webrtc leak and adblock

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.)
Author Message
Mazufa
DD-WRT Novice


Joined: 20 Jul 2019
Posts: 29
Location: Finland

PostPosted: Sun Aug 18, 2019 11:52    Post subject: webrtc leak and adblock Reply with quote
Hello

Can anyone advise how to get uBlock Orig and adblock software on DD-WRT router? It is important to me that these are directly on the router so that even the smartphone does not leak webRTC.

How can I install these as easily as possible?

Is there any very simple way to install these? For example with PuTTY
Sponsor
SurprisedItWorks
DD-WRT User


Joined: 04 Aug 2018
Posts: 294
Location: Appalachian mountains, USA

PostPosted: Sun Aug 18, 2019 14:29    Post subject: Reply with quote
[Important edit! I forgot to mention below that if you use my script, dnsmasq has to be told to use the new /tmp/badhosts file! In GUI>Services>Services, in Additional Dnsmasq Options add a line addn-hosts=/tmp/badhosts so that dnsmasq knows what to do.]

I don't know how to block WebRTC at the dd-wrt level, but https://ipleak.net gives instructions on how to block it at the browser level. I use their instructions for Firefox.

You can block ads at the dns level using adguard dns. See https://adguard.com/. It used to be available in dd-wrt through the DNSCrypt interface using the "Encrypt DNS" button in the DNSMasq section, but recent releases have removed the button. See the dns link in my signature for the workaround. Or use it without DNSCrypt by inserting their DNS-server IP addresses on the dd-wrt Basic Setup page.

While ad blocking at the level of the dns service you use is probably a better approach overall, you can actually tweak dnsmasq to block ads at the router level, also using a dns approach, though it is a bit of a kluge. Here is the script I use. I have it in the Startup code that one can install in the GUI>Administration>Commands page. However, you should first try copying it into the CLI using PuTTY. In Windows there may be issues of line endings being in the wrong format. I gather that some get around the line-endings problem using some particular mode of Wordpad? I'm not a Windows person, so perhaps someone else will shed light on this. This code is in the spirit of what's in the old dd-wrt wiki tutorial on adblocking, but it is different in the details.
Code:
#hosts to block in dnsmasq (Alozaros 7/8/18 post in
#https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=315773)
  ( cd /tmp; \
    touch badhosts ; \
    sleep 30 ; \
    ( ERRA=0 ; ERRB=0 ; ERRC=0 ; \
      curl -s http://winhelp2002.mvps.org/hosts.txt \
        2>badhosts.log || ERRA=$? ; \
      curl -s http://sbc.io/hosts/hosts \
        2>>badhosts.log || ERRB=$? ; \
      curl -sk https://someonewhocares.org/hosts/zero/hosts \
        2>>badhosts.log || ERRC=$? ; \
      echo $ERRA $ERRB $ERRC > badhosts.errcodes \
    ) | sed 's/\t/ /g; /^0\.0\.0\.0 /!d; s/ *\#.*$//; s/\r//' \
      | sort -u \
      | sed -E '/\.hulu(|ad)\./d' \
      > badhosts \
    ) && stopservice dnsmasq && startservice dnsmasq &
The sed -E ... line is to make an exception for hulu streaming, as such streaming (at least in the US) fails without the exception. Hulu insists that it's ads be seen, or it won't play at all. You can just omit that one line (and probably should, at least long enough to see whether you need it). This code does filter out any potential malicious lines (note the downloads don't have https security) of the form 12.23.34.45 yourbank.com, in case the source files have been hacked or posted with other than good intentions.

Again, never ever put anything in startup commands that you have not tested in the CLI first, because to do so is to risk accidentally making the router hang with the GUI unreachable.

Here if it goes into the CLI without errors, you should look in /tmp at badhosts.log, which should be empty, and badhosts.errcodes, which should have three zeros. You can do wc -l badhosts to count the number of lines in badhosts. Should be a bit over 42,000. Do head badhosts to look at a few lines of the badhosts file and note the format. There is controversy over this method - assigning IP address 0.0.0.0 to domains - of ad blocking, but I don't have a better plan. (Anyone?) You can ping the forbidden domains in the CLI or from a computer, but if you look carefully, you'll see the returns come from 127.0.0.1, the loopback address representing dd-wrt itself. You can also, in the CLI or from a linux computer (not sure the Windows equivalent), use nslookup on any of the domains in badhosts and see that the dns system returns 0.0.0.0. Here is how it goes in the CLI:

~# cd /tmp
/tmp# cat badhosts.log
/tmp# cat badhosts.errcodes
0 0 0
/tmp# wc -l badhosts
42211 badhosts
/tmp# head badhosts
0.0.0.0 0.0.0.0
0.0.0.0 0.nextyourcontent.com
0.0.0.0 0.r.msn.com
0.0.0.0 000.0x1f4b0.com
0.0.0.0 000.gaysexe.free.fr
0.0.0.0 000free.us
0.0.0.0 000owamail0.000webhostapp.com
0.0.0.0 000tristanprod.free.fr
0.0.0.0 001.0x1f4b0.com
0.0.0.0 002.0x1f4b0.com
/tmp# ping 0.r.msn.com
PING 0.r.msn.com (0.0.0.0): 56 data bytes
64 bytes from 127.0.0.1: seq=0 ttl=64 time=0.067 ms
64 bytes from 127.0.0.1: seq=1 ttl=64 time=0.062 ms
^C
--- 0.r.msn.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.062/0.064/0.067 ms
/tmp# nslookup 0.r.msn.com
nslookup: can't resolve '(null)'

Name: 0.r.msn.com
Address 1: 0.0.0.0 0.0.0.0

I note in the comment that dd-wrt guy Alozaros provided the basic method in a forum post, so this code is a spin-off of his.

_________________
Six of the Linksys WRT1900ACSv2 on r38159 and r40009.
On various: VLANs, client-mode travel router, two DNSCrypt servers (incl Quad9), multiple VAPs, USB/NAS, OpenVPN client/PBR (random NordVPN server).

VLANs on the WRT1900ACSv2 and other two-CPU Linksys/Marvell routers:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317199

DNSCrypt for Quad9 DNS and/or multiple servers and/or missing DNSCrypt enable button: Sun Jan 06, 2019 post at
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318094

Restarting OpenVPN from the CLI or script or SES button:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1172761
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.) All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum