Adblock package release for turris omnia


Many thanks for this page. I’ve revised the page, one noticeable change is the removal of the kresd & restart section, this will be handled by adblock automatically.

Thanks again! :slightly_smiling_face:

Edit: I’ve added a link to the wiki page in the initial post.


Nice; I think wiki is better than forum for this. I would probably mention/link somewhere that some people prefer pi-hole in lxc, but I certainly don’t feel strongly about that.


I didn’t even think as far as comparison.

Pakon? Hmm, filtering https handshakes based on SNI (i.e. hostname) and fake-answering them with some kind of refusal? I can’t really predict how clients will react, e.g. retry or something – DNS way seems safer here to me. (Maybe it’s just the fact that I understand DNS much better than http/s.)


disable kresd & virtualize a pihole-enabled dnsmasq instance for dns resolution on a router!? Sounds weird to me, but probably I’m a bit biased …:wink:


I assume they like the shiny GUI, etc. Let me cross-ref the poll, too. I’m certainly biased, as a knot-resolver developer, and I personally don’t want to block ads at all, but that’s off-topic here, really :wink:


On client side I’m using only “NoScript” as additional firefox plugin - nothing more.

In ancient adblock 1.x releases were basic firewall statistics … since release 2.x adblock switched to DNS-centered NXDOMAIN-approach which means:

  • quite fast
  • no complex and error prone http/https-redirection to local/virtual blackhole instances (which does not work for ssl adserver farms anyway)
  • statistics only available within DNS backend logs, look for NXDOMAIN events


Yes, resolver make config file for kresd/unbount and start kresd/unboud himself after.


That’s the recommended default on Turris Omnia. Of course you can also select dnsmasq or unbound as dns backend - but I’ve never tested such combination with Turris.


Some Turris/Pi-hole users build a new czech specific blocklist (see here). If you would like to use this new list source, simply add the new source below:

config source 'reg_cz'
	option adb_src ''
	option adb_src_rset '/^(#|[[:space:]])/{next}/((.{1,63}\.)+[[:alpha:]]+([[:space:]]|$)+)/{print tolower(\$1)}'
	option adb_src_desc 'focus on czech ads maintained by Turris Omnia Users, infrequent updates, approx. 55 entries'
	option enabled '1'

Pi-hole Black List (nejen české zdroje)

Can someone compile PI Hole config also for all other sources from here :

/ Může někdo zkompilovat PI Hole konfiguraci pro ostatní zdroje zde :

As some of them are as zip file / tar.gz

I would like to just copy and paste into my PI Hole configuration


This will happen automatically with the next regular adblock update, in the meantime please use the config addon posted above.

Edit: Or did you ask for Pi-Hole? Pi-Hole doesn’t support compressed source lists (to my limited knowledge).


Yes, there are some zip compressed lists like the hp one, so I expect they have to be downloaded with wget and some scheduled cron script.


For your information in OpenWrt package trunk is now the first 3.5.x adblock release, with the following major changes:

  • performance boost: add a flexible ‘Download Queue’ to handle downloads & list processing in parallel, default queue size is ‘4’, you can raise this e.g. to ‘8’ or ‘16’ to get it really fast
    => The full set of blocklists takes on a Turris Omnia only ~30 sec., on an APU ~58 sec., in general half of the time of adblock 3.4.3 :wink:

  • replace former ‘whitelist mode’: the new ‘Jail’ option builds an additional ‘adb_list.jail’ list in parallel to block access to all domains except those listed in the whitelist file, which can be used manually for guest wifi or kidsafe configurations
    => this should be much more handy than the old ‘whitelist mode’

  • regex parser & query function now fully support IDN domains with non-ASCII characters

  • add error handling in tld compression, to handle OOM conditions better

  • adblock.notify sends now html emails, to get a better look & feel, even on mobile devices
    => now it looks like this:

  • add czech regional blocklist maintained by turris omnia users

  • LuCI: Support new ‘Download Queue’ & ‘Jail’ options

Have fun!


Install the adblock package with the following opkg option …

opkg <adblock-package> --force-maintainer

… and you always get the latest/maintainer default config. Of course after that you have to change/set the few turris specific options again.


It’s the same procedure than the - already described - normal installation, download the files locally and install them afterwards with opkg … you can’t use the turris repositories by now, cause they are still totally outdated (at least regarding the adblock package)


I installed the latest version from the trunk
(adblock_3.5.0-1_all.ipk, luci-app-adblock_git-18.031.70145-518ac52-1_all.ipk)
Installation worked without any problems, but I have a bug in the Luci interface.
Probably the missing option “jail Blocklist Creation”. It lacks the “save and apply” button, probably as a result of the XML error. I was able to save the changes using the “unsaved changes” option.
I have attached a screenshot:

This option is missing under “Extra” and probably causes this error.

Best regards


Thanks for the report, it was a XHTML markup error. I’ve fixed this a few minutes ago and it will be available as a fixed luci package maybe in a few hours latest tomorrow. Meanwhile you can use the bootstrap design …


How can I add EasyPrivacy to block Google Anallytics?


goggle analytics domains will be blocked by many pre-configured blocklists, simply use the query function to check if domain ‘xyz’ is already blocked, e.g.:

Anyway, to add a new source please consult the online documentation (see first post). Your referenced source is in generic adblockplus format. So copy & paste an existing reg_xx entry, change the source name, url and description and you’re in, e.g.:

config source 'privacy'
	option adb_src ''
	option adb_src_rset 'BEGIN{FS=\"[|^]\"}/^\|\|([^([:space:]|#|\*|\/).]+\.)+[[:alpha:]]+\^("\\\$third-party")?$/{print tolower(\$3)}'
	option adb_src_desc 'focus on trackers/privacy, daily updates, approx. ??? entries'
	option enabled '1'

Hope this helps.


Thanks. It did help. Installed and working fine.

I could see the overall pattern in the list of source. I was confident I knew what to use for the adb_src, adb_src_desc and enabled lines. It was the adb_src_rset line that gave me pause.