcoded google dns servers. To check if this rule works in your different "zones" type something like that ...

nslookup doubleclick.net 8.8.8.8

... and it should always answer 'NXDOMAIN'.

C:\Users\WinX64>nslookup doubleclick.net 8.8.8.8
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 8.8.8.8

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

That's what i get on my lan and guest-lan... I dont have any additional firewall rule.