PS: Report bugs. If there are no important bugfixes in the next couple of days, 20180331 will be a point release. _________________ Routers
NETGEAR R7800 x2: DD-WRT v3.0-r42847 std (04/06/20)
NETGEAR R8500: DD-WRT v3.0-r41517 std (11/11/19)
ROLLING UPDATE 20180329a2:
No more "bad name at line n" errors. [See below]
Code:
Mar 16 12:32:43 DD-WRT daemon.err dnsmasq[3064]: bad name at /jffs/dnsmasq/mphosts line 386178
Mar 16 12:32:45 DD-WRT daemon.err dnsmasq[3064]: bad name at /jffs/dnsmasq/mphosts line 601076
Mar 16 12:32:45 DD-WRT daemon.err dnsmasq[3064]: bad name at /jffs/dnsmasq/mphosts line 601077
Mar 16 12:32:45 DD-WRT daemon.err dnsmasq[3064]: bad name at /jffs/dnsmasq/mphosts line 601170
Mar 16 12:32:45 DD-WRT daemon.err dnsmasq[3064]: bad name at /jffs/dnsmasq/mphosts line 601171
Mar 16 12:32:45 DD-WRT daemon.err dnsmasq[3064]: bad name at /jffs/dnsmasq/mphosts line 646075
Script is a little faster and much more reliable now. Since it downloads and processes various lists that often contain references to 0.0.0.0, localhost, and localhost.localdomain, the script now scans for these entries and removes them, making it more secure.
Since I am planning on marking 20180331 a point release with an installer and the whole shebang, ironing out the kinks is top priority as of now. As it is, the script is tuned to make your life easier, but we have the choice to make it more efficient. For example, if your whitelist contains google.com, at present the script will also whitelist www.google.com and www.google-xyz.com (which may not be a desirable domain). I can change a single alphabet in the script to make it far more strict, but in that case whitelisting google.com won't whitelist www.google.com, you'll have to add both manually. [Google.com is just an example]
Voting starts now.
See the screenshot and use -? or -h or --help command line parameter for more examples.
How to update if you are on 20180315 or later:
SSH into router
cd /jffs/dnsmasq
./adbhostgen.sh -u
...
Since I am planning on marking 20180331 a point release with an installer and the whole shebang, ironing out the kinks is top priority as of now. As it is, the script is tuned to make your life easier, but we have the choice to make it more efficient. For example, if your whitelist contains google.com, at present the script will also whitelist www.google.com and www.google-xyz.com (which may not be a desirable domain). I can change a single alphabet in the script to make it far more strict, but in that case whitelisting google.com won't whitelist www.google.com, you'll have to add both manually. [Google.com is just an example]
Voting starts now.
The safer one would be to exactly match it and be more strict since many sites will try to to use a common site name that people are familiar with only to be fooled. _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
ROLLING UPDATE 20180329a2:
No more "bad name at line n" errors. [See below]
Code:
Mar 16 12:32:43 DD-WRT daemon.err dnsmasq[3064]: bad name at /jffs/dnsmasq/mphosts line 386178
Mar 16 12:32:45 DD-WRT daemon.err dnsmasq[3064]: bad name at /jffs/dnsmasq/mphosts line 601076
Mar 16 12:32:45 DD-WRT daemon.err dnsmasq[3064]: bad name at /jffs/dnsmasq/mphosts line 601077
Mar 16 12:32:45 DD-WRT daemon.err dnsmasq[3064]: bad name at /jffs/dnsmasq/mphosts line 601170
Mar 16 12:32:45 DD-WRT daemon.err dnsmasq[3064]: bad name at /jffs/dnsmasq/mphosts line 601171
Mar 16 12:32:45 DD-WRT daemon.err dnsmasq[3064]: bad name at /jffs/dnsmasq/mphosts line 646075
Script is a little faster and much more reliable now. Since it downloads and processes various lists that often contain references to 0.0.0.0, localhost, and localhost.localdomain, the script now scans for these entries and removes them, making it more secure.
...
With version 20180328a2 I added these to mywhitelist...
0.0.0.0
127.0.0.1
localhost _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
With version 20180328a2 I added these to mywhitelist...
0.0.0.0
127.0.0.1
localhost
Redundant now, as the updated official whitelist contains these entries.
mac913 wrote:
The safer one would be to exactly match it and be more strict since many sites will try to to use a common site name that people are familiar with only to be fooled.
I agree. This change, however, will result in some degree of confusion as users will have to add xyz.com as well as www.xyz.com to their whitelists. Totally worth extra safety, I believe.
Unless there is any strong protest, this will be the default behavior in the upcoming point release. _________________ Routers
NETGEAR R7800 x2: DD-WRT v3.0-r42847 std (04/06/20)
NETGEAR R8500: DD-WRT v3.0-r41517 std (11/11/19)
The safer one would be to exactly match it and be more strict since many sites will try to to use a common site name that people are familiar with only to be fooled.
I agree. This change, however, will result in some degree of confusion as users will have to add xyz.com as well as www.xyz.com to their whitelists. Totally worth extra safety, I believe.
Unless there is any strong protest, this will be the default behavior in the upcoming point release.
It possible to have both processing methods and be user selectable? I guess each method would requires different Whitelist & Blacklist for the process method used. _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
For example, if your whitelist contains google.com, at present the script will also whitelist www.google.com and www.google-xyz.com (which may not be a desirable domain). I can change a single alphabet in the script to make it far more strict, but in that case whitelisting google.com won't whitelist www.google.com, you'll have to add both manually. [Google.com is just an example]
Voting starts now.
