Last active
September 14, 2016 13:27
-
-
Save jeanpaulgalea/6dc8284d705eee46f77c3b7bf2627101 to your computer and use it in GitHub Desktop.
DNS level adblocking
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
su -c/usr/local/bin/unbound-block - unbound-block | |
if [ $? -eq 0 ]; | |
then | |
service unbound reload >/dev/null; | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server: | |
# The following line will configure unbound to perform cryptographic | |
# DNSSEC validation using the root trust anchor. | |
auto-trust-anchor-file: "/var/lib/unbound/root.key" | |
interface: 127.0.0.1 | |
access-control: 127.0.0.0/8 allow | |
include: /etc/unbound/unbound-block.conf | |
remote-control: | |
control-interface: 127.0.0.1 | |
forward-zone: | |
name: "yubico.org" | |
forward-addr: 192.168.1.1 | |
forward-first: yes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sudo apt-get install unbound | |
sudo vi /usr/local/bin/unbound-block | |
sudo chmod +x /usr/local/bin/unbound-block | |
sudo vi /etc/cron.daily/unbound-block | |
sudo chmod +x /etc/cron.daily/unbound-block | |
sudo vi /etc/unbound/unbound.conf | |
sudo adduser --system --home /nonexistent --no-create-home --shell /bin/sh --group --disabled-password unbound-block | |
sudo touch /etc/unbound/unbound-block.conf | |
sudo chown unbound-block:unbound-block /etc/unbound/unbound-block.conf | |
sudo chmod 0644 /etc/unbound/unbound-block.conf | |
sudo service unbound restart | |
sudo /etc/cron.daily/unbound-block | |
# point /etc/resolv.conf or your network manager to 127.0.0.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
set -e | |
DST=/etc/unbound/unbound-block.conf | |
TMPDIR="$(mktemp -d)" | |
trap 'rm -rf "$TMPDIR"' EXIT | |
wget -q -O - -- 'https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts' >"$TMPDIR/malware" | |
wget -q -O - -- 'https://raw.githubusercontent.com/StevenBlack/hosts/master/extensions/gambling/hosts' >"$TMPDIR/gambling" | |
wget -q -O - -- 'https://raw.githubusercontent.com/StevenBlack/hosts/master/extensions/porn/hosts' >"$TMPDIR/porn" | |
wget -q -O - -- 'https://raw.githubusercontent.com/StevenBlack/hosts/master/extensions/social/hosts' >"$TMPDIR/social" | |
# drop social but not twitter and linkedin. | |
# | |
# considered hardcoding this, | |
# but then it will never be updated. | |
sed -e " | |
# look for the line similar to '# twitter' and comment all | |
# subsequent lines until an empty line is found. | |
/^#.*twitter.*$/I , /^\s*$/ s/^/#/ | |
/^#.*linkedin.*$/I , /^\s*$/ s/^/#/ | |
" -i "$TMPDIR/social" | |
# merge | |
cat "$TMPDIR/malware" "$TMPDIR/gambling" "$TMPDIR/porn" "$TMPDIR/social" >"$TMPDIR/all" | |
# create include file for unbound. | |
# | |
# for each hostname to block: echo "local-zone: $hostname static". | |
# | |
# this will instruct unbound to only reply with static data for such $hostname, | |
# and we don't declare any A/AAAA/NS/etc. for $hostname, | |
# forcing unbound to reply with NXDOMAIN. | |
sed -n -e " | |
# force all lists to use one convention | |
s/^127\.0\.0\.1/0.0.0.0/; | |
# keep blocked hostnames only; drop empty lines, etc. | |
/^0\.0\.0\.0\s\s*/!d; | |
# drop ip addr from 'ip\thostname # possible comment' | |
s/^0\.0\.0\.0\s\s*//; | |
# drop any end of line comment | |
s/#.*$//; | |
# drop any end of line whitespace | |
s/\s*$//; | |
# make sure we are working with safe data; | |
# skip line if any other character is found. | |
/[^a-zA-Z0-9\._-]/d; | |
# printf 'local-zone: %s static' | |
s/^/local-zone: /; | |
s/$/ static/; | |
p | |
" -i "$TMPDIR/all" | |
# avoid duplicates which cause unbound to exit | |
sort "$TMPDIR/all" | uniq > "$TMPDIR/unique" | |
# exit with code if there's no update to be made. | |
if cmp -s "$TMPDIR/unique" "$DST" ; | |
then | |
exit 2 | |
fi | |
cat "$TMPDIR/unique" >"$DST" | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment