* fixed a parsing issue in the DNS reporting,
see https://github.com/openwrt/packages/pull/29063 for details
* optimized the CGI/Adblock Remote Allow
* optimized the TLD function
* optimized the mail include
* removed needless forks
* various code-cleanups & small fixes
* updated the readme
* LuCI: small fixes & optimizations
Signed-off-by: Dirk Brenken <dev@brenken.org>
* renamed f_query to f_search (Query => Search)
* add better input validation to the f_search function,
to compensate for the very limited Wildcard ACL mechanisms in LuCI, see
https://github.com/openwrt/luci/issues/8435 for reference
* LuCI: add a proper poll mechanism to mitigate Reporting timeouts
on "Search" and "Refresh", even with big pcap files
* LuCI: Refine some ACLs
* LuCI: more fixes & optimizations
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* refine the domain validator regarding prefix handling, esp.
relevant for ABP-syntax
* adapted the adguard feed to make use of the new prefix handling
* LuCI: various fixes & optimizations
Signed-off-by: Dirk Brenken <dev@brenken.org>
* optimized the awk for the Top10 statistics in the DNS Report,
removed the faulty caching (reported in the forum)
* minor improvement in the f_switch function
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* the suspend/resume function now uses the external
DNS bridge when this function is used
* refine the f_nftadd function
* more file debug logging
* LuCI: add unfiltered DNS-Server to the DNS bridge selection
* LuCI: minor fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fixed the debug errorfile handling
* fixed a typo in the nftadd function
* minor cornercase improvements
* LuCI: minor cleanups & fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
* added a new firewall feature: the DNS‑Bridge.
This temporary DNS bridge ensures that an external fallback DNS server
is automatically used during local DNS restarts, providing Zero‑Downtime DNS resolution.
* The debug mode now captures internal error output in a dedicated log file,
located by default in the adblock base directory as /tmp/adb_error.log.
* LuCI: exposed the previously missing adb_cores option (auto‑detected by default).
* LuCI: added support for the new DNS‑Bridge options (Zero‑Downtime during DNS restarts).
Signed-off-by: Dirk Brenken <dev@brenken.org>
* Remote DNS Allow: this additional firewall feature lets selected client devices
temporarily bypass local DNS blocking and use an external, unfiltered DNS resolver.
* LuCI: new Firewall options for remote Access
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add interface information to the dns report
* support multiple tcpdump interfaces ('any') in the dns report properly
Signed-off-by: Dirk Brenken <dev@brenken.org>
* rework DNS reporting: more reliable, more information (request type), better performance
* fixed minor issues
* readme update
* LuCI: added new DNS page (incl. Allowed/Blocked canvas)
Signed-off-by: Dirk Brenken <dev@brenken.org>
* added firewall rules based on nftables in a separate isolated nftables table (inet adblock)
and chains (prerouting), with MAC addresses stored in an nftables set.
Implemented the following firewall‑integrated features:
* external DNS Routing (unfiltered): routes DNS queries from selected devices or interfaces
to an external unfiltered DNS resolver
* external DNS Routing (filtered): routes DNS queries from selected devices or interfaces
to an external filtered DNS resolver
* force DNS: blocks or redirects all external DNS traffic from selected interfaces
to ensure that clients use the local resolver
* removed the optional generation of an additional jail list (only supported bydnsmasq),
use the new, resolver independent ext. DNS routing instead
* removed the pz-client-ip feature (only supported by bind),
use the new, resolver independent ext. DNS routing instead
* removed the obsolete, hardcoded fw4 rules for DNS enforcement
existing rules will be removed via uci-defaults script after adblock update
* changed the Jail mode to a simple allowlist-only mode
* fixed minor issues in the mail template
* readme update
* LuCI: added a new config tab "Firewall Settings"
* LuCI: fixed minor usability issues
Signed-off-by: Dirk Brenken <dev@brenken.org>
* hardened the uci config parsing
* added a fast, flexible & secure domain validator function, it eliminates > 99 % of garbage inputs
- Please note: the "rule" in the feed file now only includes parameters for the domain validator,
see readme for details. Please nuke a custom feed file from former versions - they are no longer
compatible
* readme update
* LuCI: fixed a minor issue in the logread template
* LuCI: adapted the rule select options in the custom feed editor to use the new domain validator
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fixed a typo in the allowlist/blocklist regex
* limit the f_switch function to only the suspend/resume actions
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fix domain regex
* fix typo in f_query function
* remove backups during stop action or in disabled state
Signed-off-by: Dirk Brenken <dev@brenken.org>
* major feed cleanup, removed the following default feeds:
- adaway, unmaintained for more than 2 years
- easylist/easyprivacy, not effective for DNS-based ad blocking plus too many false positives
- energized_*, broken
- lightswitch05, abandoned
- notracking, abandoned
- openphish, not effective for DNS-based ad blocking plus too many false positives
- reg_*, not effective for DNS-based ad blocking plus too many false positives
- winhelp, unmaintained for more than 2 years
* update the utcapitole categories
* automatically migrate the hagezi categories via uci-defaults script to the new format
* the adblock status now includes the backend- and frontend version information
* small performance improvements
* LuCI: no longer call the logread binary, use rpc / the ubus log object instead
* LuCI: various code cleanups
* LuCI: various small usability improvements
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* support TLDs in feeds and local block-/allowlist, e.g. to block all 'de' domains with a single entry
* add active feed domains (of the feed download URLs) automatically to the local allowlist, to prevent download erros
* update the feed categories of 1hosts
* update and change the feed categories of hagezi: new categories are 'abusetlds', 'social', 'urlshortener' and
'nrd' (newly registered domains). The latter one required download URL changes.
