Last active
July 30, 2023 15:33
-
-
Save leober-ramos33/0872d32d697c24fda3bc15a53ad70415 to your computer and use it in GitHub Desktop.
An OpenWRT DNS Blocker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
ONLY_WIRELESS="N" | |
IPV6="N" | |
SSL="N" | |
TRANS="N" | |
EXEMPT="N" | |
START_RANGE="192.168.1.0" | |
END_RANGE="192.168.1.255" | |
ENDPOINT_IP4="0.0.0.0" | |
ENDPOINT_IP6="::" | |
CRON="0 4 * * 0,3 sh /etc/adblock.sh" | |
cleanup(){ | |
echo 'Cleaning up...' | |
rm -f /tmp/block.build.list | |
rm -f /tmp/block.build.before | |
} | |
install_dependencies(){ | |
if opkg list-installed | grep -q iptables-mod-nat-extra | |
then | |
echo 'iptables-mod-nat-extra is installed!' | |
else | |
echo 'Updating package list...' | |
opkg update > /dev/null | |
echo 'Installing iptables-mod-nat-extra...' | |
opkg install iptables-mod-nat-extra > /dev/null | |
fi | |
if [ "$EXEMPT" = "Y" ] | |
then | |
if opkg list-installed | grep -q iptables-mod-iprange | |
then | |
echo 'iptables-mod-iprange installed' | |
else | |
echo 'Updating package list...' | |
opkg update > /dev/null | |
echo 'Installing iptables-mod-iprange...' | |
opkg install iptables-mod-iprange > /dev/null | |
fi | |
fi | |
if [ "$SSL" = "Y" ] | |
then | |
if opkg list-installed wget | grep -q wget | |
then | |
if wget --version | grep -q +ssl | |
then | |
echo 'wget (with ssl) found' | |
else | |
opkg update > /dev/null | |
opkg install wget --force-reinstall > /dev/null | |
fi | |
else | |
echo 'Updating package list...' | |
opkg update > /dev/null | |
echo 'Installing wget (with ssl)...' | |
opkg install wget > /dev/null | |
fi | |
fi | |
} | |
add_config(){ | |
if [ "$ONLY_WIRELESS" = "Y" ] | |
then | |
echo 'Wireless only blocking!' | |
if [ "$EXEMPT" = "Y" ] | |
then | |
echo 'Exempting some ips...' | |
FW1="iptables -t nat -I PREROUTING -m iprange ! --src-range $START_RANGE-$END_RANGE -i wlan+ -p tcp --dport 53 -j REDIRECT --to-ports 53" | |
FW2="iptables -t nat -I PREROUTING -m iprange ! --src-range $START_RANGE-$END_RANGE -i wlan+ -p udp --dport 53 -j REDIRECT --to-ports 53" | |
else | |
FW1="iptables -t nat -I PREROUTING -i wlan+ -p tcp --dport 53 -j REDIRECT --to-ports 53" | |
FW2="iptables -t nat -I PREROUTING -i wlan+ -p udp --dport 53 -j REDIRECT --to-ports 53" | |
fi | |
else | |
if [ "$EXEMPT" = "Y" ] | |
then | |
echo "Exempting some ips..." | |
FW1="iptables -t nat -I PREROUTING -m iprange ! --src-range $START_RANGE-$END_RANGE -p tcp --dport 53 -j REDIRECT --to-ports 53" | |
FW2="iptables -t nat -I PREROUTING -m iprange ! --src-range $START_RANGE-$END_RANGE -p udp --dport 53 -j REDIRECT --to-ports 53" | |
else | |
FW1="iptables -t nat -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53" | |
FW2="iptables -t nat -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53" | |
fi | |
fi | |
echo 'Updating config...' | |
uci add_list dhcp.@dnsmasq[0].addnhosts=/etc/block.hosts > /dev/null 2>&1 && uci commit | |
echo "$CRON" >> /etc/crontabs/root | |
TOR=`uci get tor.global.enabled 2> /dev/null` | |
if [ "$TOR" == "1" ] | |
