I followed you instructions. Now I cannot access my router via LuCi any more...

This is the downside of my script that LuCi is not anymore accessible from outside of LAN. Of course, you can anytime disable the script or rewrite it so uhttpd stays listening on WAN interface.

i am using http://8devices.com/carambola router,  i installed gargoyle in carambola and i try to block website through WIFI using gargoyle configuration page but i can't block any site my Restriction Rule is http://www.tiikoni.com/tis/view/?id=15c2e9a. my default config files are http://pastebin.com/DBgxrBpe and i tried above guidance but i can't please help i am waiting for your valuable reply

Hey read through this and improved the script and added some functionality that automates the whole process through cron etc. Follow step by step to help set things up.

1)ssh into router

2)OPTIONAL: I personally can't stand using vi so I use nano. To get it run the following commands

opkg update
opkg install nano

The command to edit a file in nano is

nano <filename>

while in nano the command to exit and choose to save is <control> x

3)

Add these lines to the bottom of the file away from everything else if you have anything already in there

4)

(modified to make it permanent on reboot)

list addnhosts '/etc/block.hosts'

5)Create the file /etc/adblock.sh and copy and paste this into it (modified version of phuque99's script)

#!/bin/sh

#Script to grab and sort a list of adservers and malware

#Delete the old block.hosts to make room for the updates
rm -f /etc/block.hosts

#Download and process the files needed to make the lists
wget -qO- [url]http://www.mvps.org/winhelp2002/hosts.txt|grep[/url] "^127.0.0.1" > /tmp/block.build.list
wget -qO- [url]http://www.malwaredomainlist.com/hostslist/hosts.txt|grep[/url] "^127.0.0.1" >> /tmp/block.build.list
wget -qO- [url]http://hosts-file.net/ad_servers.asp|grep[/url] "^127.0.0.1" >> /tmp/block.build.list

#Sort the lists
sort /tmp/block.build.list|uniq -u >/tmp/block.sorted

#Remove the carriage return ^M on windows created files
sed -e 's/\r//g' /tmp/block.sorted > /etc/block.hosts

#Delete files used to build list to free up the limited space
rm -f /tmp/block.sorted
rm -f /tmp/block.build.list

#Restart dnsmasq
/etc/init.d/dnsmasq restart

exit 0

This script automates the whole process and if you read the remarks you'll see how it works. It also tidies up after itself to save space. If you wish to add more host file sources the format is:

 wget -qO- <http: online source here minus the <> >|grep "^127.0.0.1" >> /tmp/block.build.list

6) From the command line type

 chmod +x /etc/adblock.sh

7) To generate the file for the first time and make sure you have no errors type in

sh /etc/adblock.sh

If you find errors make sure you've copied and pasted everything correctly and so on.

8) Two ways to schedule this so I'm going to show the easy way from luci:

a) Go to System>Scheduled Tasks.

b)Copy and paste the following into it then click on Submit on the bottom

00 4 * * 0,3 sh /etc/adblock.sh

This automates the updates of your block.hosts to be run by cron every Sunday and Wednesday at 4am which should be plenty enough for most needs.

9) Go and crack open celebratory drink of choice and enjoy not having to view ads anymore

*** BTW This doesn't block googles text based ads in the search results But you can use Adblock to tidy up those or setup privoxy if you wish.

(Last edited by m_g_d on 18 Jul 2013, 19:14)

Thanks frankhou77 and m_g_d!

Thanks guys!

I am using this in Gargoyle, had some problems, "improved" the adblock.sh text by removing the '[ url ]'-parts, and using
'h t t p://updates.it-mate.co.uk/hphosts/ad_servers.asp' as the third listed url because the original one gave me an error.
(Remove the spaces where necessary )

(Last edited by bouwew on 19 Oct 2013, 09:00)

Here are the changes and adblock script:

https://gist.github.com/teffalump/7227752

I also added a whitelist function, so you can permanently whitelist sites in /etc/white.list. Hopefully that works. Lol.

