dreadedhamish/ddwrt-blacklist-domains

## ddwrt-blacklist-domains
#!/bin/sh
#DEBUG=; set -x # comment/uncomment to disable/enable debug mode

#          name: ddwrt-blacklist-domains.sh
#       version: 3.1.0, 03-feb-2022, by eibgrad
#       purpose: blacklist specific domains in dnsmasq (dns)
#   script type: startup (autostart)
#  installation:
#    1. enable jffs2 (administration->jffs2)
#    2. enable syslogd (services->services->system log)
#    3. use shell (telnet/ssh) to execute one of the following commands:
#         curl -kLs bit.ly/ddwrt-installer|tr -d '\r'|sh -s aySi7RhY startup
#       or
#         wget -qO - bit.ly/ddwrt-installer|tr -d '\r'|sh -s aySi7RhY startup
#    4. add the following to the "additional dnsmasq options" field on the
#           services page:
#         addn-hosts=/tmp/blacklisted_domains
#    5. (optional) modify options using vi editor:
#         vi /jffs/etc/config/ddwrt-blacklist-domains.startup
#    6. (optional) enable cron (administration->management) and add the
#           following job:
#         0 4 * * * root /jffs/etc/config/ddwrt-blacklist-domains.startup
#    7. reboot
(
# ------------------------------ BEGIN OPTIONS ------------------------------- #

# websites known to maintain a list of blacklisted domains
# note: exercise caution when using commented urls; these sites often
#       contain *very* large lists of blacklisted domains, which may exceed
#       the memory capacity of the router and/or dnsmasq, and *may* have a
#       detrimental affect on dns performance
URL_LIST='
# minimal advertisers list - 6500 lines
https://raw.githubusercontent.com/Kees1958/W3C_annual_most_used_survey_blocklist/b551821c5c7a37aff96f999fae50f28f53ecf824/EU_US_MV2_most_common_ad%2Btracking_networks
# https://pgl.yoyo.org/adservers/serverlist.php?hostformat=&showintro=1&mimetype=plaintext # Peter Lowe 7300 lines
# https://raw.githubusercontent.com/hagezi/dns-blocklists/main/hosts/light.txt # hagezi light
# https://raw.githubusercontent.com/lewisje/jansal/master/adblock/hosts # hosts 949 lines
# https://raw.githubusercontent.com/lewisje/jansal/master/adblock/hostsc # hostsc 362 lines
'

# exceptions: domains (and their sub-domains) NOT to be blacklisted
# note: matching only occurs on whole parts of the domain name, moving right
#       to left; for example, adding somedomain.com to the whitelist would
#       also match xyz.somedomain.com, but NOT match xyzsomedomain.com nor
#       xyz.somedomain.com.us; wildcards (*) are NOT supported and will be
#       removed
WHITELIST='
localhost
'

# maximum time (in secs) alloted to any curl/wget operation
MAX_WAIT=60

# ------------------------------- END OPTIONS -------------------------------- #

# ---------------------- DO NOT CHANGE BELOW THIS LINE ----------------------- #

# required for serialization when reentry is possible
LOCK="/tmp/$(basename $0).lock"
acquire_lock() { while ! mkdir $LOCK >/dev/null 2>&1; do sleep 10; done; }
release_lock() { rmdir $LOCK >/dev/null 2>&1; }

# default to curl, failover to wget (not guaranteed to support tls)
which curl &>/dev/null && \
    GET_URL="curl -sLk --connect-timeout $MAX_WAIT --max-time $MAX_WAIT" || \
    GET_URL="wget -T $MAX_WAIT -qO -"

# domains to be blacklisted
BLACKLIST='/tmp/blacklisted_domains'; > $BLACKLIST

# workfile
RAW_BLACKLIST="/tmp/tmp.$$.raw_blacklist"

# wait for wan availability
until ping -qc1 -W3 8.8.8.8 &>/dev/null; do sleep 10; done

# one instance at a time
acquire_lock

# catch premature exit and cleanup
trap 'release_lock; exit 1' SIGHUP SIGINT SIGTERM

for url in $URL_LIST; do
    # skip comments and blank lines
    echo $url | grep -Eq '^[[:space:]]*(#|$)' && continue

    # retrieve url as raw blacklist
    $GET_URL $url > $RAW_BLACKLIST || { echo "error: $url"; continue; }

    # reformat as '0.0.0.0 domain-name' pairs
    awk '/^0\.0\.0\.0|^127\.0\.0\.1/{print "0.0.0.0 " $2}' $RAW_BLACKLIST | \
        # remove malformed domain names
        grep -E '^0\.0\.0\.0 [0-9A-z\.-]+$' >> $BLACKLIST
done

# cleanup
rm -f $RAW_BLACKLIST

# sort and remove duplicates
sort -uo $BLACKLIST $BLACKLIST

# remove domains and sub-domains that match whitelist
if [ "$(echo $WHITELIST)" ]; then
    sed -ri "/$(echo $WHITELIST | \
        sed -r 's/\*//g;s/( |$)/$|/g;s/\|$//;s/\./\\./g;s/([^|]*)/[ .]\1/g')/d" \
            $BLACKLIST
fi

# wait for dnsmasq availability
until pidof dnsmasq &>/dev/null; do sleep 10; done

# force dnsmasq to recognize updated blacklist
killall -HUP dnsmasq

# report the results
echo "info: total blacklisted domains: $(wc -l < $BLACKLIST)"

# any concurrent instance(s) may now run
release_lock

exit 0

) 2>&1 | logger $([ ${DEBUG+x} ] && echo '-p user.debug') \
    -t $(echo $(basename $0) | grep -Eo '^.{0,23}')[$$] &
	#!/bin/sh
	#DEBUG=; set -x # comment/uncomment to disable/enable debug mode