then | |
TORPORT=`uci get tor.client.dns_port` | |
TORIP="127.0.0.1:$TORPORT" | |
uci set dhcp.@dnsmasq[0].noresolv='1' > /dev/null &2>1 && uci commit | |
uci add_list dhcp.@dnsmasq[0].server="$TORIP" > /dev/null &2>1 && uci commit | |
fi | |
echo "$FW1" >> /etc/firewall.user | |
echo "$FW2" >> /etc/firewall.user | |
LS=`uci get dhcp.@dnsmasq[0].localservice 2> /dev/null` | |
if [ "$LS" == "1" ] | |
then | |
echo "HINT: localservice is set to 1" | |
echo " Adblocking (and router DNS) over a VPN may not work" | |
echo " To allow VPN router DNS, manually set localservice to 0" | |
fi | |
if [ "$TRANS" = "Y" ] | |
then | |
if [ ! -e "/www/1.gif" ] | |
then | |
/usr/bin/wget -O /www/1.gif http://upload.wikimedia.org/wikipedia/commons/c/ce/Transparent.gif > /dev/null | |
fi | |
if [ -s "/usr/sbin/uhttpd" ] | |
then | |
echo "uhttpd found..." | |
echo "updating server error page to return transparent pixel..." | |
uci set uhttpd.main.error_page="/1.gif" && uci commit | |
elif [ -s "/usr/sbin/httpd_gargoyle" ] | |
then | |
echo "httpd_gargoyle found..." | |
echo "updating server error page to return transparent pixel..." | |
uci set httpd_gargoyle.server.page_not_found_file="1.gif" && uci commit | |
else | |
echo "Cannot find supported web server..." | |
fi | |
fi | |
} | |
update_blocklist(){ | |
rm -f /etc/block.hosts | |
if [ "$TRANS" = "Y" ] && [ -e "/www/1.gif" ] && ([ -s "/usr/sbin/uhttpd" ] || [ -s "/usr/sbin/httpd_gargoyle" ]) | |
then | |
ENDPOINT_IP4=$(uci get network.lan.ipaddr) | |
if [ "$IPV6" = "Y" ] | |
then | |
ENDPOINT_IP6=$(uci get network.lan6.ipaddr) | |
fi | |
fi | |
echo 'Downloading hosts lists...' | |
# Malware Domain List (Malware) | |
wget -qO- http://www.malwaredomainlist.com/hostslist/hosts.txt |awk -v r="$ENDPOINT_IP4" '{sub(/^127.0.0.1/, r)} $0 ~ "^"r' >> /tmp/block.build.list | |
# Disconnect.me (Tracking) | |
wget -qO- http://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt |awk -v r="$ENDPOINT_IP4" '/^[^#]/ { print r,$1 }' >> /tmp/block.build.list | |
# AdAway (Ads) | |
wget -qO- --header='X-Requested-With: XMLHttpRequest' http://cors-anywhere.herokuapp.com/https://adaway.org/hosts.txt |awk -v r="$ENDPOINT_IP4 " '{sub(/^127.0.0.1/, r)} $0 ~ "^"r' >> /tmp/block.build.list | |
# NoCoin (Cryptomining) | |
wget -qO- --header='X-Requested-With: XMLHttpRequest' http://cors-anywhere.herokuapp.com/https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt |awk -v r="$ENDPOINT_IP4" '{sub(/^0.0.0.0/, r)} $0 ~ "^"r' >> /tmp/block.build.list | |
# add.Spam (Spam) | |
wget -qO- --header='X-Requested-With: XMLHttpRequest' http://cors-anywhere.herokuapp.com/https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Spam/hosts |awk -v r="$ENDPOINT_IP4" '{sub(/^0.0.0.0/, r)} $0 ~ "^"r' >> /tmp/block.build.list | |
# My Personal Hosts.txt | |
wget -qO- --header='X-Requested-With: XMLHttpRequest' http://cors-anywhere.herokuapp.com/https://gist.githubusercontent.com/yonaikerlol/6a29d80911dafc4a7c8611ac1336c9c4/raw/hosts.txt |awk -v r="$ENDPOINT_IP4" '/^[^#]/ { print r,$1 }' >> /tmp/block.build.list | |
