* hardened the uci config parsing
* added a fast, flexible & secure domain validator function, it eliminates > 99 % of garbage inputs
- Please note: the "rule" in the feed file now only includes parameters for the domain validator,
see readme for details. Please nuke a custom feed file from former versions - they are no longer
compatible
* readme update
* LuCI: fixed a minor issue in the logread template
* LuCI: adapted the rule select options in the custom feed editor to use the new domain validator
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fixed a typo in the allowlist/blocklist regex
* limit the f_switch function to only the suspend/resume actions
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fix domain regex
* fix typo in f_query function
* remove backups during stop action or in disabled state
Signed-off-by: Dirk Brenken <dev@brenken.org>
* major feed cleanup, removed the following default feeds:
- adaway, unmaintained for more than 2 years
- easylist/easyprivacy, not effective for DNS-based ad blocking plus too many false positives
- energized_*, broken
- lightswitch05, abandoned
- notracking, abandoned
- openphish, not effective for DNS-based ad blocking plus too many false positives
- reg_*, not effective for DNS-based ad blocking plus too many false positives
- winhelp, unmaintained for more than 2 years
* update the utcapitole categories
* automatically migrate the hagezi categories via uci-defaults script to the new format
* the adblock status now includes the backend- and frontend version information
* small performance improvements
* LuCI: no longer call the logread binary, use rpc / the ubus log object instead
* LuCI: various code cleanups
* LuCI: various small usability improvements
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* support TLDs in feeds and local block-/allowlist, e.g. to block all 'de' domains with a single entry
* add active feed domains (of the feed download URLs) automatically to the local allowlist, to prevent download erros
* update the feed categories of 1hosts
* update and change the feed categories of hagezi: new categories are 'abusetlds', 'social', 'urlshortener' and
'nrd' (newly registered domains). The latter one required download URL changes.
Please note: if you use hagezi than remove and re-add the categories in LuCI feed selection after the updae
* Add an external adblock test (https://adblock.turtlecute.org/) on the DNS reporting tab, itprovides a simple
way to check whether your current adblock setup is working as expected
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* added a new "divested" feed, see https://divested.dev/pages/dnsbl
* added a new nsfw category of the hagezi feed
* added the missing custom feed file handling in the backend
* added a geoIP map with all blocked domains (plus the homeIP) in a
modal popup window on the Reporting tab in LuCI
* fixed the fetchcmd autodetection
* small code fixes and improvements
* update the readme, added a new "Best practise" section
* update different LuCI components (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add an uci-defaults script for housekeeping and option migration from former versions
* update the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
* checked and fixed the kresd and smartdns support
* fixed another ETAG issue
* changed the enabled feeds in default config to certpl, aguard and adguard_tracking
* various other small fixes
* update the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
* added a 'DNS Shift' option, where the generated final DNS blocklist is moved to the backup directory and
only a soft link to this file is set in memory. As long as your backup directory is located on an external drive,
you should activate this option to save disk space
* added ETAG-Header support to make sure to download only feeds that has been changed,
use backups otherwise (not supported by uclient-fetch)
* removed aria2 support
* added brave as a new safesearch provider
* removed the racist terminology from the local lists and renamed it to "allowlist" and "blocklist"
* removed the 'list' and 'timer' function from init, use the LuCI feed editor and the standard cron frontend instead
* various code changes and improvements
* major LuCI frontend changes, incl. a custom feed editor (separate commit)
* partial readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fix an out of bound error reported in the forum
* set always a default for "adb_dnsdir" to prevent cornercase issues
Signed-off-by: Dirk Brenken <dev@brenken.org>
* properly handle forced DNS ports <> 53,
no longer make bogus local redirects, reject them instead (fixed#25897)
* support the jail mode for smartdns
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
* support smartdns as dns backend
* support top level domains in local white- and blackklist,
e.g. a 'de' in the blacklist blocks all domains with a german tld
and the tld compression removes all subdomains from the final blocklist
Signed-off-by: Dirk Brenken <dev@brenken.org>
Summary of three PRs regarding new adblock sources with minor changes/additions:
- add new source reg_lithuania, PR provided by @Myginas
- add new source certpl, PR provided by @jkostorz
- add new source oisd_nsfw_small, PR provided by @Turjoy9
Signed-off-by: Dirk Brenken <dev@brenken.org>
* optimized procd settings for better performance
* reworked autodetection functions (still broken in master due to apk migration)
* made the tld function optional, set 'adb_tld' accordingly (enabled by default)
* reworked count function
* various code improvements
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fixed gathering/printing of system information in adblock status
* added missing hagezi category (samsung tracker)
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fixed adblock status reporting
* optimized the mail template
* removed unanswered DNS requests from reporting
* various small fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
* bugfix: users reported unexpected side effects with the newly introduced rpc-sys ubus service, reverted that part
*bugfix: made "tcpdump" optional
Signed-off-by: Dirk Brenken <dev@brenken.org>
* get rid of the opkg dependency
* fixed remaining hagezi category issues
* adblock still depends on 'gawk', but also accepts busybox awk. The readme describes two officially unsupported installation variants.
Signed-off-by: Dirk Brenken <dev@brenken.org>
* added full 1Hosts feed support (4 categories)
* changed the OISD list sources to alternate wildcard domains syntax
* used only the adguard source in default config
* fixed a needless reload delay plus a few cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
* new gawk dependency
* full hagezi support (all 32 categories)
* refine Stevenblack support
* refine whitelist handling
* fixed tcpdump command line for ports other than 53 (see #24685)
Signed-off-by: Dirk Brenken <dev@brenken.org>
* removed an accidentally commited flag of the upcoming adblock 5.x, this fixes a startup regression without trigger interface
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fix cornercase issue with duplicate entries in black- and whitelist
* change cpbl source URL
* firewall redirects now blocks IPv4 and IPv6 (set family to "any")
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fixed broken/blocked oisd download links (switched to the official github mirror)
* made sure that curl error out on http errors as well
* removed obsolete compatibility stuff from init script
Signed-off-by: Dirk Brenken <dev@brenken.org>
* made the reporting/top statistics flexible, see "top_count" parm in CLI or in LuCI (default 10), fixes#19622
* added the new blocklist source cpbl (provided by PascalCoffeeLake@gmail.com)
* added/separated Easylist/Easyprivacy blocklist sources (provided by PascalCoffeeLake@gmail.com)
* added reg_jp blocklist_source (provided by PascalCoffeeLake@gmail.com)
* removed the easylist addons from the other regional lists
* removed the second/obsolete pl regional list and renamed the first one to "reg_pl"
* updated the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
* some more cleanups, forgotten with the last update
* optimized unbound syntax ('always_nxdomain' & 'always_transparent')
* optimized oisd download sources (use wilcard variants which are much smaller)
* removed superfluous version information/function
Signed-off-by: Dirk Brenken <dev@brenken.org>
* dnsmasq upstream has changed the code for domain handling
and recommends the 'local' syntax for large blocklists
* remove pipefail command, see #19043 for reference
* removed the unused 'adb_dnsinotify' parameter
* removed the 'adb_maxqueue' parameter,
the queue size will be automatically set by the number of cpu cores
* various cleanups, mostly shellcheck related
Signed-off-by: Dirk Brenken <dev@brenken.org>