Please note: if you use hagezi than remove and re-add the categories in LuCI feed selection after the updae
* Add an external adblock test (https://adblock.turtlecute.org/) on the DNS reporting tab, itprovides a simple
way to check whether your current adblock setup is working as expected
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* added a new "divested" feed, see https://divested.dev/pages/dnsbl
* added a new nsfw category of the hagezi feed
* added the missing custom feed file handling in the backend
* added a geoIP map with all blocked domains (plus the homeIP) in a
modal popup window on the Reporting tab in LuCI
* fixed the fetchcmd autodetection
* small code fixes and improvements
* update the readme, added a new "Best practise" section
* update different LuCI components (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add an uci-defaults script for housekeeping and option migration from former versions
* update the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
* checked and fixed the kresd and smartdns support
* fixed another ETAG issue
* changed the enabled feeds in default config to certpl, aguard and adguard_tracking
* various other small fixes
* update the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
* added a 'DNS Shift' option, where the generated final DNS blocklist is moved to the backup directory and
only a soft link to this file is set in memory. As long as your backup directory is located on an external drive,
you should activate this option to save disk space
* added ETAG-Header support to make sure to download only feeds that has been changed,
use backups otherwise (not supported by uclient-fetch)
* removed aria2 support
* added brave as a new safesearch provider
* removed the racist terminology from the local lists and renamed it to "allowlist" and "blocklist"
* removed the 'list' and 'timer' function from init, use the LuCI feed editor and the standard cron frontend instead
* various code changes and improvements
* major LuCI frontend changes, incl. a custom feed editor (separate commit)
* partial readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fix an out of bound error reported in the forum
* set always a default for "adb_dnsdir" to prevent cornercase issues
Signed-off-by: Dirk Brenken <dev@brenken.org>
* properly handle forced DNS ports <> 53,
no longer make bogus local redirects, reject them instead (fixed#25897)
* support the jail mode for smartdns
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
* support smartdns as dns backend
* support top level domains in local white- and blackklist,
e.g. a 'de' in the blacklist blocks all domains with a german tld
and the tld compression removes all subdomains from the final blocklist
Signed-off-by: Dirk Brenken <dev@brenken.org>
Summary of three PRs regarding new adblock sources with minor changes/additions:
- add new source reg_lithuania, PR provided by @Myginas
- add new source certpl, PR provided by @jkostorz
- add new source oisd_nsfw_small, PR provided by @Turjoy9
Signed-off-by: Dirk Brenken <dev@brenken.org>
* optimized procd settings for better performance
* reworked autodetection functions (still broken in master due to apk migration)
* made the tld function optional, set 'adb_tld' accordingly (enabled by default)
* reworked count function
* various code improvements
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fixed gathering/printing of system information in adblock status
* added missing hagezi category (samsung tracker)
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fixed adblock status reporting
* optimized the mail template
* removed unanswered DNS requests from reporting
* various small fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
* bugfix: users reported unexpected side effects with the newly introduced rpc-sys ubus service, reverted that part
*bugfix: made "tcpdump" optional
Signed-off-by: Dirk Brenken <dev@brenken.org>
