[GUIDE] HowTo | Adblock getting to Work! | Easy Settings | SSH Blacklist List

Here is the VPN Adblock Settings that works with the Turris Omnia (I think Mox to):

  1. First learn how to use Basic SSH Commands:
    HowTo Save files:
    -> To use nano commands you need to install in Luci->System-Software->download nano
  2. Connect with terminal (linux): “ssh root@” to Turris Omnia and use your Luci Passwort
  3. Use the Guide from falkon:
    Adblock package release for turris omnia
    -> To Save hit ESC -> “:wq” and use wget for download & Enable Blacklist (First Blacklist>Repo)

Hi dibdot,

thank you very much for your manual how to set up adblock on Turris Omnia!

Unfortunately, when I followed your steps, it was not very straightforward for me – I’m not very experienced OpenWRT user though I have non-trivial Linux administration experience.That’s why I would like to share my step-by-step guide for other users. Feel free to update your first post if you like it.

So, here we go:

  1. [optional] Change current dir to /tmp , so you do not write to the Turris’ (precious) internal Flash memory. But you can use any dir you like…[turris]:/# cd /tmp
  2. Download AdBlock packages: adblock and luci-app-adblock . Find the latest version on these pages: adblock package and luci-app-adblock . Use proper links in wget commands below:[turris]:/tmp# wget https://downloads.lede-project.org/snapshots/packages/x86_64/packages/adblock_3.0.2-1_all.ipk
    [turris]:/tmp# wget https://downloads.lede-project.org/snapshots/packages/x86_64/luci/luci-app-adblock_git-17.257.70215-07593d2-1_all.ipk
  3. Install both packages:[turris]:/tmp# opkg install adblock_3.0.2-1_all.ipk
    [turris]:/tmp# opkg install luci-app-adblock_git-17.257.70215-07593d2-1_all.ipk
  4. Enable module. First of all, check the present state by running:[turris]:/tmp# /etc/init.d/adblock enabled; echo $?

Please note that the script returned 1, which means there was some ‘error’ – this mean, the module is NOT enabled.

Let’s enable it and check the state again:

[turris]:/tmp# /etc/init.d/adblock enable
[turris]:/tmp# /etc/init.d/adblock enabled; echo $?

!!! Beware !!! Even though the /etc/init.d/adblock enable script (in version 3.0.2) returns 1 (error code), it seems that it does its job. You can verify it by running /etc/init.d/adblock enabled; echo $? . If the result is “0” (no error), the module is enabled.

  1. now, edit the kresd config file:vim /etc/config/resolver

and find the section config resolver 'kresd' . Add the following line:

list rpz_file "/etc/kresd/adb_list.overall"

just after the config resolver 'kresd' line. So the config may looks like this:

config resolver 'common'
    ...  // some global preferences

config resolver 'kresd'
    list rpz_file "/etc/kresd/adb_list.overall"        
    option rundir '/tmp/kresd'
    option log_stderr '1'
    option log_stdout '1'
    option forks '1'
    option dynamic_domains '0'

config resolver 'unbound'
    option outgoing_range '60'
  1. Now, go to the LuCI web interface, Services -> Adblock page and make the following changes from the “default” pre-set:

  2. make sure “Enable Adblock” is checked

  • change “DNS Backend” to “kresd”
  • change “Startup Trigger” to “timed”
  • check additional Blocklist Sources, e.g.,: adaway, adguard, blacklist, disconnect, ransomware, winspy, yoyo, zeus
  • you can check Verbose Debug Logging (if you would like to check everything is working fine)
  • check Force Local DNS
  • finally, hit “Save & Apply” button
  1. Now, verify your setup:

  2. Check /etc/init.d/adblock status :

 [turris]:/tmp# /etc/init.d/adblock status
 ::: adblock runtime information
   + adblock_status  : enabled
   + adblock_version : 3.0.2
   + blocked_domains : 82457
   + fetch_utility   : wget (built-in)
   + dns_backend     : kresd (/etc/kresd)
   + last_rundate    : 17.09.2017 01:38:35
   + system_release  : Turris Omnia, OpenWrt omnia 15.05/3.8
  1. view log file:
 [turris]:/tmp# cat /var/log/messages | grep "adblock" 
  1. check the existence of new definitions-file for kresd:
 [turris]:/tmp# ls -lh /etc/kresd/adb_list.overall
  -rw-r--r--    1 root     root        1.0M Sep 16 23:51 /etc/kresd/adb_list.overall
  1. To be sure, it is better to restart the resolver now:
 [turris]:/tmp# /etc/init.d/resolver restart
  1. let’s try to resolve some Ad-domain:
 [turris]:/tmp# nslookup securepubads.g.doubleclick.net localhost
 Address 1: localhost

 nslookup: can't resolve 'securepubads.g.doubleclick.net': Name does not resolve

If you get “Name does not resolve”, the AdBlocking is working correctly.

Well, and that’s all! Happy ad-blocking! :slight_smile:

  1. After this all things should work after you hit enable -> Save&Apply and you can use repos or your one links in blacklist!

I think you don’t need this, but use this maybe if there is a error:

EDIT: I resolved this – it’s not a bug, it is a “feature”…

@dibdot I believe there is some bug in processing manual blacklist.

Steps to reproduce:

  1. AdBlock web administration
  2. on the Overview tab, uncheck all Blocklist Sources
  3. hit Save & Apply
  4. go to the console and check, that the /etc/kresd/adb_list.overall file is empty (which is expected):

wc -l /etc/kresd/adb_list.overall

0 /etc/kresd/adb_list.overall
  1. then go back to the AdBlock web administration -> Advanced -> Edit Blacklis and add any records, e.g.:u.scdn.co
  2. hit Save . You can check, that the content of /etc/adblock/adblock.blacklist file is correctly saved
  3. go back to Overview tab and hit Save & Apply (so that AdBlock will restart).
  4. check the /var/log/messages , that adblock restarted successfully:notice adblock-[3.0.2]: info : block list with overall 0 domains loaded successfully (Turris Omnia, OpenWrt omnia 15.05/3.8)

The problem : file /etc/kresd/adb_list.overall is still empty:

Expected behavior : file /etc/kresd/adb_list.overall would contain those 2 blacklisted domains.

Am I doing something wrong? Or is it a bug that could be fixed in the package?

EDIT: It’s not a bug – it was my fault :frowning:
The manual blacklist works only if you select blacklist among other Blocklist Sources – which is not very intuitive, but it is how it is.