Skip to content

Instantly share code, notes, and snippets.

@h0tw1r3
Created May 29, 2014
Embed
What would you like to do?
DNS ad and malware block script for DNSmasq and pixelserv
#!/bin/ash
#
# DNS Ad/Malware blocker for Tomato/DD-Wrt based routers
#
# Requires: DNSmasq and Pixelserv
#
# Merges block lists:
# * Winhelp2002
# * Pgl Yoyo
# * Malware Domains
#
# Copyright (c) 2014, Jeffrey Clark [dude @ zaplabs com]
#
DATAPATH=/jffs/adblock
log () {
logger -s -t adblock "$1"
}
set -e
SCRIPT_PATH=$( cd -P "$( dirname "$0" )" && pwd )
BR0_INET=$(ip addr show dev br0 | sed -r -n "s/.*inet ([0-9\/\.]+).* global br0/\1/p")
inet () {
echo $BR0_INET | sed -r "s/([0-9]+).([0-9]+).([0-9]+).([0-9]+)\/([0-9]+)/$1/"
}
pixelserv_pid () {
ps | sed -r -n "s/[\ ]*([0-9]+).+pixelserv [0-9\.]+.*/\1/p"
}
## TODO: Make a loop to get a free IP address and cache
[ ! -d "${DATAPATH}" ] && mkdir "${DATAPATH}"
NET_NUM=$(inet '\4')
NET_NUM=$(($NET_NUM + 2))
IP=$(inet "\\1.\\2.\\3.$NET_NUM")
INET=$(inet "$IP\\/\\5")
log "IP/Network: $INET"
set +e
ping -c 1 -W 2 -q $IP >/dev/null
if [[ $? -eq 1 ]]; then
log "Adding $INET to br0"
ip addr add $INET dev br0
else
log "$INET exsists on br0"
fi
set -e
## Start pixelserv
if [[ "$(pixelserv_pid)" != "" ]]; then
set +e
killall -9 pixelserv
sleep 1
set -e
fi
log "Starting pixelserv on $IP"
${SCRIPT_PATH}/pixelserv $IP -r
if [ ! -e "${DATAPATH}/list.winhelp2002.txt" ]; then
log "Downloading host file 1..."
wget -T 10 -O - http://winhelp2002.mvps.org/hosts.txt | \
awk '{ if ($1 == "0.0.0.0") { gsub(/www\./, ""); if (LAST != $2) { print $2; LAST=$2; } } }' \
> ${DATAPATH}/list.winhelp2002.txt
fi
if [ ! -e "${DATAPATH}/list.yoyo.txt" ]; then
log "Downloading host file 2..."
wget -T 10 -O - 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml' \
> ${DATAPATH}/list.yoyo.txt
fi
if [ ! -e "${DATAPATH}/list.malware.txt" ]; then
log "Downloading host file 3..."
wget -T 10 -O - 'http://malwaredomains.lehigh.edu/files/justdomains' \
> ${DATAPATH}/list.malware.txt
fi
if [ ! -e "${DATAPATH}/list.dnsmasq.conf" ]; then
cd "${DATAPATH}"
log "Processing exclusions, creating dnsmasq configuration..."
cat list.winhelp2002.txt list.yoyo.txt list.malware.txt | sort -u | \
grep -vf "${SCRIPT_PATH}/adblock.exclusions.txt" | \
awk '{ print "address=/" $0 "/'${IP}'" }' \
> ${DATAPATH}/list.dnsmasq.conf
fi
log "Processing additional hosts..."
sed 's/\(.*\)/address=\/'${IP}'\/\1/' ${SCRIPT_PATH}/adblock.additional.txt > ${DATAPATH}/additional.dnsmasq.conf
if [ -e "/etc/dnsmasq.conf" ]; then
CONFTEST=$(nvram get dnsmasq_custom | grep -- 'conf-dir='${DATAPATH})
if [[ "x${CONFTEST}" = "x" ]]; then
log "Modifying DNSmasq configuration."
nvram get dnsmasq_custom > /tmp/$$.dnsmasq
echo "conf-dir=${DATAPATH},txt" >> /tmp/$$.dnsmasq
nvram set dnsmasq_custom="$(cat /tmp/$$.dnsmasq)"
rm /tmp/$$.dnsmasq
fi
exit
log "Restarting local DNS server"
service dnsmasq restart
else
log "dnsmasq.conf not found... something is very wrong"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment