Forked from martinsohn/edgemax-ad-blocker-dnsmasq.md
Last active
November 3, 2020 22:38
-
-
Save 0x-2a/805e1da3cf599c5f73d15b95c561b0cc to your computer and use it in GitHub Desktop.
Revisions
-
y3sh revised this gist
Nov 3, 2020 . 1 changed file with 0 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -11,9 +11,6 @@ The blocklists used are: Assumptions: - WAN interface is eth0 and is using DHCP - All other interfaces are for LAN ## Add DNS filter to dnsmasq -
Nov 3, 2020 . 1 changed file with 0 additions and 131 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -14,138 +14,7 @@ Assumptions: - EdgeRouter has a DHCP server named 'LAN' with subnet '192.168.1.0/24' and router IP '192.168.1.1' (default ERX config) - EdgeRouter is using firmware 1.9.7 or higher (to use 'forwarding except-interface' instead of 'forwarding listen-on') ## Add DNS filter to dnsmasq Switch to the root user and create a bash script with `vi` in `root` home directory. -
martinsohn revised this gist
Mar 24, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,6 @@ # Ubiquity EdgeMAX Ad & Malware Blocking Content Filtering using EdgeRouter This will show you how to use your EdgeRouter as a local DNS server and blocking DNS queries to domains that hosts ads and malware. An alternative is to use [Pi-hole](https://pi-hole.net/), which gives many features such as web UI, statistics, DNS-over-HTTPS, and possibly better written code ;) The blocklists used are: - [Ad blocklist from Yoyo Internet Services](https://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0&mimetype=plaintext) -
Mar 24, 2020 . 1 changed file with 70 additions and 50 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,7 @@ # Ubiquity EdgeMAX Ad & Malware Blocking Content Filtering using EdgeRouter This will show you how to use your EdgeRouter as a local DNS server and blocking DNS queries to domains that hosts ads and malware. An alternative is to use [PiHole](https://pi-hole.net/), which gives many features such as web UI, statistics, and possibly better written code ;) The blocklists used are: - [Ad blocklist from Yoyo Internet Services](https://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0&mimetype=plaintext) - [High risk domains from DShield](https://www.dshield.org/feeds/suspiciousdomains_High.txt) @@ -10,7 +11,7 @@ The blocklists used are: Assumptions: - WAN interface is eth0 and is using DHCP - All other interfaces are for LAN - EdgeRouter has a DHCP server named 'LAN' with subnet '192.168.1.0/24' and router IP '192.168.1.1' (default ERX config) - EdgeRouter is using firmware 1.9.7 or higher (to use 'forwarding except-interface' instead of 'forwarding listen-on') ## Connect to EdgeRouter and set system DNS servers @@ -22,7 +23,7 @@ PS > ssh <username>@<edgerouter IP address> Enter configure mode and set system nameservers. The system DNS servers will later be used for DNS forwarding. I'm using [Cloudflare](https://1.1.1.1/dns/) and [OpenDNS](https://use.opendns.com/) ``` admin@ERX:~$ configure admin@ERX:~$ set system name-server 1.1.1.1 @@ -147,84 +148,103 @@ Queries retried or failed: 7 ``` ## Add DNS filter to dnsmasq Switch to the root user and create a bash script with `vi` in `root` home directory. ``` root@ERX:~# sudo -i root@ERX:~# vi ~/update-adblock-dnsmasq.sh ``` Enable insert in 'vi' by pressing 'i'. Paste the following to the bash script ``` #!