-
-
Save gregoirefavre/5c54a11bc80ff0565348 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
#Put in /etc/adblock.sh | |
#Block ads, malware, etc. | |
#Need pkill installed | |
if command -v pkill > /dev/null | |
then | |
echo 'Found pkill!' | |
else | |
echo 'Updating package list...' | |
opkg update > /dev/null | |
echo 'Installing procps/procps-pkill package...' | |
opkg install procps > /dev/null | |
opkg install procps-pkill > /dev/null | |
fi | |
#Need iptables-mod-nat-extra installed | |
if opkg list-installed | grep -q iptables-mod-nat-extra | |
then | |
echo 'iptables-mod-nat-extra is installed!' | |
else | |
echo 'Updating package list...' | |
opkg update > /dev/null | |
echo 'Installing iptables-mod-nat-extra...' | |
opkg install iptables-mod-nat-extra > /dev/null | |
fi | |
# Only block wireless ads? Y/N | |
ONLY_WIRELESS="N" | |
if [ "$ONLY_WIRELESS" == "Y" ] | |
then | |
echo 'Wireless only blocking!' | |
FW1="iptables -t nat -I PREROUTING -i wlan+ -p tcp --dport 53 -j REDIRECT --to-ports 53" | |
FW2="iptables -t nat -I PREROUTING -i wlan+ -p udp --dport 53 -j REDIRECT --to-ports 53" | |
else | |
FW1="iptables -t nat -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53" | |
FW2="iptables -t nat -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53" | |
fi | |
#Change the cron command to what is comfortable, or leave as is | |
CRON="0 4 * * 0,3 sh /etc/adblock.sh" | |
DNSMASQ_EDITED="1" | |
FIREWALL_EDITED="1" | |
echo 'Updating config, if necessary...' | |
#Check proper DHCP config and, if necessary, update it | |
uci get dhcp.@dnsmasq[0].addnhosts > /dev/null 2>&1 && DNSMASQ_EDITED="0" || uci add_list dhcp.@dnsmasq[0].addnhosts=/etc/block.hosts && uci commit | |
#Leave crontab alone, or add to it | |
grep -q "/etc/adblock.sh" /etc/crontabs/root || echo "$CRON" >> /etc/crontabs/root | |
#Add firewall rules if necessary | |
grep -q "$FW1" /etc/firewall.user && FIREWALL_EDITED="0" || echo "$FW1" >> /etc/firewall.user | |
grep -q "$FW2" /etc/firewall.user && FIREWALL_EDITED="0" || echo "$FW2" >> /etc/firewall.user | |
#Delete the old block.hosts to make room for the updates | |
rm -f /etc/block.hosts | |
echo 'Downloading hosts lists...' | |
#Download and process the files needed to make the lists (enable/add more, if you want) | |
wget -qO- http://www.mvps.org/winhelp2002/hosts.txt| awk '/^0.0.0.0/' > /tmp/block.build.list | |
#wget -qO- http://www.malwaredomainlist.com/hostslist/hosts.txt|awk '{sub(/^127.0.0.1/, "0.0.0.0")} /^0.0.0.0/' >> /tmp/block.build.list | |
#wget -qO- "http://hosts-file.net/.\ad_servers.txt"|awk '{sub(/^127.0.0.1/, "0.0.0.0")} /^0.0.0.0/' >> /tmp/block.build.list | |
#need GNU wget from opkg since BusyBox wget doesn't handle https well (for me it seems, lol) | |
wget -qO- --no-check-certificate "https://adaway.org/hosts.txt"|awk '{sub(/^127.0.0.1/, "0.0.0.0")} /^0.0.0.0/' >> /tmp/block.build.list | |
#Add black list, if non-empty | |
if [ -s "/etc/black.list" ] | |
then | |
echo 'Adding blacklist...' | |
awk '/^[^#]/ { print "0.0.0.0",$1 }' /etc/black.list >> /tmp/block.build.list | |
fi | |
echo 'Sorting lists...' | |
#Sort the download/black lists | |
awk '{sub(/\r$/,"");print $1,$2}' /tmp/block.build.list|sort -u > /tmp/block.build.before | |
#Filter (if applicable) | |
if [ -s "/etc/white.list" ] | |
then | |
#Filter the blacklist, supressing whitelist matches | |
# This is relatively slow =-( | |
echo 'Filtering white list...' | |
awk '/^[^#]/ {sub(/\r$/,"");print $1}' /etc/white.list | grep -vf - /tmp/block.build.list > /etc/block.hosts | |
else | |
cat /tmp/block.build.list > /etc/block.hosts | |
fi | |
echo 'Adding ipv6 support...' | |
#Add ipv6 support | |
sed -i -re 's/^(0\.0\.0\.0) (.*)$/\1 \2\n:: \2/g' /etc/block.hosts | |
echo 'Cleaning up...' | |
#Delete files used to build list to free up the limited space | |
rm -f /tmp/block.build.list | |
if [ "$FIREWALL_EDITED" -ne "0" ] | |
then | |
echo 'Restarting firewall...' | |
/etc/init.d/firewall restart > /dev/null 2>&1 | |
fi | |
echo 'Restarting dnsmasq...' | |
#Restart dnsmasq | |
if [ "$DNSMASQ_EDITED" -eq "0" ] | |
then | |
pkill -HUP dnsmasq | |
else | |
/etc/init.d/dnsmasq restart | |
fi | |
exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#/etc/black.list | |
#add some server that the list doesn't block | |
example1.block.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#/etc/sysupgrade.conf | |
#This file is a list of files that should be preserved through upgrades | |
#OPTIONAL!!!!! | |
/etc/passwd | |
/etc/shadow | |
... | |
... | |
/etc/adblock.sh #ADD THIS LINE | |
/etc/white.list #AND THIS ONE | |
/etc/block.hosts #AND THIS ONE | |
/etc/black.list #AND THIS ONE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#/etc/white.list | |
#Add whitelisted addresses, when appropriate, etc. | |
a248.e.akamai.net |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment