Adblocking on the router level

How do i block adds using openwrt on my router?

Pfense, pihole, adguard, i think there’s some options out there but what particular solutions are working with openwrt?

Thanks for any tipps!

Many options. I use the first one.

Thanks for that super fast response!

I can see the package adblock_4.4.2-r3_all.ipk has only 20kb in file size, how extensive is the blocking list? uBlockOrigin is amazin, been using it for years but blocking on the router level appears benefitial because it’ll protect all my devices.

Are there installation instructions for the adblock package?

Could i somehow use external blocking filterlists?
For example, i use the portmaster firewall on the OS level (kernel extension) to automatically block bigtech, google facebook amazon apple microsoft.
It would be really amazing if this can be done with openwrt.

I need to ask, shifting the blocking from the OS to the router will increase worklouad on the router.
Can this become noticable at some point?

See: https://github.com/openwrt/packages/blob/master/net/adblock/files/README.md

You can use many external blocklists but are limited by the memory of your router.

I also use Adblock on my R7800 but this has 512 MB RAM so I can easily use blocklists of many hundred thousands entries without a sweat. The read.me has some recommendations about this

The first post of each thread usually has links to the install instructions. The block lists are downloaded separately once the packages are installed.

In case, you want smallest overhead, regarding RAM usage and flash usage, you can directly link the properly formatted blocklist to DNSMASQ, the dhcp-server and DNS-forwarder in openwrt. Needs adding of one additional line to dnsmasq.conf OR uci cmd + blocklistfile for this.

adblock-lean basically does that but with many checks.

Note that these are completely different tools that only overlap in a small way. uBlock is an HTML rewriter that only manipulates data coming into the browser (some of which removes subsequent http requests, thus effecting "ad blocking").

The "blocking on the router" provided by these OpenWrt packages is redirecting/dropping DNS requests made by your local devices, so if you turn off uBlock you'll see a lot of advertising re-appear in things like youtube.

I am once again interested in setting up network-wide ad blocking.
This is not new to me, I have done it before using DNSCrypt-proxy 2 on OpenWrt.
With DNSCrypt-proxy 2, it's set and forget.
I just need to set a schedule to execute this script:

#!/bin/sh

# Download blocklist files
curl -s -O https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro-onlydomains.txt
curl -s -O https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/tif.mini-onlydomains.txt

# Check if downloads were successful
if [[ $? -ne 0 ]]; then
    echo "Error downloading files."
    exit 1
fi

# Process files: remove comments and duplicates
cat pro-onlydomains.txt tif.mini-onlydomains.txt | grep -v '^#' | sort -u > /etc/dnscrypt-proxy2/hagezi.txt

# Restart DNSCrypt proxy service
service dnscrypt-proxy restart

# Clean up temporary files
rm pro-onlydomains.txt tif.mini-onlydomains.txt

Of course, after setting up all the configurations on DNSCrypt.

I don't care about memory usage, I care about less maintenance because I rarely access the router to update this and that.
And DNSCrypt-proxy 2 wins that for me.

But I'm tempted to try the 3 software above because I'm currently using stubby for DNS encryption.

Minimalist solution:

Assuming, properly formatted lines like
server=/domaintobeblocked.com/
are contained in /tmp/ad_servers,
just add following line to /etc/dnsmasq.conf:
servers-file=/tmp/ad_servers

AND, most likely, you have to edit /etc/init.d/dnsmasq:
Change
procd_add_jail_mount /etc/passwd /etc/group /etc/TZ /etc/hosts /etc/ethers
to
procd_add_jail_mount /etc/passwd /etc/group /etc/TZ /etc/hosts /etc/ethers /tmp/ad_servers

/etc/init.d/dnsmasq restart

If you have a relatively powerful device (dual-core CPU and at least 1 GB of RAM), AdGuardHome is an excellent choice for a full-fledged network-wide DNS-based ad blocking solution.

I replaced my standalone Pihole setup with AdGuardHome. I have it now running on two OpenWrt routers - a NanoPi R3S and a NanoPi R6S, and it is working just fine.

More details at https://openwrt.org/docs/guide-user/services/dns/adguard-home

image2445×2276 440 KB

Adguard looks nice but is a resource hog, of course you want an adblocker and encrypted DNS but with one of the adblock packages and https-dns-proxy that is easily covered

Blocking Youtube ADs, with Openwrt? - it has been discussed many times here. Adblocking on router level (filtering DNS requests) becomes less and less effective, adblocking on traffic level requires additional CPU and RAM resources and a MITM certificate (but allows results comparable with uBlock Origin). DNS filtering has click-and-run solutions (more or less the same), MITM requires privOxy recompilation (only on OpenWrt, Debian version has all needed options enabled) and a bit of tinkering with custom blocklist conversion.

I know this has nothing to do with adblocking.
I don't know what's going on, but every time I use DoH, it doesn't end well.
Once, when I enabled doh_servers on DNSCrypt-proxy 2 along with dnscrypt_servers, my internet slowed down.
After I disabled doh_servers and only used dnscrypt_server, my speed returned to normal.
The same thing happened when I used https-dns-proxy.

Meanwhile, I don't have any issues with DoT using stubby.
So the best option for me for DNS encryption is either DNSCrypt or DoT.

Wow, I just found out about this and it's interesting to me.
What configuration do I need to recompile Privoxy to support this feature?

I don't remember details, but it took me less than 10 minutes to figure out. I started with reading manual - https://www.privoxy.org/user-manual/actions-file.html

As I said in that discussion, I used Debian, not OpenWrt.

P.S. http://blog.vanutsteen.nl/2014/01/05/installing-privoxy-with-adblock-filters-on-openwrt/ - not sure, if that the one which will get you to the result, but you can try (at least it shows that I'm not the only one who was "enlightened" by that idea). Proxies were used for content filtering for decades. In fact proxy is what they used before NAT or PAT appeared (earlier term used in Linux). Usually they used Squid for that but Privoxy advanced a bit further in recent years.

P.S. #2 maybe I was wrong about OpenWrt binaries requiring recompilation, looks like libpcre is there in dependencies. But you tell me. I'm just too lazy at the moment to download development environment and sources to figure that out.

P.S. #3 don't forget about MITM, you'll need to create CA and stuff - EasyRSA scripts will help you.

Thank you, I'll try it when I have free time.

So the easiest router level adblocking solution with openwrt is to just use the adblock_4.4.2-r3_all.ipk package? Which filter lists does it use and how can i add some manually?
My router has a dual core 2 GHz cpu and 512 MB ram.

PS: regarding youtube, simply use invidious? F*ck google.

it uses the filter list you choose when configuring it (via luci is the simplest), there is a lot of options (I’m partial to oisd lists myself). You also have block/allow lists and custom feed editor.

Probably I am biased (as a contributor to adblock-lean) but IMO adblock-lean is the easiest since it sets everything up automatically and suggests you a preset which includes a good selection of lists based on the memory capacity of your device.

Is there any way to block the ads that appear on the homescreen of amazon firetv devices?