Teffalump, thanks for the update!
I've implemented this in Gargoyle, and it's working well. It's great to have the possibility to use a whitelist

No worries, I had the same problems with the previously posted script (bad url parsing, etc). I run the setup in gargoyle as well, seems to work for me, too. Hehe. Reason I added the mobile blocklist (and subsequent whitelist) was because people visiting and using mobiles with apps that stopped working, lol. So tailor the lists to whatever works for your use case. I'll try to update the script as well. One thing I wanted to do was fetch compressed lists, then uncompress them locally. Saves the list hosts bw costs. Also, there has been other topics on using pixelserv or kwakd so maybe try to incorporate that somehow. Maybe eventually write a plugin for openwrt/gargoyle/etc. Lots of room for improvement. So exciting. Lol.

Hi, I just set it up the scrpit as you described but no ads are blocked.

I run the scprit fine with no errors but then I go check the block.hosts files and its empty so nothing is blocked.

I'm running AA on a WDR4900.

Works for me fine on both IE and Chrome.  Try clearing your DNS cache as some of the prior lookups may still be pointing to the old hosts.

On your client PC

ipconfig /flushdns

Actually there is another reason why the adblock.sh may not work: it requires iptables-mod-nat-extra to be installed and then the firewall to be restarted.  iptables-mod-nat-extra is not installed by default on a fresh install of Attitude Adjustment so the adblock script cannot work on a default OpenWRT install.

Another issue is that the hosts.txt file obtained from http://www.mvps.org/winhelp2002/hosts.txt has changed recently such that it no longer uses 127.0.0.1 but 0.0.0.0.  According to http://winhelp2002.mvps.org/hosts.htm the reason for this is

So it's a good idea to edit adblock.sh and change the mvps line so that it pipes its output through sed and replaces 0.0.0.0 with 127.0.0.1 (this is probably more to do with tidiness than with effectiveness).

wget -qO- http://www.mvps.org/winhelp2002/hosts.txt | sed 's/0.0.0.0/127.0.0.1/g' | grep "^127.0.0.1" > /tmp/block.build.list

It would be great if the github page was suitably amended.

Thanks to frankhou77, phuque99 and teffalump for putting in the time and effort to make this simple.

(Last edited by julian67 on 12 Jan 2014, 22:54)

This is a great script.

I followed the steps described on github and it works flawless.

Thanks to all contributors!

Just one question:  Does the script block tracking stuff like google analytics with the provided lists?

Thank you anyway.

(Last edited by exxo on 18 Jan 2014, 00:14)

Additionally there is an error in the crontab example:

#/etc/crontabs/root
 
#Add the following line
0 0 4 * * 0,3 sh /etc/adblock.sh

You can't have 6 columns of time definitions in a crontab, only 5.

It ought to read

#/etc/crontabs/root
 
#Add the following line
00 4 * * 0,3 sh /etc/adblock.sh

Thanks a bunch, julian. I've corrected those errors in the gist.

@exxo: The lists have google analytics, google tag services, etc so they should block those services. However, we are blocking by domain name, so if some tracking service is hosted on a non-blocked domain ... too bad. Adblock rules used by adblock plus, for example, do rule matching against page elements, not only domains, allowing finer control and subtlety. I'd suggest using a few other browser addons -- e.g., adblock edge, noscript, etc -- to help block some of these trickier elements.

Thank you for clarify this.

I think i can life with this because its very nice to setup ad blocking on the router instead on all the devices that populate my household.

Tracking is evil, I hate this kind of stalker ads that appear on all pages after i searched  with google i.e. for holiday destinations .

Btw. i fixed the crontab as suggested by Julian and the block.hosts file have updated as expected this morning at 4am.

Hey teffalump, I just want to say thanks. This was the first script I have ever installed on my router, I followed your instructions and it's works exactly as expected - brilliant!

As an aside I was wondering if it would be possible to log an event when a domain is blocked?

Hello and thank you for the provided lists. I have converted these lists to privoxy rules (using php to preg_replace certain segments, remove comments, etc) and everything works like a charm.  I would like to ask which method is faster: privoxy in transparent mode or "hosts" method? What about memory usage?

For example, the converted file is about 304 kb and privoxy (as transparent proxy) uses 33% of memory (~43MB ram). Any suggestions/ideas?

Thanks in advance.

