gregoirefavre/adblock.sh

## adblock.sh
#!/bin/sh
#Put in /etc/adblock.sh

#Block ads, malware, etc.

#Need pkill installed
if command -v pkill > /dev/null
then
    echo 'Found pkill!'
else
    echo 'Updating package list...'
    opkg update > /dev/null
    echo 'Installing procps/procps-pkill package...'
    opkg install procps > /dev/null
    opkg install procps-pkill > /dev/null
fi

#Need iptables-mod-nat-extra installed
if opkg list-installed | grep -q iptables-mod-nat-extra
then
    echo 'iptables-mod-nat-extra is installed!'
else
    echo 'Updating package list...'
    opkg update > /dev/null
    echo 'Installing iptables-mod-nat-extra...'
    opkg install iptables-mod-nat-extra > /dev/null
fi

# Only block wireless ads? Y/N
ONLY_WIRELESS="N"

if [ "$ONLY_WIRELESS" == "Y" ]
then
    echo 'Wireless only blocking!'
    FW1="iptables -t nat -I PREROUTING -i wlan+ -p tcp --dport 53 -j REDIRECT --to-ports 53"
    FW2="iptables -t nat -I PREROUTING -i wlan+ -p udp --dport 53 -j REDIRECT --to-ports 53"
else
    FW1="iptables -t nat -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53"
    FW2="iptables -t nat -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53"
fi

#Change the cron command to what is comfortable, or leave as is
CRON="0 4 * * 0,3 sh /etc/adblock.sh"
DNSMASQ_EDITED="1"
FIREWALL_EDITED="1"

echo 'Updating config, if necessary...'

#Check proper DHCP config and, if necessary, update it
uci get dhcp.@dnsmasq[0].addnhosts > /dev/null 2>&1 && DNSMASQ_EDITED="0" || uci add_list dhcp.@dnsmasq[0].addnhosts=/etc/block.hosts && uci commit

#Leave crontab alone, or add to it
grep -q "/etc/adblock.sh" /etc/crontabs/root || echo "$CRON" >> /etc/crontabs/root

#Add firewall rules if necessary
grep -q "$FW1" /etc/firewall.user && FIREWALL_EDITED="0" || echo "$FW1" >> /etc/firewall.user
grep -q "$FW2" /etc/firewall.user && FIREWALL_EDITED="0" || echo "$FW2" >> /etc/firewall.user

#Delete the old block.hosts to make room for the updates
rm -f /etc/block.hosts

echo 'Downloading hosts lists...'

#Download and process the files needed to make the lists (enable/add more, if you want)
wget -qO- http://www.mvps.org/winhelp2002/hosts.txt| awk '/^0.0.0.0/' > /tmp/block.build.list
#wget -qO- http://www.malwaredomainlist.com/hostslist/hosts.txt|awk '{sub(/^127.0.0.1/, "0.0.0.0")} /^0.0.0.0/' >> /tmp/block.build.list
#wget -qO- "http://hosts-file.net/.\ad_servers.txt"|awk '{sub(/^127.0.0.1/, "0.0.0.0")} /^0.0.0.0/' >> /tmp/block.build.list

#need GNU wget from opkg since BusyBox wget doesn't handle https well (for me it seems, lol)
wget -qO- --no-check-certificate "https://adaway.org/hosts.txt"|awk '{sub(/^127.0.0.1/, "0.0.0.0")} /^0.0.0.0/' >> /tmp/block.build.list

#Add black list, if non-empty
if [ -s "/etc/black.list" ]
then
    echo 'Adding blacklist...'
    awk '/^[^#]/ { print "0.0.0.0",$1 }' /etc/black.list >> /tmp/block.build.list
fi

echo 'Sorting lists...'

#Sort the download/black lists
awk '{sub(/\r$/,"");print $1,$2}' /tmp/block.build.list|sort -u > /tmp/block.build.before

#Filter (if applicable)
if [ -s "/etc/white.list" ]
then
    #Filter the blacklist, supressing whitelist matches
    #  This is relatively slow =-(
    echo 'Filtering white list...'
    awk '/^[^#]/ {sub(/\r$/,"");print $1}' /etc/white.list | grep -vf - /tmp/block.build.list > /etc/block.hosts
else
    cat /tmp/block.build.list > /etc/block.hosts
fi

echo 'Adding ipv6 support...'

#Add ipv6 support
sed -i -re 's/^(0\.0\.0\.0) (.*)$/\1 \2\n:: \2/g' /etc/block.hosts

echo 'Cleaning up...'

#Delete files used to build list to free up the limited space
rm -f /tmp/block.build.list

if [ "$FIREWALL_EDITED" -ne "0" ]
then
    echo 'Restarting firewall...'
    /etc/init.d/firewall restart > /dev/null 2>&1
fi

echo 'Restarting dnsmasq...'

#Restart dnsmasq
if [ "$DNSMASQ_EDITED" -eq "0" ]
then
    pkill -HUP dnsmasq
else
    /etc/init.d/dnsmasq restart
fi

exit 0

## black.list
#/etc/black.list

#add some server that the list doesn't block
example1.block.com

## sysupgrade.conf
#/etc/sysupgrade.conf
#This file is a list of files that should be preserved through upgrades
#OPTIONAL!!!!!
/etc/passwd
/etc/shadow
...
...
/etc/adblock.sh #ADD THIS LINE
/etc/white.list #AND THIS ONE
/etc/block.hosts #AND THIS ONE
/etc/black.list #AND THIS ONE

## white.list
#/etc/white.list

#Add whitelisted addresses, when appropriate, etc.
a248.e.akamai.net
	#!/bin/sh
	#Put in /etc/adblock.sh

	#Block ads, malware, etc.