if [ -s "/etc/black.list" ] | |
then | |
echo 'Adding blacklist...' | |
awk -v r="$ENDPOINT_IP4" '/^[^#]/ { print r,$1 }' /etc/black.list >> /tmp/block.build.list | |
fi | |
echo 'Sorting lists...' | |
awk '{sub(/\r$/,"");print $1,$2}' /tmp/block.build.list|sort -u > /tmp/block.build.before | |
if [ -s "/etc/white.list" ]; then | |
echo 'Filtering white list...' | |
egrep -v "^[[:space:]]*$" /etc/white.list | awk '/^[^#]/ {sub(/\r$/,"");print $1}' | grep -vf - /tmp/block.build.before > /etc/block.hosts | |
else | |
cat /tmp/block.build.before > /etc/block.hosts | |
fi | |
if [ "$IPV6" = "Y" ]; then | |
safe_pattern=$(printf '%s\n' "$ENDPOINT_IP4" | sed 's/[[\.*^$(){}?+|/]/\\&/g') | |
safe_addition=$(printf '%s\n' "$ENDPOINT_IP6" | sed 's/[\&/]/\\&/g') | |
echo 'Adding ipv6 support...' | |
sed -i -re "s/^(${safe_pattern}) (.*)$/\1 \2\n${safe_addition} \2/g" /etc/block.hosts | |
fi | |
} | |
restart_firewall(){ | |
echo 'Restarting firewall...' | |
if [ -s "/usr/lib/gargoyle/restart_firewall.sh" ]; then | |
/usr/lib/gargoyle/restart_firewall.sh > /dev/null 2>&1 | |
else | |
/etc/init.d/firewall restart > /dev/null 2>&1 | |
fi | |
} | |
restart_dnsmasq(){ | |
if [ "$1" -eq "0" ] | |
then | |
echo 'Re-reading blocklist' | |
killall -HUP dnsmasq | |
else | |
echo 'Restarting dnsmasq...' | |
/etc/init.d/dnsmasq restart | |
fi | |
} | |
restart_http(){ | |
if [ -s "/usr/sbin/uhttpd" ] | |
then | |
echo 'Restarting uhttpd...' | |
/etc/init.d/uhttpd restart | |
elif [ -s "/usr/sbin/httpd_gargoyle" ] | |
then | |
echo 'Restarting httpd_gargoyle...' | |
/etc/init.d/httpd_gargoyle restart | |
fi | |
} | |
restart_cron(){ | |
echo 'Restarting cron...' | |
/etc/init.d/cron restart > /dev/null 2>&1 | |
} | |
remove_config(){ | |
echo 'Reverting config...' | |
uci del_list dhcp.@dnsmasq[0].addnhosts=/etc/block.hosts > /dev/null 2>&1 && uci commit | |
sed -i '/adblock/d' /etc/crontabs/root | |
sed -i '/--to-ports 53/d' /etc/firewall.user | |
uci del_list dhcp.@dnsmasq[0].server > /dev/null 2>&1 && uci commit | |
uci set dhcp.@dnsmasq[0].noresolv='0' > /dev/null 2>&1 && uci commit | |
uci delete uhttpd.main.error_page > /dev/null 2>&1 && uci commit | |
uci set httpd_gargoyle.server.page_not_found_file="login.sh" > /dev/null 2>&1 && uci commit | |
} | |
toggle(){ | |
if grep -q "adblock" /etc/crontabs/root | |
then | |
echo 'Turning off!' | |
remove_config | |
else | |
echo 'Turning on!' | |
add_config | |
fi | |
restart_firewall | |
restart_dnsmasq 1 | |
restart_http | |
restart_cron | |
} | |
case "$1" in | |
"-t") | |
toggle | |
;; | |
"-f") | |
install_dependencies | |
add_config | |
update_blocklist | |
restart_firewall | |
restart_dnsmasq 1 | |
restart_http | |
restart_cron | |
cleanup | |
;; | |
"-r") | |
remove_config | |
install_dependencies | |
add_config | |
update_blocklist | |
restart_firewall | |
restart_dnsmasq 1 | |
restart_http | |
restart_cron | |
cleanup | |
;; | |
*) | |
update_blocklist | |
restart_dnsmasq 0 | |
cleanup | |
;; | |
esac | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment