eibgrad

ddwrt-blacklist-domains.sh

Jun 22nd, 2019 (edited)
1,880
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/sh
  2. #DEBUG=; set -x # comment/uncomment to disable/enable debug mode
  3.  
  4. #          name: ddwrt-blacklist-domains.sh
  5. #       version: 3.1.0, 03-feb-2022, by eibgrad
  6. #       purpose: blacklist specific domains in dnsmasq (dns)
  7. #   script type: startup (autostart)
  8. #  installation:
  9. #    1. enable jffs2 (administration->jffs2)
  10. #    2. enable syslogd (services->services->system log)
  11. #    3. use shell (telnet/ssh) to execute one of the following commands:
  12. #         curl -kLs bit.ly/ddwrt-installer|tr -d '\r'|sh -s aySi7RhY startup
  13. #       or
  14. #         wget -qO - bit.ly/ddwrt-installer|tr -d '\r'|sh -s aySi7RhY startup
  15. #    4. add the following to the "additional dnsmasq options" field on the
  16. #           services page:
  17. #         addn-hosts=/tmp/blacklisted_domains
  18. #    5. (optional) modify options using vi editor:
  19. #         vi /jffs/etc/config/ddwrt-blacklist-domains.startup
  20. #    6. (optional) enable cron (administration->management) and add the
  21. #           following job:
  22. #         0 4 * * * root /jffs/etc/config/ddwrt-blacklist-domains.startup
  23. #    7. reboot
  24. (
  25. # ------------------------------ BEGIN OPTIONS ------------------------------- #
  26.  
  27. # websites known to maintain a list of blacklisted domains
  28. # note: exercise caution when using commented urls; these sites often
  29. #       contain *very* large lists of blacklisted domains, which may exceed
  30. #       the memory capacity of the router and/or dnsmasq, and *may* have a
  31. #       detrimental affect on dns performance
  32. URL_LIST='
  33. winhelp2002.mvps.org/hosts.txt
  34. adaway.org/hosts.txt
  35. raw.githubusercontent.com/evankrob/hosts-filenetrehost/master/ad_servers.txt
  36. pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext
  37. raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt
  38. #someonewhocares.org/hosts/zero/hosts
  39. #raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
  40. #sysctl.org/cameleon/hosts
  41. #hostsfile.mine.nu/Hosts
  42. #raw.github.com/notracking/hosts-blocklists/master/hostnames.txt
  43. #raw.githubusercontent.com/oneoffdallas/dohservers/master/list.txt
  44. '
  45.  
  46. # exceptions: domains (and their sub-domains) NOT to be blacklisted
  47. # note: matching only occurs on whole parts of the domain name, moving right
  48. #       to left; for example, adding somedomain.com to the whitelist would
  49. #       also match xyz.somedomain.com, but NOT match xyzsomedomain.com nor
  50. #       xyz.somedomain.com.us; wildcards (*) are NOT supported and will be
  51. #       removed
  52. WHITELIST='
  53. localhost
  54. example-allow-this-domain.com
  55. '
  56.  
  57. # maximum time (in secs) alloted to any curl/wget operation
  58. MAX_WAIT=60
  59.  
  60. # ------------------------------- END OPTIONS -------------------------------- #
  61.  
  62. # ---------------------- DO NOT CHANGE BELOW THIS LINE ----------------------- #
  63.  
  64. # required for serialization when reentry is possible
  65. LOCK="/tmp/$(basename $0).lock"
  66. acquire_lock() { while ! mkdir $LOCK >/dev/null 2>&1; do sleep 10; done; }
  67. release_lock() { rmdir $LOCK >/dev/null 2>&1; }
  68.  
  69. # default to curl, failover to wget (not guaranteed to support tls)
  70. which curl &>/dev/null && \
  71.     GET_URL="curl -sLk --connect-timeout $MAX_WAIT --max-time $MAX_WAIT" || \
  72.     GET_URL="wget -T $MAX_WAIT -qO -"
  73.  
  74. # domains to be blacklisted
  75. BLACKLIST='/tmp/blacklisted_domains'; > $BLACKLIST
  76.  
  77. # workfile
  78. RAW_BLACKLIST="/tmp/tmp.$$.raw_blacklist"
  79.  
  80. # wait for wan availability
  81. until ping -qc1 -W3 8.8.8.8 &>/dev/null; do sleep 10; done
  82.  
  83. # one instance at a time
  84. acquire_lock
  85.  
  86. # catch premature exit and cleanup
  87. trap 'release_lock; exit 1' SIGHUP SIGINT SIGTERM
  88.  
  89. for url in $URL_LIST; do
  90.     # skip comments and blank lines
  91.     echo $url | grep -Eq '^[[:space:]]*(#|$)' && continue
  92.  
  93.     # retrieve url as raw blacklist
  94.     $GET_URL $url > $RAW_BLACKLIST || { echo "error: $url"; continue; }
  95.  
  96.     # reformat as '0.0.0.0 domain-name' pairs
  97.     awk '/^0\.0\.0\.0|^127\.0\.0\.1/{print "0.0.0.0 " $2}' $RAW_BLACKLIST | \
  98.         # remove malformed domain names
  99.         grep -E '^0\.0\.0\.0 [0-9A-z\.-]+$' >> $BLACKLIST
  100. done
  101.  
  102. # cleanup
  103. rm -f $RAW_BLACKLIST
  104.  
  105. # sort and remove duplicates
  106. sort -uo $BLACKLIST $BLACKLIST
  107.  
  108. # remove domains and sub-domains that match whitelist
  109. if [ "$(echo $WHITELIST)" ]; then
  110.     sed -ri "/$(echo $WHITELIST | \
  111.        sed -r 's/\*//g;s/( |$)/$|/g;s/\|$//;s/\./\\./g;s/([^|]*)/[ .]\1/g')/d" \
  112.             $BLACKLIST
  113. fi
  114.  
  115. # wait for dnsmasq availability
  116. until pidof dnsmasq &>/dev/null; do sleep 10; done
  117.  
  118. # force dnsmasq to recognize updated blacklist
  119. killall -HUP dnsmasq
  120.  
  121. # report the results
  122. echo "info: total blacklisted domains: $(wc -l < $BLACKLIST)"
  123.  
  124. # any concurrent instance(s) may now run
  125. release_lock
  126.  
  127. exit 0
  128.  
  129. ) 2>&1 | logger $([ ${DEBUG+x} ] && echo '-p user.debug') \
  130.     -t $(echo $(basename $0) | grep -Eo '^.{0,23}')[$$] &
RAW Paste Data Copied