Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- #DEBUG=; set -x # comment/uncomment to disable/enable debug mode
- # name: ddwrt-blacklist-domains.sh
- # version: 3.1.0, 03-feb-2022, by eibgrad
- # purpose: blacklist specific domains in dnsmasq (dns)
- # script type: startup (autostart)
- # installation:
- # 1. enable jffs2 (administration->jffs2)
- # 2. enable syslogd (services->services->system log)
- # 3. use shell (telnet/ssh) to execute one of the following commands:
- # curl -kLs bit.ly/ddwrt-installer|tr -d '\r'|sh -s aySi7RhY startup
- # or
- # wget -qO - bit.ly/ddwrt-installer|tr -d '\r'|sh -s aySi7RhY startup
- # 4. add the following to the "additional dnsmasq options" field on the
- # services page:
- # addn-hosts=/tmp/blacklisted_domains
- # 5. (optional) modify options using vi editor:
- # vi /jffs/etc/config/ddwrt-blacklist-domains.startup
- # 6. (optional) enable cron (administration->management) and add the
- # following job:
- # 0 4 * * * root /jffs/etc/config/ddwrt-blacklist-domains.startup
- # 7. reboot
- (
- # ------------------------------ BEGIN OPTIONS ------------------------------- #
- # websites known to maintain a list of blacklisted domains
- # note: exercise caution when using commented urls; these sites often
- # contain *very* large lists of blacklisted domains, which may exceed
- # the memory capacity of the router and/or dnsmasq, and *may* have a
- # detrimental affect on dns performance
- URL_LIST='
- winhelp2002.mvps.org/hosts.txt
- adaway.org/hosts.txt
- raw.githubusercontent.com/evankrob/hosts-filenetrehost/master/ad_servers.txt
- pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext
- raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt
- #someonewhocares.org/hosts/zero/hosts
- #raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
- #sysctl.org/cameleon/hosts
- #hostsfile.mine.nu/Hosts
- #raw.github.com/notracking/hosts-blocklists/master/hostnames.txt
- #raw.githubusercontent.com/oneoffdallas/dohservers/master/list.txt
- '
- # exceptions: domains (and their sub-domains) NOT to be blacklisted
- # note: matching only occurs on whole parts of the domain name, moving right
- # to left; for example, adding somedomain.com to the whitelist would
- # also match xyz.somedomain.com, but NOT match xyzsomedomain.com nor
- # xyz.somedomain.com.us; wildcards (*) are NOT supported and will be
- # removed
- WHITELIST='
- localhost
- example-allow-this-domain.com
- '
- # maximum time (in secs) alloted to any curl/wget operation
- MAX_WAIT=60
- # ------------------------------- END OPTIONS -------------------------------- #
- # ---------------------- DO NOT CHANGE BELOW THIS LINE ----------------------- #
- # required for serialization when reentry is possible
- LOCK="/tmp/$(basename $0).lock"
- acquire_lock() { while ! mkdir $LOCK >/dev/null 2>&1; do sleep 10; done; }
- release_lock() { rmdir $LOCK >/dev/null 2>&1; }
- # default to curl, failover to wget (not guaranteed to support tls)
- which curl &>/dev/null && \
- GET_URL="curl -sLk --connect-timeout $MAX_WAIT --max-time $MAX_WAIT" || \
- GET_URL="wget -T $MAX_WAIT -qO -"
- # domains to be blacklisted
- BLACKLIST='/tmp/blacklisted_domains'; > $BLACKLIST
- # workfile
- RAW_BLACKLIST="/tmp/tmp.$$.raw_blacklist"
- # wait for wan availability
- until ping -qc1 -W3 8.8.8.8 &>/dev/null; do sleep 10; done
- # one instance at a time
- acquire_lock
- # catch premature exit and cleanup
- trap 'release_lock; exit 1' SIGHUP SIGINT SIGTERM
- for url in $URL_LIST; do
- # skip comments and blank lines
- echo $url | grep -Eq '^[[:space:]]*(#|$)' && continue
- # retrieve url as raw blacklist
- $GET_URL $url > $RAW_BLACKLIST || { echo "error: $url"; continue; }
- # reformat as '0.0.0.0 domain-name' pairs
- awk '/^0\.0\.0\.0|^127\.0\.0\.1/{print "0.0.0.0 " $2}' $RAW_BLACKLIST | \
- # remove malformed domain names
- grep -E '^0\.0\.0\.0 [0-9A-z\.-]+$' >> $BLACKLIST
- done
- # cleanup
- rm -f $RAW_BLACKLIST
- # sort and remove duplicates
- sort -uo $BLACKLIST $BLACKLIST
- # remove domains and sub-domains that match whitelist
- if [ "$(echo $WHITELIST)" ]; then
- sed -ri "/$(echo $WHITELIST | \
- sed -r 's/\*//g;s/( |$)/$|/g;s/\|$//;s/\./\\./g;s/([^|]*)/[ .]\1/g')/d" \
- $BLACKLIST
- fi
- # wait for dnsmasq availability
- until pidof dnsmasq &>/dev/null; do sleep 10; done
- # force dnsmasq to recognize updated blacklist
- killall -HUP dnsmasq
- # report the results
- echo "info: total blacklisted domains: $(wc -l < $BLACKLIST)"
- # any concurrent instance(s) may now run
- release_lock
- exit 0
- ) 2>&1 | logger $([ ${DEBUG+x} ] && echo '-p user.debug') \
- -t $(echo $(basename $0) | grep -Eo '^.{0,23}')[$$] &
Add Comment
Please, Sign In to add comment