/bin/bash # Blocklists pre-formatted as "address=/<domain>/<blackhole ip> # NB: the script later implies pre-formatted blocklists use 127.0.0.1 as the blackhole IP formatted_blocklists=("https://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0&mimetype=plaintext") # Blocklists with raw IP addresses raw_blocklists=("https://www.dshield.org/feeds/suspiciousdomains_High.txt" "https://www.dshield.org/feeds/suspiciousdomains_Medium.txt" "https://www.dshield.org/feeds/suspiciousdomains_Low.txt" ) # Blackhole/IP to respond to DNS query if domain is on blocklist # IP "0.0.0.0" is a black hole. Per RFC 1122, section 3.2.1.3 "This host on this network. MUST NOT be sent, except as a source address as part of an initialization procedure by which the host learns its own IP address." blackhole_ip="0.0.0.0" # Block configuration to be used by dnsmasq blocklist="/etc/dnsmasq.d/dnsmasq-blocklist.conf" # Temp blocklists tmp_blocklist="/tmp/dnsmasq-blocklist.conf.tmp" tmp_formatted_blocklist="/tmp/dnsmasq-formatted_blocklist.conf.tmp" tmp_raw_blocklist="/tmp/dnsmasq-raw_blocklist.conf.tmp" # Make sure we're starting with empty blocklists rm -f $tmp_formatted_blocklist rm -f $tmp_raw_blocklist rm -f $tmp_blocklist # replace pre-formatted blocklist black hole IP with our preference # NB: This implies pre-formatted blocklists use 127.0.0.1 for i in "${formatted_blocklists[@]}" do curl -s "$i" | sed "s/127\.0\.0\.1/$blackhole_ip/" >> $tmp_formatted_blocklist done # Download blocklists for i in "${raw_blocklists[@]}" do curl -s "$i" >> $tmp_raw_blocklist done # Remove comment lines sed -i "/^#/d" $tmp_formatted_blocklist # Remove comment lines sed -i "/^#/d" $tmp_raw_blocklist # Format raw blocklist # Add to start of all lines: '/address=' sed -i "s/^/address=\//g" $tmp_raw_blocklist # Add to end of all lines: '/$blackhole_ip' sed -i "s/$/\/$blackhole_ip/" $tmp_raw_blocklist # Join files to one cat $tmp_raw_blocklist >> $tmp_formatted_blocklist # Remove invalid lines grep -E "^address=\/.{1,}\..{1,}\/0\.0\.0\.0" $tmp_formatted_blocklist > $tmp_blocklist # Keep only unique entries sort $tmp_blocklist | uniq > $blocklist # Clean up temp blocklists rm -f $tmp_raw_blocklist rm -f $tmp_formatted_blocklist rm -f $tmp_blocklist # Restart dnsmasq to load new config /etc/init.d/dnsmasq force-reload ``` Save the bash file by hitting escape, ':wq', and enter. Make sure you're root, chmod the script, and run the script. ``` root@ERX:~# sudo -i root@ERX:~# chmod a+x ~/update-adblock-dnsmasq.sh root@ERX:~# ~/update-adblock-dnsmasq.sh ``` Make sure no errors were written to the console. Then add the script to crontab. Contab will generate a new blocklist everyday from your blocklist sources. ``` root@ERX:~# (crontab -l ; echo "20 4 * * * /root/update-adblock-dnsmasq.sh") | crontab - ``` Disconnect from the router ``` root@ERX:~# logout admin@ERX:~# exit ``` Visit the following sites to confirm the ad-blocker is working: -
Sep 12, 2019 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -9,8 +9,8 @@ The blocklists used are: Assumptions: - WAN interface is eth0 and is using DHCP - All other interfaces are for LAN - EdgeRouter has DHCP server named 'LAN' with subnet '192.168.1.0/24' and router IP '192.168.1.1' (default ERX config) - EdgeRouter is using firmware 1.9.7 or higher (to use 'forwarding except-interface' instead of 'forwarding listen-on') ## Connect to EdgeRouter and set system DNS servers @@ -55,7 +55,7 @@ Enable DNS cache ([EdgeRouter forum post discussing cache sizes](https://communi admin@ERX:~$ set service dns forwarding cache-size 3000 ``` Set eth0 to **not** listen for DNS queries coming from your ISP or the internet. This is better for privacy. Using 'except-interface' setting allows incoming queries from all other interfaces ``` -