Could you clarify. Is this pertaining to white and blacklist handling? If it is
Personally I'd prefer blacklists to remain more generic
While I agree with the consensus of the less generic handling of whitelists, I do foresee the potential of more trial n error and edits to successfully fine tune personal whitelists....oh well
Thank You for sharing your work & it is comforting to see your quick attentiveness to issues as they arise
PS for some humor the message system just gave me a page that read
Quote:
Information
Mistake! There was an attempt of an automatic insert of the message in a forum. Your message is not posted. Try still times who knows - can it will turn out? Still probably, that you too long wrote the message - then pass to page back, copy the text, update page, insert the copied text and press button "Send".
_________________ Location 1
R7800- DD-WRT v3.0-r53562 (10/03/23) Gateway
WNDR3400v1 DD-WRT v3.0-r35531_mega-nv64k (03/26/18 ) Access Point
WRT160Nv3 DD-WRT ?v3?.0-r35531 mini (03/26/18 ) Access Point
WRT54GSv5 DD-WRT v24-r33555_micro_generic (10/20/17) Repeater
Location 2
R7800- DD-WRT v3.0-r51855 (02/25/23) Gateway
R6300v2- DD-WRT v3.0-r50671 (10-26-22) Access Point
WNDR3700v2 DD-WRT v3.0-r35531 std (03/26/18 ) Access Point
E1200 v2 DD-WRT v3.0-r35531 mega-nv64k (03/26/18 ) Gateway(for trivial reasons)
RBWAPG-5HACT2HND-BE RouterOS-v6.46.4 (2/21/20) Outdoor Access Point
2x RBSXTG-5HPACD RouterOS-v6.46.4 (2/21/20) PTP Bridge 866.6Mbps-1GbpsLAN
Location 3
2x R7000- DD-WRT v3.0-r50671 (10/26/22) Access Points
2x RBWAPG-60AD RouterOS-v6.45.9 (04/30/20) PTP Bridge 2.3Gbps-1GbpsLAN
2x RBSXTsqG-5acD RouterOS-v6.49.7 (10/14/22) PTP Bridge 866.6Mbps-1GbpsLAN Thank You BrainSlayer for ALL that you do & have done, also to "most" everyone here that shares their knowledge
Personally I'd prefer blacklists to remain more generic
While I agree with the consensus of the less generic handling of whitelists, I do foresee the potential of more trial n error and edits to successfully fine tune personal whitelists....oh well
I agree this would a better approach. Blacklist/Myblacklist remain more generic and Whitelist/Mywhitelist being an exact match. _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
Could you clarify. Is this pertaining to white and blacklist handling? If it is
Personally I'd prefer blacklists to remain more generic
While I agree with the consensus of the less generic handling of whitelists, I do foresee the potential of more trial n error and edits to successfully fine tune personal whitelists....oh well
Well, technically the script only merges the official blacklist /and/ myblacklist with all the other lists and processes only whitelists. It follows the "block almost everything except what I need" philosophy. Even with this change, only whitelist entries will be affected, and yes, it will be a little more work. I could automate a few things with heuristics but I see no point in introducing more complexity than is required.
mac913 wrote:
It possible to have both processing methods and be user selectable? I guess each method would requires different Whitelist & Blacklist for the process method used.
Not really. Only minor changes to personal mywhitelist files are required, e.g. adding www.xyz.com in addition to xyz.com and so on and so forth. I like the idea of enabling this via a switch until there are no issues or bugs.
Since it's a little late to introduce these changes to the planned point release, I will upload a testing alpha version /after/ the stable point release. This alpha will also default to --secure (TLS/SSL) and introduce a switch to enable insecure transmission in cases where the defaults fail. _________________ Routers
NETGEAR R7800 x2: DD-WRT v3.0-r42847 std (04/06/20)
NETGEAR R8500: DD-WRT v3.0-r41517 std (11/11/19)
20180331:
POINT RELEASE with all the bugfixes and new features from the alpha releases below.
20180329a2:
No more "bad name at line n" errors.
20180328a2:
Changed default ad destination IP from 0.0.0.0 to 0.1.2.3
20180327a1:
New options:
-i <ip-address>
--ip=<ip-address>
where <ip-address> is an IPv4 address of your own personal ad hell.
20180326a1:
New options:
-f, blocks Facebook.com and services
-F, blocks Facebook, Instagram, and WhatsApp
20180324a6:
Significant changes and bugfixes. The script should behave better as a cron job now.
A new option -q or --quiet suppresses output to stdout/console, yet retains log entires.
Considering that many users are still on ancient DD-WRT versions with outdated and/or
expired cURL certificates and exotic configuration that often doesn't play well with
this script, it now uses insecure cURL downloads (-k) as default mode of operation.
For experienced users, the new --secure command line parameter restores the secure
TLS/SSL communication with servers. After thinking long and hard and working with
users on solving their problems, offering sane defaults with switches to enable
advanced functionality seems like a good tradeoff. For now.
will the script work when setup as AP? (DHCP Off, WAN disabled)
also, i have a usb drive that has JFFS, do i really need swap as well?
The script requires DNSMasq to be enabled with local DNS to the device running the script. _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
@Yamaraj, Awesome work! I am not sure why never thought of doing this until I saw your thread today... Really dumb of me
Btw, I see that you mentioned this in OP: "DO NOT try to run this script on your internal jffs". But, I set it up by using the Internal Flash Storage for jffs2 and after reboot, it filters all the ads. Any issues running this in internal flash storage? Now, I got rid of Adblock extension in Chrome.
Probably too late to the party, but is there a way to match in reverse order for whitelist entries? So if you put google.com in mywhitelist it will whitelist anything that ENDS in google.com?
