Adblock package release for turris omnia


#84

Many thanks for this page. I’ve revised the page, one noticeable change is the removal of the kresd & restart section, this will be handled by adblock automatically.

Thanks again! :slightly_smiling_face:

Edit: I’ve added a link to the wiki page in the initial post.


#85

Nice; I think wiki is better than forum for this. I would probably mention/link somewhere that some people prefer pi-hole in lxc, but I certainly don’t feel strongly about that.


#87

I didn’t even think as far as comparison.

Pakon? Hmm, filtering https handshakes based on SNI (i.e. hostname) and fake-answering them with some kind of refusal? I can’t really predict how clients will react, e.g. retry or something – DNS way seems safer here to me. (Maybe it’s just the fact that I understand DNS much better than http/s.)


#88

disable kresd & virtualize a pihole-enabled dnsmasq instance for dns resolution on a router!? Sounds weird to me, but probably I’m a bit biased …:wink:


#89

I assume they like the shiny GUI, etc. Let me cross-ref the poll, too. I’m certainly biased, as a knot-resolver developer, and I personally don’t want to block ads at all, but that’s off-topic here, really :wink:


#91

On client side I’m using only “NoScript” as additional firefox plugin - nothing more.

In ancient adblock 1.x releases were basic firewall statistics … since release 2.x adblock switched to DNS-centered NXDOMAIN-approach which means:

  • quite fast
  • no complex and error prone http/https-redirection to local/virtual blackhole instances (which does not work for ssl adserver farms anyway)
  • statistics only available within DNS backend logs, look for NXDOMAIN events

#93

Yes, resolver make config file for kresd/unbount and start kresd/unboud himself after.


#94

That’s the recommended default on Turris Omnia. Of course you can also select dnsmasq or unbound as dns backend - but I’ve never tested such combination with Turris.


#96

Some Turris/Pi-hole users build a new czech specific blocklist (see here). If you would like to use this new list source, simply add the new source below:

config source 'reg_cz'
	option adb_src 'https://raw.githubusercontent.com/qxstyles/turris-hole-czech-block-list/master/turris-hole-czech-block-list'
	option adb_src_rset '/^(#|[[:space:]])/{next}/((.{1,63}\.)+[[:alpha:]]+([[:space:]]|$)+)/{print tolower(\$1)}'
	option adb_src_desc 'focus on czech ads maintained by Turris Omnia Users, infrequent updates, approx. 55 entries'
	option enabled '1'

Pi-hole Black List (nejen české zdroje)
#97

Can someone compile PI Hole config also for all other sources from here :

/ Může někdo zkompilovat PI Hole konfiguraci pro ostatní zdroje zde :

As some of them are as zip file / tar.gz

I would like to just copy and paste into my PI Hole configuration


#98

This will happen automatically with the next regular adblock update, in the meantime please use the config addon posted above.

Edit: Or did you ask for Pi-Hole? Pi-Hole doesn’t support compressed source lists (to my limited knowledge).


#99

Yes, there are some zip compressed lists like the hp one https://hosts-file.net/download/hosts.zip, so I expect they have to be downloaded with wget and some scheduled cron script.


#100

For your information in OpenWrt package trunk is now the first 3.5.x adblock release, with the following major changes:

  • performance boost: add a flexible ‘Download Queue’ to handle downloads & list processing in parallel, default queue size is ‘4’, you can raise this e.g. to ‘8’ or ‘16’ to get it really fast
    => The full set of blocklists takes on a Turris Omnia only ~30 sec., on an APU ~58 sec., in general half of the time of adblock 3.4.3 :wink:

  • replace former ‘whitelist mode’: the new ‘Jail’ option builds an additional ‘adb_list.jail’ list in parallel to block access to all domains except those listed in the whitelist file, which can be used manually for guest wifi or kidsafe configurations
    => this should be much more handy than the old ‘whitelist mode’

  • regex parser & query function now fully support IDN domains with non-ASCII characters

  • add error handling in tld compression, to handle OOM conditions better

  • adblock.notify sends now html emails, to get a better look & feel, even on mobile devices
    => now it looks like this:

  • add czech regional blocklist maintained by turris omnia users

  • LuCI: Support new ‘Download Queue’ & ‘Jail’ options

Have fun!
Dirk


#102

Install the adblock package with the following opkg option …

opkg <adblock-package> --force-maintainer

… and you always get the latest/maintainer default config. Of course after that you have to change/set the few turris specific options again.


#104

It’s the same procedure than the - already described - normal installation, download the files locally and install them afterwards with opkg … you can’t use the turris repositories by now, cause they are still totally outdated (at least regarding the adblock package)


#105

Hello,
I installed the latest version from the trunk
(adblock_3.5.0-1_all.ipk, luci-app-adblock_git-18.031.70145-518ac52-1_all.ipk)
Installation worked without any problems, but I have a bug in the Luci interface.
Probably the missing option “jail Blocklist Creation”. It lacks the “save and apply” button, probably as a result of the XML error. I was able to save the changes using the “unsaved changes” option.
I have attached a screenshot:

This option is missing under “Extra” and probably causes this error.

Best regards


#106

Thanks for the report, it was a XHTML markup error. I’ve fixed this a few minutes ago and it will be available as a fixed luci package maybe in a few hours latest tomorrow. Meanwhile you can use the bootstrap design …


#107

How can I add EasyPrivacy to block Google Anallytics?


#108

goggle analytics domains will be blocked by many pre-configured blocklists, simply use the query function to check if domain ‘xyz’ is already blocked, e.g.:

Anyway, to add a new source please consult the online documentation (see first post). Your referenced source is in generic adblockplus format. So copy & paste an existing reg_xx entry, change the source name, url and description and you’re in, e.g.:

config source 'privacy'
	option adb_src 'https://easylist-downloads.adblockplus.org/easyprivacy.txt'
	option adb_src_rset 'BEGIN{FS=\"[|^]\"}/^\|\|([^([:space:]|#|\*|\/).]+\.)+[[:alpha:]]+\^("\\\$third-party")?$/{print tolower(\$3)}'
	option adb_src_desc 'focus on trackers/privacy, daily updates, approx. ??? entries'
	option enabled '1'

Hope this helps.


#109

Thanks. It did help. Installed and working fine.

I could see the overall pattern in the list of source. I was confident I knew what to use for the adb_src, adb_src_desc and enabled lines. It was the adb_src_rset line that gave me pause.