Martin Sohn revised this gist
Sep 12, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -69,7 +69,7 @@ admin@ERX:~$ set service dns forwarding system Make DHCP clients use EdgeRouter as DNS server ``` admin@ERX:~$ set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 192.168.1.1 ``` Commit and save the new config. Exit the configuration tool. -
Dec 9, 2018 . 1 changed file with 4 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,10 +2,10 @@ This will show you how to use your EdgeRouter as a local DNS server and blocking DNS queries to domains that hosts ads and malware. The blocklists used are: - [Ad blocklist from Yoyo Internet Services](https://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0&mimetype=plaintext) - [High risk domains from DShield](https://www.dshield.org/feeds/suspiciousdomains_High.txt) - [Medium risk domains from DShield](https://www.dshield.org/feeds/suspiciousdomains_Medium.txt) - [Low risk domains from DShield](https://www.dshield.org/feeds/suspiciousdomains_Low.txt) Assumptions: - WAN interface is eth0 and is using DHCP -
Dec 9, 2018 . 1 changed file with 6 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -221,6 +221,12 @@ root@ERX:~# sh /config/user-data/update-adblock-dnsmasq.sh root@ERX:~# (crontab -l ; echo "20 4 * * * /config/user-data/update-adblock-dnsmasq.sh") | crontab - ``` Disconnect from the router ``` root@ERX:~# exit admin@ERX:~# ``` Visit the following sites to confirm the ad-blocker is working: - https://thepcspy.com/blockadblock/ - https://ads-blocker.com/testing/ -
Dec 9, 2018 . 1 changed file with 30 additions and 17 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,12 @@ # Ubiquity EdgeMAX Ad & Malware Blocking Content Filtering using EdgeRouter This will show you how to use your EdgeRouter as a local DNS server and blocking DNS queries to domains that hosts ads and malware. The blocklists used are: [Ad blocklist from Yoyo Internet Services](https://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0&mimetype=plaintext) [High risk domains from DShield](https://www.dshield.org/feeds/suspiciousdomains_High.txt) [Medium risk domains from DShield](https://www.dshield.org/feeds/suspiciousdomains_Medium.txt) [Low risk domains from DShield](https://www.dshield.org/feeds/suspiciousdomains_Low.txt) Assumptions: - WAN interface is eth0 and is using DHCP - All other interfaces are for LAN, and will use the EdgeRouter as DNS server @@ -9,13 +16,13 @@ Assumptions: ## Connect to EdgeRouter and set system DNS servers Connect to EdgeRouter using PowerShell ```powershell PS > ssh <username>@<edgerouter IP address> ``` Enter configure mode and set system nameservers. The system DNS servers will later be used for DNS forwarding. I'm using Cloudflare and OpenDNS ``` admin@ERX:~$ configure admin@ERX:~$ set system name-server 1.1.1.1 @@ -24,12 +31,12 @@ admin@ERX:~$ set system name-server 208.67.220.220 admin@ERX:~$ set system name-server 208.67.222.222 ``` Stop EdgeRouter from adding extra system DNS servers from eth0 DHCP (the ones your ISP wants you to use) ``` admin@ERX:~$ set interfaces ethernet eth0 dhcp-options name-server no-update ``` Renew DHCP for eth0. This will remove the ISP DNS servers from EdgeRouter system ``` admin@ERX:~$ run renew dhcp interface eth0 ``` @@ -43,14 +50,14 @@ admin@ERX:~$ save ## Enable DNS server with DNS forwarding on EdgeRouter Based on Ubiquiti guide to [setup EdgeRouter as DNS server with forwarding enabled](https://help.ubnt.com/hc/en-us/articles/115010913367-EdgeRouter-DNS-Forwarding-Setup-Options). Enable