(Last edited by headless.cross on 1 Feb 2014, 13:46)

I was getting the same thing but I think I got it fixed. Through trial and error I realized that the white.list file cannot contain anything except the sites you want white-listed. I have no idea how or why that happens--my limited understanding of scripting tells me that anything with a hash in front of it should be ignored, but that doesn't appear to be the case (in my setup at least).

Perhaps one of the more knowledgeable folks would like to chime in? I'm running Gargoyle 1.5.10 which is based on AA, if that matters at all. As far as I know there's no real difference between the two except the gui.

In any case, I hope that helps.

I have reconfigured privoxy and now the memory usage has dropped to 14%.

Here is my config:

confdir /etc/privoxy
#logdir /tmp/log
#logfile privoxy.log
#trustfile trust

actionsfile user.action
filterfile user.filter

listen-address 10.0.2.1:8118
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries 0
accept-intercepted-requests 1
allow-cgi-request-crunching 0
split-large-forms 0
#keep-alive-timeout 300
#socket-timeout 300
permit-access 10.0.2.0/28
#debug 1024 # show each GET/POST/CONNECT request
#debug 4096 # Startup banner and warnings
#debug 8192 # Errors
#debug 65536 # All
#admin-address privoxy-admin@example.com
#proxy-info-url http://www.example.com/proxy-service.html

Edit: For few minutes. After a while memory usage was 29% (still less than before).

(Last edited by headless.cross on 3 Feb 2014, 20:11)

teffalump frankhou77, phuque99 Thank you soo very much. I've used a similar script on my DDWrt based router and tried a ton of other writeups for openwrt.

Is there anyway to add the pixelserv function? or did I miss that in this thread? I've searched everywhere for a way to add it, but my coding skills are limited.

I'm extremely happy to block ads, trackers, bugs etc etc, but would love to not see the error messages "This webpage is not available"

Update
I switched over to using aarmot's script from the 25th post of this thread. I love the simplicity of seeing 1x1 in the browser window instead of an error message. It doesn't use multiple lists (blacklists, whitelists etc), but I can setup my own list on a server to pull from.

The ideal would be a combination of everyone's work here!

(Last edited by rinnis on 14 Feb 2014, 14:42)

Ad hosts resolve to 0.0.0.0 on my setup and I don't have that problem on my end. Banners or ads are just blank. AdBlockPlus browser add-on/extension might be something you'll like to try. I don't believe in running anything more on router beyond NAT/routing and DNS.

Here is my suggestion:
This script run in background and updates bad hosts list every 6 hours.
https://gist.github.com/someon/9609363

download the script to /etc/init.d/

wget -P /etc/init.d http://yyy.free.bg/adblock%20for%20OpenWrt/adblock

make it executable

chmod +x /etc/init.d/adblock

enable it on system startup

/etc/init.d/adblock enable

start it

/etc/init.d/adblock start

(Last edited by bugfunny on 31 Mar 2014, 11:55)

Hi look here ho about ading this script to the adblock one? thes one is from block lists from Spamhaus DROP (Don't Route Or Peer) and EDROP are advisory "drop all traffic" lists, consisting of netblocks that are
"hijacked"
or leased by professional spam or cyber-crime operations (used for dissemination of malware, trojan downloaders, botnet controllers). The DROP and EDROP
lists are a tiny subset of the SBL, designed for use by firewalls and routing equipment to filter out the malicious traffic from these netblocks.

http://www.spamhaus.org/xbl/

DropList="/tmp/drop.lasso"
wget -O "$DropList" "http://www.spamhaus.org/drop/drop.lasso"
cat "$DropList" \
| sed -e 's/;.*//' \
| grep -v '^ *$' \
| while read OneNetBlock ; do
echo "iptables -I INPUT -s "$OneNetBlock" -j DROP" >> /etc/firewall.user
echo "iptables -I OUTPUT -d "$OneNetBlock" -j DROP" >> /etc/firewall.user
echo "iptables -I FORWARD -s "$OneNetBlock" -j DROP" >> /etc/firewall.user
echo "iptables -I FORWARD -d "$OneNetBlock" -j DROP" >> /etc/firewall.user
done
rm /tmp/drop.lasso

script by n0pin 

http://www.gargoyle-router.com/phpbb/vi … amp;t=5513