eibgrad

ddwrt-blacklist-domains.sh

Jun 22nd, 2019 (edited)
792
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/sh
  2. #DEBUG=; set -x # comment/uncomment to disable/enable debug mode
  3.  
  4. #          name: ddwrt-blacklist-domains.sh
  5. #       version: 1.3.0, 23-aug-2020, by eibgrad
  6. #       purpose: blacklist specific domains in dnsmasq (dns)
  7. #   script type: startup (autostart)
  8. #  installation:
  9. #    1. enable jffs2 (administration->jffs2)
  10. #    2. enable syslogd (services->services->system log)
  11. #    3. use shell (telnet/ssh) to execute one of the following commands:
  12. #         curl -kLs bit.ly/ddwrt-installer|tr -d '\r'|sh -s aySi7RhY startup
  13. #       or
  14. #         wget -qO - bit.ly/ddwrt-installer|tr -d '\r'|sh -s aySi7RhY startup
  15. #    4. add the following to the "additional dnsmasq options" field on the
  16. #           services page:
  17. #         addn-hosts=/tmp/blacklisted_domains
  18. #    5. (optional) modify options using vi editor:
  19. #         vi /jffs/etc/config/ddwrt-blacklist-domains.startup
  20. #    6. (optional) enable cron (administration->management) and add the
  21. #           following job:
  22. #         0 4 * * * root /jffs/etc/config/ddwrt-blacklist-domains.startup
  23. #    7. reboot
  24. {
  25. # ------------------------------ BEGIN OPTIONS ------------------------------- #
  26.  
  27. # maximum time (in secs) alloted to any curl/wget operation
  28. MAX_WAIT=60
  29.  
  30. # exercise caution when using commented urls; these sites usually contain
  31. # *very* large lists of blacklisted domains, which may exceed the memory
  32. # capacity of the router and/or dnsmasq, and *may* have a detrimental affect
  33. # on dns performance
  34.  
  35. # websites known to maintain a list of blacklisted domains
  36. URL_LIST='
  37. http://winhelp2002.mvps.org/hosts.txt
  38. http://www.malwaredomainlist.com/hostslist/hosts.txt
  39. http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext
  40. https://adaway.org/hosts.txt
  41. https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt
  42. #http://hosts-file.net/ad_servers.txt
  43. #https://someonewhocares.org/hosts/zero/hosts
  44. #https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hosts
  45. #http://sysctl.org/cameleon/hosts
  46. #http://hostsfile.mine.nu/Hosts
  47. #https://raw.githubusercontent.com/notracking/hosts-blocklists/master/hostnames.txt
  48. '
  49.  
  50. # exceptions: domains NOT to be blacklisted
  51. WHITELIST='
  52. localhost
  53. example-allow-this-domain.com
  54. '
  55.  
  56. # ------------------------------- END OPTIONS -------------------------------- #
  57.  
  58. # ---------------------- DO NOT CHANGE BELOW THIS LINE ----------------------- #
  59.  
  60. # required for serialization when reentry is possible
  61. LOCK="/tmp/$(basename $0).lock"
  62. acquire_lock() { while ! mkdir $LOCK > /dev/null 2>&1; do sleep 10; done; }
  63. release_lock() { rmdir $LOCK > /dev/null 2>&1; }
  64.  
  65. # try curl, fallback to wget
  66. which curl > /dev/null 2>&1 && \
  67.     GET_URL="curl -sLk --connect-timeout $MAX_WAIT --max-time $MAX_WAIT" || \
  68.     GET_URL="wget -T $MAX_WAIT -qO -"
  69.  
  70. # domains to be blacklisted
  71. BLACKLIST='/tmp/blacklisted_domains'
  72.  
  73. # temporary workfile
  74. RAW_BLACKLIST="/tmp/raw_blacklist.$$"
  75.  
  76. # wait for wan availability
  77. while ! ping -qc1 -w3 8.8.8.8 > /dev/null 2>&1; do sleep 10; done
  78.  
  79. # one instance at a time
  80. acquire_lock
  81.  
  82. # catch premature exit and cleanup
  83. trap 'release_lock; exit 1' SIGHUP SIGINT SIGTERM
  84.  
  85. # delete any existing blacklist
  86. rm -f $BLACKLIST
  87.  
  88. for url in $URL_LIST; do
  89.     # skip comments and blank lines
  90.     echo $url | grep -Eq '^[[:space:]]*(#|$)' && continue
  91.  
  92.     # retrieve url as raw blacklist
  93.     $GET_URL $url > $RAW_BLACKLIST || { echo "error: $url"; continue; }
  94.  
  95.     # sanitize raw blacklist
  96.     cat $RAW_BLACKLIST | \
  97.         # skip comments and blank lines
  98.         grep -E '^0\.0\.0\.0|^127\.0\.0\.1' | \
  99.             # configure as ip:domain pairs
  100.             awk '{print "0.0.0.0 " $2}' | \
  101.                 # remove domains that match whitelist
  102.                 grep -Ev "$(echo $WHITELIST | sed 's/ /|/g')" | \
  103.                     # remove malformed domains
  104.                     grep -E '^0\.0\.0\.0 [0-9A-z\.-]+$' >> $BLACKLIST
  105. done
  106.  
  107. # cleanup
  108. rm -f $RAW_BLACKLIST
  109.  
  110. # sort and remove duplicates
  111. sort -uo $BLACKLIST $BLACKLIST
  112.  
  113. # wait for dnsmasq availability
  114. while ! pidof dnsmasq > /dev/null 2>&1; do sleep 10; done
  115.  
  116. # force dnsmasq to recognize updated blacklist
  117. killall -HUP dnsmasq
  118.  
  119. # report the results
  120. echo "total blacklisted domains: $(cat $BLACKLIST | wc -l)"
  121.  
  122. # any concurrent instance(s) may now run
  123. release_lock
  124.  
  125. exit 0
  126.  
  127. } 2>&1 | logger $([ ${DEBUG+x} ] && echo '-p user.debug') \
  128.     -t $(echo $(basename $0) | grep -Eo '^.{0,23}')[$$] &
RAW Paste Data