DNS cache ([EdgeRouter forum post discussing cache sizes](https://community.ubnt.com/t5/EdgeRouter/DNS-cache-questions/td-p/1572160)) ``` admin@ERX:~$ set service dns forwarding cache-size 3000 ``` Set eth0 to **not** listen for DNS queries coming from your ISP or the internet. Using 'except-interface' setting allows incoming queries from all other interfaces ``` admin@ERX:~$ set service dns forwarding except-interface eth0 ``` @@ -65,14 +72,20 @@ Make DHCP clients use EdgeRouter as DNS server admin@ERX:~$ set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server ``` Commit and save the new config. Exit the configuration tool. ``` admin@ERX:~$ commit admin@ERX:~$ save admin@ERX:~$ exit ``` Renew DHCP on a client in your LAN ```powershell PS > ipconfig /release PS > ipconfig /renew ``` Confirm DNS server is set to EdgeRouter and DNS works ```powershell PS > nslookup Default Server: UnKnown @@ -83,9 +96,9 @@ Server: UnKnown Address: 192.168.1.1 Non-authoritative answer: Name: github.com Addresses: 140.82.118.4 140.82.118.3 ``` ## Validate configuration @@ -134,7 +147,7 @@ Queries retried or failed: 7 ``` ## Add DNS filter to dnsmasq Switch to the root user and open up `vi`. ``` root@ERX:~# sudo -i root@ERX:~# vi /config/user-data/update-adblock-dnsmasq.sh @@ -150,7 +163,7 @@ blocklist_url1_1="https://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsma # Blocklist for malware blocklist_url2_1="https://www.dshield.org/feeds/suspiciousdomains_High.txt" blocklist_url2_2="https://www.dshield.org/feeds/suspiciousdomains_Medium.txt" blocklist_url2_3="https://www.dshield.org/feeds/suspiciousdomains_Low.txt" # IP to respond to DNS query if domain is on blocklist # IP '0.0.0.0' is a black hole. Per RFC 1122, section 3.2.1.3 "This host on this network. MUST NOT be sent, except as a source address as part of an initialization procedure by which the host learns its own IP address." @@ -166,7 +179,7 @@ temp_blocklist2="/tmp/dnsmasq-blocklist2.conf.tmp" curl -s $blocklist_url1_1 | sed "s/127\.0\.0\.1/$pixelserv_ip/" > $temp_blocklist1 curl -s $blocklist_url2_1 > $temp_blocklist2 curl -s $blocklist_url2_2 >> $temp_blocklist2 curl -s $blocklist_url2_3 >> $temp_blocklist2 # Remove comment lines sed -i "/^#/d" $temp_blocklist2 -
Dec 9, 2018 . 1 changed file with 139 additions and 16 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,19 +1,147 @@ # Ubiquity EdgeMAX Ad & Malware Blocking Content Filtering using EdgeRouter Assumptions: - WAN interface is eth0 and is using DHCP - All other interfaces are for LAN, and will use the EdgeRouter as DNS server - EdgeRouter is DHCP server, with network name 'LAN' and subnet '192.168.1.0/24' - EdgeRouter is using firmware 1.9.7 or higher (to use 'forwarding except-interface' instead of 'forwarding listen-on') ## Connect to EdgeRouter and set system DNS servers Connect to EdgeRouter using PowerShell ```powershell ssh <username>@<edgerouter IP address> # Example: ssh [email protected] ``` Enter configure mode and set system nameservers. The system DNS servers will later be used for DNS forwarding Here I use Cloudflare and OpenDNS ``` admin@ERX:~$ configure admin@ERX:~$ set system name-server 1.1.1.1 admin@ERX:~$ set system name-server 1.0.0.1 admin@ERX:~$ set system name-server 208.67.220.220 admin@ERX:~$ set system name-server 208.67.222.222 ``` Disable adding extra system DNS servers from WAN DHCP ``` admin@ERX:~$ set interfaces ethernet eth0 dhcp-options name-server no-update ``` Renew DHCP from ISP. This will remove the ISP DNS servers