	#Need pkill installed
	if command -v pkill > /dev/null
	then
	echo 'Found pkill!'
	else
	echo 'Updating package list...'
	opkg update > /dev/null
	echo 'Installing procps/procps-pkill package...'
	opkg install procps > /dev/null
	opkg install procps-pkill > /dev/null
	fi

	#Need iptables-mod-nat-extra installed
	if opkg list-installed \| grep -q iptables-mod-nat-extra
	then
	echo 'iptables-mod-nat-extra is installed!'
	else
	echo 'Updating package list...'
	opkg update > /dev/null
	echo 'Installing iptables-mod-nat-extra...'
	opkg install iptables-mod-nat-extra > /dev/null
	fi

	# Only block wireless ads? Y/N
	ONLY_WIRELESS="N"

	if [ "$ONLY_WIRELESS" == "Y" ]
	then
	echo 'Wireless only blocking!'
	FW1="iptables -t nat -I PREROUTING -i wlan+ -p tcp --dport 53 -j REDIRECT --to-ports 53"
	FW2="iptables -t nat -I PREROUTING -i wlan+ -p udp --dport 53 -j REDIRECT --to-ports 53"
	else
	FW1="iptables -t nat -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53"
	FW2="iptables -t nat -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53"
	fi

	#Change the cron command to what is comfortable, or leave as is
	CRON="0 4 * * 0,3 sh /etc/adblock.sh"
	DNSMASQ_EDITED="1"
	FIREWALL_EDITED="1"

	echo 'Updating config, if necessary...'

	#Check proper DHCP config and, if necessary, update it
	uci get dhcp.@dnsmasq[0].addnhosts > /dev/null 2>&1 && DNSMASQ_EDITED="0" \|\| uci add_list dhcp.@dnsmasq[0].addnhosts=/etc/block.hosts && uci commit

	#Leave crontab alone, or add to it
	grep -q "/etc/adblock.sh" /etc/crontabs/root \|\| echo "$CRON" >> /etc/crontabs/root

	#Add firewall rules if necessary
	grep -q "$FW1" /etc/firewall.user && FIREWALL_EDITED="0" \|\| echo "$FW1" >> /etc/firewall.user
	grep -q "$FW2" /etc/firewall.user && FIREWALL_EDITED="0" \|\| echo "$FW2" >> /etc/firewall.user

	#Delete the old block.hosts to make room for the updates
	rm -f /etc/block.hosts

	echo 'Downloading hosts lists...'

	#Download and process the files needed to make the lists (enable/add more, if you want)
	wget -qO- http://www.mvps.org/winhelp2002/hosts.txt\| awk '/^0.0.0.0/' > /tmp/block.build.list
	#wget -qO- http://www.malwaredomainlist.com/hostslist/hosts.txt\|awk '{sub(/^127.0.0.1/, "0.0.0.0")} /^0.0.0.0/' >> /tmp/block.build.list
	#wget -qO- "http://hosts-file.net/.\ad_servers.txt"\|awk '{sub(/^127.0.0.1/, "0.0.0.0")} /^0.0.0.0/' >> /tmp/block.build.list

	#need GNU wget from opkg since BusyBox wget doesn't handle https well (for me it seems, lol)
	wget -qO- --no-check-certificate "https://adaway.org/hosts.txt"\|awk '{sub(/^127.0.0.1/, "0.0.0.0")} /^0.0.0.0/' >> /tmp/block.build.list

	#Add black list, if non-empty
	if [ -s "/etc/black.list" ]
	then
	echo 'Adding blacklist...'
	awk '/^[^#]/ { print "0.0.0.0",$1 }' /etc/black.list >> /tmp/block.build.list
	fi

	echo 'Sorting lists...'

	#Sort the download/black lists
	awk '{sub(/\r$/,"");print $1,$2}' /tmp/block.build.list\|sort -u > /tmp/block.build.before

	#Filter (if applicable)
	if [ -s "/etc/white.list" ]
	then
	#Filter the blacklist, supressing whitelist matches
	# This is relatively slow =-(
	echo 'Filtering white list...'
	awk '/^[^#]/ {sub(/\r$/,"");print $1}' /etc/white.list \| grep -vf - /tmp/block.build.list > /etc/block.hosts
	else
	cat /tmp/block.build.list > /etc/block.hosts
	fi

	echo 'Adding ipv6 support...'

	#Add ipv6 support
	sed -i -re 's/^(0\.0\.0\.0) (.*)$/\1 \2\n:: \2/g' /etc/block.hosts

	echo 'Cleaning up...'

	#Delete files used to build list to free up the limited space
	rm -f /tmp/block.build.list

	if [ "$FIREWALL_EDITED" -ne "0" ]
	then
	echo 'Restarting firewall...'
	/etc/init.d/firewall restart > /dev/null 2>&1
	fi

	echo 'Restarting dnsmasq...'

	#Restart dnsmasq
	if [ "$DNSMASQ_EDITED" -eq "0" ]
	then
	pkill -HUP dnsmasq
	else
	/etc/init.d/dnsmasq restart
	fi

	exit 0
	#/etc/black.list

	#add some server that the list doesn't block
	example1.block.com
	#/etc/sysupgrade.conf
	#This file is a list of files that should be preserved through upgrades
	#OPTIONAL!!!!!
	/etc/passwd
	/etc/shadow
	...
	...
	/etc/adblock.sh #ADD THIS LINE
	/etc/white.list #AND THIS ONE
	/etc/block.hosts #AND THIS ONE
	/etc/black.list #AND THIS ONE
	#/etc/white.list

	#Add whitelisted addresses, when appropriate, etc.
	a248.e.akamai.net