Adblock support thread


#508

Thanks for your feedback. Unfortunately youtube is & will be a moving target, cause they provide ads & legitimate content via "random" domains ... I doubt that this can be ever really solved programmatically via (sub-)domain blocking.

Nevertheless you could try my refined youtube filter approach on my gist - see here:

Add this as a new source to your adblock config and maybe it helps to block certain youtube ad serving domains ... or it will block real content ... :wink:

good luck!


#509

Thanks @dibdot

I will try your youtube filter!!!


#510

everything works well thank you!:beers:


#511

I'm using dnscrypt-proxy v1 together with Adblock and for me adblock only seems to work if i select dnsmasq as DNS Backend. I'm not sure why but Adblock seems to work as it should with dnsmasq as DNS Backend when using dnscrypt-proxy v1.


#512

Did you compile dnscrypt-proxy on your own build with plugin support? If not, dnscrypt-proxy won't support blacklists ... please post the output of dnscrypt-proxy --version.


#513

No. It's already included in the build that i'm uisng on my WRT3200ACM (r7829, davidc502).

root@WRT3200ACM:~# dnscrypt-proxy --version
dnscrypt-proxy 1.9.5

Compilation date: Aug 12 2018
Support for plugins: present
Plugins root directory: [/usr/lib/dnscrypt-proxy/]
Support for ldns-based plugins: present
Support for the XChaCha20-Poly1305 cipher: present

root@WRT3200ACM:~# uname -a
Linux WRT3200ACM 4.14.62 #0 SMP Sun Aug 12 14:12:01 2018 armv7l GNU/Linux

#514

Thanks - than it should work with "blacklist" entries in your dnscrypt-proxy config ... anyway, you have found a working config for your needs ... :wink:


#515

Yea as i said Adblock is working fine together with dnscrypt-proxy and i'm happy with it. Black and Whitelisting entries are also working but only if dnsmasq is set as DNS backend in the Adblock config.


#516

Hi @dibdot

'Force Local DNS' option doesn't work with nonNAT routing, Firewall Rules like this will work:

config rule
        option proto 'tcp udp'
        option name 'Block_dns_53'
        option dest_port '53'
        option target 'REJECT'
        option src '*'
        option dest '*'

#517

That's right it's in the NAT table to redirect (not reject) any DNS traffic to the local resolver and it should cover > 95 percent of all use cases. If you're running your router e.g. as dumb AP than of course makes this rule no sense ... but in that case you can switch off your firewall at all ... :wink:


#518

I know. My router running conventional mode, not as AP, traffic routing to another NAT router. I'm suggest make a firewall rules like above.
Thanks for hard work.


#519

I'm also using some custom Firewall rules to force local DNS (especially needed for Android devices).

iptables -t nat -I PREROUTING -i br-lan -p udp --dport 53 -j REDIRECT --to-port 53
iptables -t nat -I PREROUTING -i br-lan -p tcp --dport 53 -j REDIRECT --to-port 53
iptables -t nat -I PREROUTING -i br-guest -p udp --dport 53 -j REDIRECT --to-port 53
iptables -t nat -I PREROUTING -i br-guest -p tcp --dport 53 -j REDIRECT --to-port 53

Works quite well with my setup...


#520

Hi, it it possible to enable adblock only on certain interface? I think trigger only affect when adblock startup, not filtering its interface. As for now I think adblock always apply on all avilable interfaces.


#521

adblock works per dns instance, not per interface.


#522

Hey Guys -

I am trying out adblock which I currently have 3.5.4-2 installed and enabled on my WRT-1900ACS router running LEDE. Everything seems pretty painless as I'm able to easily select from a variety of lists, so first of all, thanks for your work!

One thing I can't seem to get working is adding lists from iBlocklist.com. I have a subscription to the site which provides their lists or a custom list via a URL similar to entries already in Adblock's config.

The "Edit Blacklist" seems to only accept individual domain entries but in "Advanced" / "Edit Configuration" I saw all the code. I found three of the entries pointed to a URL which obtained a *.gz file so copied one of them and put in the custom data to produce the below:

config source 'china'
option adb_src 'http://list.iblocklist.com/?list=cn&fileformat=p2p&archiveformat=gz&username=bzowk&pin=702988'
option adb_src_rset '/^([^([:space:]|#|\*|\/).]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}'
option adb_src_desc 'All China ranges via iBlocklist'
list adb_src_cat 'adv'
list adb_src_cat 'costtraps'
list adb_src_cat 'spyware'
list adb_src_cat 'tracker'
list adb_src_cat 'warez'
option enabled '1'

Based on what I've read, I believe the issue I'm having with the above is the setting for "option adb.src.rset." I downloaded the file that the source i copied referenced - below is it's "option adb.src.rset" again followed by what the extracted contents of it's downloaded & extracted file were:

option adb_src_rset '/^([^([:space:]|#|\*|\/).]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}' 
  • root of extracted gz
    • adv
      • domains (file)
      • url (file)
    • aggresive
      • domains (file)
      • url (file)
    • ...........