from EdgeRouter system ``` admin@ERX:~$ run renew dhcp interface eth0 ``` Commit and save the new config ``` admin@ERX:~$ commit admin@ERX:~$ save ``` ## Enable DNS server with DNS forwarding on EdgeRouter Based on Ubiquiti guide to [setup EdgeRouter as DNS server with forwarding enabled](https://help.ubnt.com/hc/en-us/articles/115010913367-EdgeRouter-DNS-Forwarding-Setup-Options). Enable DNS cache. [EdgeRouter forum post discussing cache sizes](https://community.ubnt.com/t5/EdgeRouter/DNS-cache-questions/td-p/1572160). ``` admin@ERX:~$ set service dns forwarding cache-size 3000 ``` Set eth0 to **not** listen for DNS queries coming from your ISP or the internet. Using 'except-interface' setting allows incoming queries from all other interfaces. ``` admin@ERX:~$ set service dns forwarding except-interface eth0 ``` Forward unknown/uncached DNS queries to the EdgeRouter system DNS servers ``` admin@ERX:~$ set service dns forwarding system ``` Make DHCP clients use EdgeRouter as DNS server ``` admin@ERX:~$ set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server ``` Commit and save the new config ``` admin@ERX:~$ commit admin@ERX:~$ save ``` Renew DHCP configuration on a client. Confirm DNS server is set to EdgeRouter and DNS works. Done here with PowerShell. ```powershell PS > nslookup Default Server: UnKnown Address: 192.168.1.1 > github.com Server: UnKnown Address: 192.168.1.1 Non-authoritative answer: Name: github.com Addresses: 140.82.118.4 140.82.118.3 ``` ## Validate configuration Check the correct forwarding nameservers are used ``` admin@ERX:~$ show dns forwarding nameservers ----------------------------------------------- Nameservers configured for DNS forwarding ----------------------------------------------- 1.1.1.1 available via 'optionally configured' 1.0.0.1 available via 'optionally configured' 208.67.222.222 available via 'optionally configured' 208.67.220.220 available via 'optionally configured' ``` Generate some traffic on your network. Afterwards show DNS statistics ``` admin@ERX:~$ show dns forwarding statistics ---------------- Cache statistics ---------------- Cache size: 3000 Queries forwarded: 472 Queries answered locally: 316 Total DNS entries inserted into cache: 1381 DNS entries removed from cache before expiry: 0 --------------------- Nameserver statistics --------------------- Server: 208.67.220.220 Queries sent: 205 Queries retried or failed: 8 Server: 208.67.222.222 Queries sent: 162 Queries retried or failed: 3 Server: 1.0.0.1 Queries sent: 248 Queries retried or failed: 6 Server: 1.1.1.1 Queries sent: 202 Queries retried or failed: 7 ``` ## Add DNS filter to dnsmasq Log into your Edgerouter and switch to the root user and open up `vi`. ``` root@ERX:~# sudo -i root@ERX:~# vi /config/user-data/update-adblock-dnsmasq.sh ``` Enable insert in 'vi' by pressing 'i'. Paste the following to the bash script ``` #!/bin/bash @@ -73,18 +201,13 @@ Save the bash file by typing escape, and ':wq'. Make sure you're root, chmod the script, and add it to crontab. Contab will generate a new blocklist everyday, to always block the newest ad and malware content. ``` root@ERX:~# sudo -i root@ERX:~# chmod a+x /config/user-data/update-adblock-dnsmasq.sh root@ERX:~# sh /config/user-data/update-adblock-dnsmasq.sh root@ERX:~# (crontab -l ; echo "20 4 * * * /config/user-data/update-adblock-dnsmasq.sh") | crontab - ``` Visit the following sites to confirm the ad-blocker is working: - https://thepcspy.com/blockadblock/ - https://ads-blocker.com/testing/ -
