SHARE
TWEET

ddwrt-blacklist-domains.sh

eibgrad Jun 22nd, 2019 (edited) 255 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/sh
  2. #DEBUG=; set -x # comment/uncomment to disable/enable debug mode
  3.  
  4. #          name: ddwrt-blacklist-domains.sh
  5. #       version: 1.2.2, 29-jun-2019, by eibgrad
  6. #       purpose: blacklist specific domains in dnsmasq (dns)
  7. #   script type: startup (autostart)
  8. #  installation:
  9. #    1. enable jffs2 (administration->jffs2)
  10. #    2. enable syslogd (services->services->system log)
  11. #    3. use shell (telnet/ssh) to execute one of the following commands:
  12. #         curl -kLs bit.ly/ddwrt-installer|tr -d '\r'|sh -s aySi7RhY startup
  13. #       or
  14. #         wget -qO - bit.ly/ddwrt-installer|tr -d '\r'|sh -s aySi7RhY startup
  15. #    4. add the following to the "additional dnsmasq options" field on the
  16. #           services page:
  17. #         addn-hosts=/tmp/blacklisted_domains
  18. #    5. (optional) modify options using vi editor:
  19. #         vi /jffs/etc/config/ddwrt-blacklist-domains.startup
  20. #    6. (optional) enable cron (administration->management) and add the
  21. #           following job:
  22. #         0 4 * * * root /jffs/etc/config/ddwrt-blacklist-domains.startup
  23. #    7. reboot
  24. {
  25. # ------------------------------ BEGIN OPTIONS ------------------------------- #
  26.  
  27. # exercise caution when using commented urls; these sites usually contain
  28. # *very* large lists of blacklisted domains, which may exceed the memory
  29. # capacity of the router and/or dnsmasq, and *may* have a detrimental affect
  30. # on dns performance
  31.  
  32. # websites known to maintain a list of blacklisted domains
  33. URL_LIST="
  34. http://winhelp2002.mvps.org/hosts.txt
  35. http://hosts-file.net/ad_servers.txt
  36. http://www.malwaredomainlist.com/hostslist/hosts.txt
  37. http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext
  38. https://adaway.org/hosts.txt
  39. https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt
  40. #https://someonewhocares.org/hosts/zero/hosts
  41. #https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hosts
  42. #http://sysctl.org/cameleon/hosts
  43. #http://hostsfile.mine.nu/Hosts
  44. #https://raw.githubusercontent.com/notracking/hosts-blocklists/master/hostnames.txt
  45. "
  46.  
  47. # exceptions: domains NOT to be blacklisted
  48. WHITELIST="
  49. localhost
  50. example-allow-this-domain.com
  51. "
  52.  
  53. # ------------------------------- END OPTIONS -------------------------------- #
  54.  
  55. # ---------------------- DO NOT CHANGE BELOW THIS LINE ----------------------- #
  56.  
  57. # required for serialization when reentry is possible
  58. LOCK="/tmp/$(basename $0).lock"
  59. acquire_lock() { while ! mkdir $LOCK > /dev/null 2>&1; do sleep 10; done; }
  60. release_lock() { rmdir $LOCK > /dev/null 2>&1; }
  61.  
  62. # try curl, fallback to wget
  63. which curl > /dev/null 2>&1 && GET_URL="curl -sLk" || GET_URL="wget -qO -"
  64.  
  65. # domains to be blacklisted
  66. BLACKLIST="/tmp/blacklisted_domains"
  67.  
  68. # temporary workfile
  69. RAW_BLACKLIST=/tmp/raw_blacklist.$$
  70.  
  71. # wait for wan availability
  72. while ! ping -qc1 -w3 8.8.8.8 > /dev/null 2>&1; do sleep 10; done
  73.  
  74. # one instance at a time
  75. acquire_lock
  76.  
  77. # catch premature exit and cleanup
  78. trap "release_lock; exit 1" SIGHUP SIGINT SIGTERM
  79.  
  80. # delete any existing blacklist
  81. rm -f $BLACKLIST
  82.  
  83. for url in $URL_LIST; do
  84.     # skip comments and blank lines
  85.     echo $url | grep -Eq '^[[:space:]]*(#|$)' && continue
  86.  
  87.     # retrieve url as raw blacklist
  88.     $GET_URL $url > $RAW_BLACKLIST || { echo "error: $url"; continue; }
  89.  
  90.     # sanitize raw blacklist
  91.     cat $RAW_BLACKLIST | \
  92.         # skip comments and blank lines
  93.         grep -E '^0\.0\.0\.0|^127\.0\.0\.1' | \
  94.             # configure as ip:domain pairs
  95.             awk '{print "0.0.0.0 " $2}' | \
  96.                 # remove domains that match whitelist
  97.                 grep -Ev "$(echo $WHITELIST | sed 's/ /|/g')" | \
  98.                     # remove malformed domains
  99.                     grep -E '^0\.0\.0\.0 [0-9A-z\.-]+$' >> $BLACKLIST
  100. done
  101.  
  102. # cleanup
  103. rm -f $RAW_BLACKLIST
  104.  
  105. # sort and remove duplicates
  106. sort -uo $BLACKLIST $BLACKLIST
  107.  
  108. # wait for dnsmasq availability
  109. while ! pidof dnsmasq > /dev/null 2>&1; do sleep 10; done
  110.  
  111. # force dnsmasq to recognize updated blacklist
  112. killall -HUP dnsmasq
  113.  
  114. # report the results
  115. echo "total blacklisted domains: $(cat $BLACKLIST | wc -l)"
  116.  
  117. # any concurrent instance(s) may now run
  118. release_lock
  119.  
  120. exit 0
  121.  
  122. } 2>&1 | logger $([ ${DEBUG+x} ] && echo "-p user.debug") \
  123.     -t $(echo $(basename $0) | grep -Eo '^.{0,23}')[$$] &
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top