The "domain" files list basic domain names:

000freexxx.com
004.frnl.de
01sexe.com
01viral.com
039068a.dialer-select.com

The "url" files list addresses as follows:

105.ch/media/uploads/banners/
111.67.199.51/marketing/
12.16.1.10/~web_ani
12.16.1.10/web_GIF
12.19.68.8/resources/images
12.25.11.217/us

The URLs for the lists I wish to use are much more basic. Their URL does not specify the filename (and won't work if adding it on) but only points to a single one. Below is an example:

http://list.iblocklist.com/?list=cn&fileformat=p2p&archiveformat=gz&username=username&pin=123456

Visiting the above URL with correct username prompts one to download a file like "cn.gz" which is obviously a compressed file. Once extracted, the .gz produces a single text file (cn.txt) in the root and no folders. Below is a snippet of the first few lines of the file for example:

# List distributed by iblocklist.com

China:1.0.1.0-1.0.1.255
China:1.0.2.0-1.0.3.255
China:1.0.32.0-1.0.63.255
China:1.1.0.0-1.1.0.255
China:1.1.2.0-1.1.3.255
China:1.1.4.0-1.1.7.255
China:1.1.8.0-1.1.8.255
China:1.1.9.0-1.1.9.255

Overall, I don't know how to configure my "option adb.src.rset" and/or any other settings which I may have incorrect. I'd think it would be fairly simple for the format I'm after - however - I cannot find any resources for what I need to configure it as. Could someone please assist?

Note: I realize "option adb.src.rset" should have underscores instead of periods, but Markdown simply listed it as "option adb_src_rset" so changed it for easier reading. :slight_smile:

Thank You!


#523

I'm on Adblock 3.5.5-1 and while it seems to start ok, it doesn't appear to blocking any domains (meaning I'm seeing all ads come through). Here's what's in the Adblock log -

Tue Sep  4 15:46:42 2018 user.info adblock-3.5.5[3250]: adblock instance started ::: action: start, priority: 0, pid: 3250
Tue Sep  4 15:49:02 2018 user.info adblock-3.5.5[3250]: blocklist with overall 23850 domains loaded successfully (Linksys Audi (EA3500), OpenWrt SNAPSHOT r7995-967d646)

I wasn't sure what to look for in system/kernel log. Here's the configs -

config adblock 'global'
	option adb_dns 'dnsmasq'
	option adb_trigger 'wan'
	option adb_fetchutil 'wget'
	option adb_enabled '1'

config adblock 'extra'
	option adb_debug '0'
	option adb_forcedns '0'
	option adb_nice '0'
	option adb_forcesrt '1'
	option adb_maxqueue '16'
	option adb_dnsflush '1'

I've tried different startup triggers, including timed, and manual stop/start/restart with no change unfortunately, so just wanted to let @dibdot know and see if you might have an idea what's wrong.