Dec 9, 2018 . 1 changed file with 3 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,8 @@ # Ubiquity EdgeMAX Ad & Malware Blocking Content Filtering using EdgeRouter Follow Ubiquiti guide to [setup EdgeRouter as DNS server with forwarding enabled](https://help.ubnt.com/hc/en-us/articles/115010913367-EdgeRouter-DNS-Forwarding-Setup-Options). Renew IP on a client and confirm DNS server is set to EdgeRouter and forwarding works. Log into your Edgerouter and switch to the root user and open up `vi`. @@ -80,7 +82,6 @@ sh /config/user-data/update-adblock-dnsmasq.sh ``` Visit the following sites to confirm the ad-blocker is working: - https://thepcspy.com/blockadblock/ - https://ads-blocker.com/testing/ -
Dec 9, 2018 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -70,13 +70,13 @@ rm $temp_blocklist2 Save the bash file by typing escape, and ':wq'. Make sure you're root, chmod the script, and add it to crontab. Contab will generate a new blocklist everyday, to always block the newest ad and malware content. ``` sudo -i chmod a+x /config/user-data/update-adblock-dnsmasq.sh sh /config/user-data/update-adblock-dnsmasq.sh (crontab -l ; echo "20 4 * * * /config/user-data/update-adblock-dnsmasq.sh") | crontab - ``` Visit the following sites to confirm the ad-blocker is working: -
Dec 9, 2018 . No changes.There are no files selected for viewing
-
Dec 9, 2018 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -22,7 +22,8 @@ blocklist_url2_1="https://www.dshield.org/feeds/suspiciousdomains_High.txt" blocklist_url2_2="https://www.dshield.org/feeds/suspiciousdomains_Medium.txt" #blocklist_url2_3="https://www.dshield.org/feeds/suspiciousdomains_Low.txt" # IP to respond to DNS query if domain is on blocklist # IP '0.0.0.0' is a black hole. Per RFC 1122, section 3.2.1.3 "This host on this network. MUST NOT be sent, except as a source address as part of an initialization procedure by which the host learns its own IP address." pixelserv_ip="0.0.0.0" # Block configuration to be used by dnsmasq -
Dec 9, 2018 . 1 changed file with 14 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,8 +2,15 @@ This is [based on a guide on the Ubnt forums](https://help.ubnt.com/hc/en-us/articles/205223340). Log into your Edgerouter and switch to the root user and open up `vi`. ``` sudo -i vi /config/user-data/update-adblock-dnsmasq.sh ``` Enable insert in 'vi' by pressing 'i'. Paste the following to the bash script ``` #!/bin/bash @@ -59,12 +66,16 @@ rm $temp_blocklist2 # Restart dnsmasq to load new config /etc/init.d/dnsmasq force-reload ``` Save the bash file by typing escape, and ':wq'. Make sure you're root, chmod the script, and add it to crontab. Contab will generate a new blocklist everyday at 16:20, to always block the newest ad and malware content. ``` sudo -i chmod a+x /config/user-data/update-adblock-dnsmasq.sh sh /config/user-data/update-adblock-dnsmasq.sh (crontab -l ; echo "20 16 * * * /config/user-data/update-adblock-dnsmasq.sh") | crontab - ``` Visit the following sites to confirm the ad-blocker is working: -
Dec 9, 2018 . 1 changed file with 44 additions and 13 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,39 +1,70 @@ # Ubiquity EdgeMAX Ad & Malware Blocking Content Filtering using EdgeRouter This is [based on a guide on the Ubnt forums](https://help.ubnt.com/hc/en-us/articles/205223340). Log into your Edgerouter and run the following - `sudo -i && vi /config/user-data/update-adblock-dnsmasq.sh` This will switch you to the root user and open up `vi`. ``` #!