	# name: ddwrt-blacklist-domains.sh
	# version: 3.1.0, 03-feb-2022, by eibgrad
	# purpose: blacklist specific domains in dnsmasq (dns)
	# script type: startup (autostart)
	# installation:
	# 1. enable jffs2 (administration->jffs2)
	# 2. enable syslogd (services->services->system log)
	# 3. use shell (telnet/ssh) to execute one of the following commands:
	# curl -kLs bit.ly/ddwrt-installer\|tr -d '\r'\|sh -s aySi7RhY startup
	# or
	# wget -qO - bit.ly/ddwrt-installer\|tr -d '\r'\|sh -s aySi7RhY startup
	# 4. add the following to the "additional dnsmasq options" field on the
	# services page:
	# addn-hosts=/tmp/blacklisted_domains
	# 5. (optional) modify options using vi editor:
	# vi /jffs/etc/config/ddwrt-blacklist-domains.startup
	# 6. (optional) enable cron (administration->management) and add the
	# following job:
	# 0 4 * * * root /jffs/etc/config/ddwrt-blacklist-domains.startup
	# 7. reboot
	(
	# ------------------------------ BEGIN OPTIONS ------------------------------- #

	# websites known to maintain a list of blacklisted domains
	# note: exercise caution when using commented urls; these sites often
	# contain very large lists of blacklisted domains, which may exceed
	# the memory capacity of the router and/or dnsmasq, and may have a
	# detrimental affect on dns performance
	URL_LIST='
	# minimal advertisers list - 6500 lines
	https://raw.githubusercontent.com/Kees1958/W3C_annual_most_used_survey_blocklist/b551821c5c7a37aff96f999fae50f28f53ecf824/EU_US_MV2_most_common_ad%2Btracking_networks
	# https://pgl.yoyo.org/adservers/serverlist.php?hostformat=&showintro=1&mimetype=plaintext # Peter Lowe 7300 lines
	# https://raw.githubusercontent.com/hagezi/dns-blocklists/main/hosts/light.txt # hagezi light
	# https://raw.githubusercontent.com/lewisje/jansal/master/adblock/hosts # hosts 949 lines
	# https://raw.githubusercontent.com/lewisje/jansal/master/adblock/hostsc # hostsc 362 lines
	'

	# exceptions: domains (and their sub-domains) NOT to be blacklisted
	# note: matching only occurs on whole parts of the domain name, moving right
	# to left; for example, adding somedomain.com to the whitelist would
	# also match xyz.somedomain.com, but NOT match xyzsomedomain.com nor
	# xyz.somedomain.com.us; wildcards (*) are NOT supported and will be
	# removed
	WHITELIST='
	localhost
	'

	# maximum time (in secs) alloted to any curl/wget operation
	MAX_WAIT=60

	# ------------------------------- END OPTIONS -------------------------------- #

	# ---------------------- DO NOT CHANGE BELOW THIS LINE ----------------------- #

	# required for serialization when reentry is possible
	LOCK="/tmp/$(basename $0).lock"
	acquire_lock() { while ! mkdir $LOCK >/dev/null 2>&1; do sleep 10; done; }
	release_lock() { rmdir $LOCK >/dev/null 2>&1; }

	# default to curl, failover to wget (not guaranteed to support tls)
	which curl &>/dev/null && \
	GET_URL="curl -sLk --connect-timeout $MAX_WAIT --max-time $MAX_WAIT" \|\| \
	GET_URL="wget -T $MAX_WAIT -qO -"

	# domains to be blacklisted
	BLACKLIST='/tmp/blacklisted_domains'; > $BLACKLIST

	# workfile
	RAW_BLACKLIST="/tmp/tmp.$$.raw_blacklist"

	# wait for wan availability
	until ping -qc1 -W3 8.8.8.8 &>/dev/null; do sleep 10; done

	# one instance at a time
	acquire_lock

	# catch premature exit and cleanup
	trap 'release_lock; exit 1' SIGHUP SIGINT SIGTERM

	for url in $URL_LIST; do
	# skip comments and blank lines
	echo $url \| grep -Eq '^[[:space:]]*(#\|$)' && continue

	# retrieve url as raw blacklist
	$GET_URL $url > $RAW_BLACKLIST \|\| { echo "error: $url"; continue; }

	# reformat as '0.0.0.0 domain-name' pairs
	awk '/^0\.0\.0\.0\|^127\.0\.0\.1/{print "0.0.0.0 " $2}' $RAW_BLACKLIST \| \
	# remove malformed domain names
	grep -E '^0\.0\.0\.0 [0-9A-z\.-]+$' >> $BLACKLIST
	done

	# cleanup
	rm -f $RAW_BLACKLIST

	# sort and remove duplicates
	sort -uo $BLACKLIST $BLACKLIST

	# remove domains and sub-domains that match whitelist
	if [ "$(echo $WHITELIST)" ]; then
	sed -ri "/$(echo $WHITELIST \| \
	sed -r 's/\//g;s/( \|$)/$\|/g;s/\\|$//;s/\./\\./g;s/([^\|])/[ .]\1/g')/d" \
	$BLACKLIST
	fi

	# wait for dnsmasq availability
	until pidof dnsmasq &>/dev/null; do sleep 10; done

	# force dnsmasq to recognize updated blacklist
	killall -HUP dnsmasq

	# report the results
	echo "info: total blacklisted domains: $(wc -l < $BLACKLIST)"

	# any concurrent instance(s) may now run
	release_lock

	exit 0

	) 2>&1 \| logger $([ ${DEBUG+x} ] && echo '-p user.debug') \
	-t $(echo $(basename $0) \| grep -Eo '^.{0,23}')[$$] &