edit - I enabled debugging and here's the output -

Tue Sep  4 16:05:11 2018 user.info adblock-3.5.5[3265]: adblock instance started ::: action: start, priority: 0, pid: 3265
Tue Sep  4 16:05:11 2018 user.debug adblock-3.5.5[3265]: f_jsnup::: status: running, mode: normal mode, cnt: , notify: 0, notify_cnt: 0, notify_pid: -
Tue Sep  4 16:05:12 2018 user.debug adblock-3.5.5[3265]: f_uci  ::: config: dhcp, change:
Tue Sep  4 16:05:12 2018 user.debug adblock-3.5.5[3265]: f_uci  ::: config: firewall, change:
Tue Sep  4 16:05:12 2018 user.debug adblock-3.5.5[3265]: f_main ::: dns: dnsmasq, fetch_util: /usr/bin/wget (built-in), backup: 0, backup_mode: 0, dns_jail: 0, force_srt: 1, force_dns: 0, mem_total: 58, mem_free: 12, max_queue: 16
Tue Sep  4 16:05:12 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: adaway, enabled: 1
Tue Sep  4 16:05:12 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: adguard, enabled: 1
Tue Sep  4 16:05:13 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: bitcoin, enabled: 1
Tue Sep  4 16:05:13 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: blacklist, enabled: 1
Tue Sep  4 16:05:13 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: disconnect, enabled: 1
Tue Sep  4 16:05:13 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: dshield, enabled: 0
Tue Sep  4 16:05:13 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: dshield, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:13 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: feodo, enabled: 0
Tue Sep  4 16:05:14 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: feodo, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:14 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: hphosts, enabled: 0
Tue Sep  4 16:05:14 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: hphosts, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:14 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: malware, enabled: 0
Tue Sep  4 16:05:14 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: malware, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:14 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: malwarelist, enabled: 0
Tue Sep  4 16:05:15 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: malwarelist, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:15 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: openphish, enabled: 0
Tue Sep  4 16:05:15 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: openphish, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:15 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: ransomware, enabled: 0
Tue Sep  4 16:05:15 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: ransomware, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:15 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: reg_cn, enabled: 0
Tue Sep  4 16:05:15 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: reg_cn, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:15 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: reg_cz, enabled: 0
Tue Sep  4 16:05:16 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: reg_cz, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:16 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: adaway, mode: download, cnt: 409, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:16 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: reg_de, enabled: 0
Tue Sep  4 16:05:16 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: reg_de, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:16 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: reg_id, enabled: 0
Tue Sep  4 16:05:16 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: reg_id, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:16 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: bitcoin, mode: download, cnt: 451, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:16 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: reg_nl, enabled: 0
Tue Sep  4 16:05:16 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: reg_nl, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:16 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: reg_pl, enabled: 0
Tue Sep  4 16:05:17 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: reg_pl, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:17 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: disconnect, mode: download, cnt: 3257, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:17 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: reg_ro, enabled: 0
Tue Sep  4 16:05:17 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: reg_ro, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:17 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: reg_ru, enabled: 0
Tue Sep  4 16:05:17 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: reg_ru, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:17 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: shalla, enabled: 0
Tue Sep  4 16:05:17 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: shalla, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:17 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: spam404, enabled: 0
Tue Sep  4 16:05:17 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: spam404, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:17 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: sysctl, enabled: 0
Tue Sep  4 16:05:17 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: sysctl, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:17 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: urlhaus, enabled: 0
Tue Sep  4 16:05:18 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: urlhaus, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:18 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: ut_capitole, enabled: 0
Tue Sep  4 16:05:18 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: ut_capitole, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:18 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: whocares, enabled: 0
Tue Sep  4 16:05:18 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: whocares, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:18 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: winspy, enabled: 0
Tue Sep  4 16:05:18 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: winspy, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:18 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: winhelp, enabled: 0
Tue Sep  4 16:05:18 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: winhelp, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:19 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: youtube, enabled: 0
Tue Sep  4 16:05:19 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: youtube, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:19 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: yoyo, enabled: 0
Tue Sep  4 16:05:19 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: yoyo, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:05:19 2018 user.debug adblock-3.5.5[3265]: f_main ::: name: zeus, enabled: 0
Tue Sep  4 16:05:19 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: zeus, mode: remove, cnt: 0, in_rc: 0, out_rc: 0
Tue Sep  4 16:10:08 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: adguard, mode: download, cnt: 21412, in_rc: 0, out_rc: 0
Tue Sep  4 16:10:08 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: overall, mode: merge, cnt: 25529, in_rc: 0, out_rc: 0
Tue Sep  4 16:10:08 2018 user.debug adblock-3.5.5[3265]: f_hash ::: hash_util: /usr/bin/sha256sum, hash: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b, out_rc: 1
Tue Sep  4 16:10:32 2018 user.debug adblock-3.5.5[3265]: f_tld  ::: source: /tmp/tmp.AKciHC/adb_list.overall, cnt: 25529, cnt_srt: 24621, cnt_tld: 23850
Tue Sep  4 16:10:35 2018 user.debug adblock-3.5.5[3265]: f_list ::: name: overall, mode: final, cnt: 23850, in_rc: 0, out_rc: 0
Tue Sep  4 16:10:36 2018 user.debug adblock-3.5.5[3265]: f_hash ::: hash_util: /usr/bin/sha256sum, hash: 8e7b9d62146e5926d3d29fcd5f1d5cc90096dd1ab0be56f2f87de6143831671b, out_rc: 1
Tue Sep  4 16:10:43 2018 user.debug adblock-3.5.5[3265]: f_dnsup::: cache_util: -, cache_rc: -, cache_flush: 1, cache_cnt: 0, rc: 0
Tue Sep  4 16:10:43 2018 user.debug adblock-3.5.5[3265]: f_jsnup::: status: enabled, mode: normal mode, cnt: 23850, notify: 0, notify_cnt: 0, notify_pid: -
Tue Sep  4 16:10:43 2018 user.info adblock-3.5.5[3265]: blocklist with overall 23850 domains loaded successfully (Linksys Audi (EA3500), OpenWrt SNAPSHOT r7995-967d646)

#524

Router & build?


#525

Last line of the debug log:

Linksys Audi (EA3500), OpenWrt SNAPSHOT r7995-967d646)

#526

Your log looks OK. Please provide the content of /etc/config/dhcp and the output of (fired from a connected client):

nslookup doubleclick.net


#527

iblocklist don't provide domains/hosts ... they deliver lists with ip adresses, you can't that import via adblock, cause this is a DNS addon and relies on domain blacklists.

Maybe you should check out the early bird "banIP" from me (see banIP: new project needs testers & feedback), which is IP based and also support iblocklist (only CIDR file format, not P2P).

To be honest, banIP is focused on blocking incoming connections (superseded BCP38) and not to block outgoing ad-related IPs ... still you can configure it like that, but DNS based blocking is much more effective in this regard.