/bin/bash # Blocklist for ads blocklist_url1_1="https://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0&mimetype=plaintext" # Blocklist for malware blocklist_url2_1="https://www.dshield.org/feeds/suspiciousdomains_High.txt" blocklist_url2_2="https://www.dshield.org/feeds/suspiciousdomains_Medium.txt" #blocklist_url2_3="https://www.dshield.org/feeds/suspiciousdomains_Low.txt" # IP to respond to DNS query if host on blocklist pixelserv_ip="0.0.0.0" # Block configuration to be used by dnsmasq blocklist="/etc/dnsmasq.d/dnsmasq-blocklist.conf" # Temp blocklists temp_blocklist1="/tmp/dnsmasq-blocklist1.conf.tmp" temp_blocklist2="/tmp/dnsmasq-blocklist2.conf.tmp" curl -s $blocklist_url1_1 | sed "s/127\.0\.0\.1/$pixelserv_ip/" > $temp_blocklist1 curl -s $blocklist_url2_1 > $temp_blocklist2 curl -s $blocklist_url2_2 >> $temp_blocklist2 #curl -s $blocklist_url2_3 >> $temp_blocklist2 # Remove comment lines sed -i "/^#/d" $temp_blocklist2 # Remove header line: Site sed -i "/Site/d" $temp_blocklist2 # Add to start of all lines: /address= sed -i "s/^/address=\//g" $temp_blocklist2 # Add to end of all lines: /$pixelserv_ip sed -i "s/$/\/$pixelserv_ip/" $temp_blocklist2 # Join files to one cat $temp_blocklist2 >> $temp_blocklist1 # If temp blocklist exists if [ -f "$temp_blocklist1" ] then # Keep only unique entries sort $temp_blocklist1 | uniq > $blocklist else echo "Error building the ad list, please try again." exit fi # Clean up temp blocklists rm $temp_blocklist1 rm $temp_blocklist2 # Restart dnsmasq to load new config /etc/init.d/dnsmasq force-reload ``` ``` sudo -i chmod a+x /config/user-data/update-adblock-dnsmasq.sh sh /config/user-data/update-adblock-dnsmasq.sh (crontab -l ; echo "56 4 * * * /config/user-data/update-adblock-dnsmasq.sh") | crontab - ``` Visit the following sites to confirm the ad-blocker is working: -
bsodmike revised this gist
Sep 11, 2017 . 1 changed file with 4 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,7 +1,9 @@ # Ubiquity EdgeMAX Ad Blocking Content Filtering using EdgeRouter This is [based on a guide on the Ubnt forums](https://help.ubnt.com/hc/en-us/articles/205223340). Log into your Edgerouter and run the following - `sudo -i && vi /config/user-data/update-adblock-dnsmasq.sh` This will switch you to the root user and open up `vi`. ``` -
Sep 11, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,44 @@ # Ubiquity EdgeMAX Ad Blocking Content Filtering using EdgeRouter This is [based on](https://help.ubnt.com/hc/en-us/articles/205223340) `sudo -i && vi /config/user-data/update-adblock-dnsmasq.sh` ``` #!/bin/bash ad_list_url="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0&mimetype=plaintext" #The IP address below should point to the IP of your router or to 0.0.0.0 pixelserv_ip="0.0.0.0" ad_file="/etc/dnsmasq.d/dnsmasq.adlist.conf" temp_ad_file="/etc/dnsmasq.d/dnsmasq.adlist.conf.tmp" curl -s $ad_list_url | sed "s/127\.0\.0\.1/$pixelserv_ip/" > $temp_ad_file if [ -f "$temp_ad_file" ] then #sed -i -e '/www\.favoritesite\.com/d' $temp_ad_file mv $temp_ad_file $ad_file else echo "Error building the ad list, please try again." exit fi /etc/init.d/dnsmasq force-reload ``` ``` sudo -i chmod a+x /config/user-data/update-adblock-dnsmasq.sh sh /config/user-data/update-adblock-dnsmasq.sh (crontab -l ; echo "56 4 * * 6 /config/user-data/update-adblock-dnsmasq.sh") | crontab - ``` Visit the following sites to confirm the ad-blocker is working: - https://thepcspy.com/blockadblock/ - https://ads-blocker.com/testing/ # References This is based on a [YouTube video by Willie Howe](https://www.youtube.com/watch?v=KrAwg1inp2E).
Martin Sohn
revised
this gist