What's new

ad blocking on the router

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Thanks. This could be a good starting point but please consider that I never prepared a script ... I am really a non-experienced user that wishes to start modding in a safe way.
Maybe it could be a good idea to add a wiki section that teaches how to input a script ....

inviato da Samsung Note 2 con Tapatalk
 
Thanks. This could be a good starting point but please consider that I never prepared a script ... I am really a non-experienced user that wishes to start modding in a safe way.
Maybe it could be a good idea to add a wiki section that teaches how to input a script ....

inviato da Samsung Note 2 con Tapatalk

This is basically Linux shell programming, editing a file and creating a script using a text editor, getting the permissions on the script correct, and so on. You can find lots of tutorials on Linux script writiing, text editors, etc. on the internet, so that tutorial has already been written elsewhere.
 
On the side of this request, I just tried to use WinSCP to handle the files and install a script, and it seems that SFTP is not available on the device ? Just to confirm please.

It works fine with FTP but I don't see the Jffs partition ?

Thanks
GH
 
On the side of this request, I just tried to use WinSCP to handle the files and install a script, and it seems that SFTP is not available on the device ? Just to confirm please.

It works fine with FTP but I don't see the Jffs partition ?

Thanks
GH

Just a note, "scp" does work on the router. I used that with a Linux VM on my Windows system.

Also, there's information on jffs, scripts, etc. here:

https://github.com/RMerl/asuswrt-merlin/wiki
 
Just a note, "scp" does work on the router. I used that with a Linux VM on my Windows system.

Also, there's information on jffs, scripts, etc. here:

https://github.com/RMerl/asuswrt-merlin/wiki

I should have dome more searches before asking: we have to install SFTP through Optware. I think Merlin wrote a guide to do that.

Also I know where is the wiki and what it contains, but I just need the "mechanic" to go to and manage the Jffs partition. Could you help me in that matter?

Thanks,

GH
 
Thanks. This could be a good starting point but please consider that I never prepared a script ... I am really a non-experienced user that wishes to start modding in a safe way.
Maybe it could be a good idea to add a wiki section that teaches how to input a script ....
inviato da Samsung Note 2 con Tapatalk

You are right. It is difficult to get started. The documentation is quite good but sometimes, probably because written by power-users who already know, some links are missing to help us to fly from one rock to the others...

In this specific case, here is a good place to learn more (hands-on)about your concern. Don't mind about the specifics of the script, but look at what is around it. https://github.com/RMerl/asuswrt-merlin/wiki/WOL-Script-Wake-Up-Your-Webserver-On-Internet-Traffic

This could be very helpfull for beginners like me and others who want to get the very basic of all that.

GH
 
Last edited:
dsuck is a small DNS server, that returns NXDOMAIN answer for blacklisted sites, so browser/OS will not wait for answer from blocked hosts. It's main advantage over DD-WRT solution.

Requirements to run adsuck are:
  • Asuswrt-Merlin driven RT-N16/RT-N66U/RT-AC66U router with USB-drive and jffs partition enabled.
  • Working Entware environment. Please, refer HOW-TO for details.

Installation:
  • Install adsuck package:
    opkg install adsuck
  • copy provider's DNS list to adsuck folder:
    cp -f /tmp/resolv.conf /opt/etc/adsuck/
  • choose what type of sites you want to filter, all filter files is in the /opt/etc/adsuck/Hosts.*:
    • Hosts.blc - 1916 sites anti-phishing white list,
    • Hosts.mis - 566350 other potential dangerous sites (drugs, sects, spam, traps, violence)
    • Hosts.pub - 106338 advert. sites,
    • Hosts.rsk - 120033 sites with potencial dangerous contents, viruses mostly,
    • Hosts.sex - 905497 adult content sites,
    • Hosts.trc - 46584 anti tracker/counters list.
  • let adsuck to run at boot time:
    echo \#!/bin/sh > /jffs/scripts/services-start
    echo adsuck -d -l 127.0.0.1 -c /opt/etc/adsuck -f resolv.conf -p 65053 -u admin Hosts.sex Hosts.trc Hosts.pub >> /jffs/scripts/services-start
    echo no-resolv > /jffs/configs/dnsmasq.conf.add
    echo server=127.0.0.1\#65053 >> /jffs/configs/dnsmasq.conf.add
and reboot router. In example, i've added three filters: Hosts.pub + Hosts.sex + Hosts.trc which gives over a million hosts to be blacklisted.

Feel free to ask any details you want to know!

tryed the first way and some pages dodsn't load at all.

I think there is something wrong with jffs scripts or configs. Let's try to run adsuck manually:
  • please, remove adsuck autostart:
    rm /jffs/scripts/services-start
    rm /jffs/configs/dnsmasq.conf.add
  • reboot router and type:
    killall dnsmasq
    adsuck -d -l 127.0.0.1 -c /opt/etc/adsuck -f resolv.conf -p 65053 -u admin Hosts.sex Hosts.trc
    dnsmasq --no-resolv --server=127.0.0.1#65053
Is internet connection is up this way?

tryed that as well and the same pages dodsn't load so it's the same


edit:
youdst found 1 off the pages i couldn't load in the *.sex list so that list might be the root cause

edit:
something more weird happend i can browse the internet from my own computer but not others when adsuck is activated
 
Last edited:
Last edited:
Hi!
edit:
something more weird happend i can browse the internet from my own computer but not others when adsuck is activated
Every modern OS (and some browsers too!) caches DNS requests and use it for acceleration purposes. For example, if you'll get an access to any of blacklisted sites before adsuck activation, then you will be able do get access after adsuck being activated, because OS on PC «remember» previous DNS queries. To clear DNS cache on Windows type on command prompt:
Code:
ipconfig /flushdns
 
Last edited:
Hi!
Every modern OS (and some browsers too!) caches DNS requests and use it for acceleration purposes. For example, if you'll get an access to any of blacklisted sites before adsuck activation, then you will be able do get access after adsuck being activated, because OS on PC «remember» previous DNS queries. To clear DNS cache on Windows type on command prompt:
Code:
ipconfig /flushdns

know about that did a full system reboot not related to this but some updates i installed so my cache should be empty.

it blocked access to everything even a site i found in one off the blocklists and removed
 
Last edited:
So I have come to the conclusion that this thread here doesn't work/or work for how I'm trying to use it.

As for the other link I posted I get errors when run the script manually on the router, and dont feel like diving into the code too much right now.

That leaves me to wonder if this method may work. Looks like I'll have to test it out...

Thanks for the info..
 
That thread says:

"The ad blocking method from tutorial is based on hosts blacklist. I'll describe how to do it, but IMHO, it's a simplest and worst one. "

But the author did not elaborate on why it is the worst approach.

I have read and reread the thread and cannot get my head around it.

Too techy or the English is not there.

I have tried several techniques and for me I simply ignore the adverts. I've trained myself to ignore adverts, especially the more in-your-face one like in forums that insert adverts between posts.

I have set up a network and use pfSense running Squid and Squidguard. This blocks like 99% of adverts and bad sites.

Squidguard uses a blacklist (the best one is Shallalist) that is updated by volunteers every day.

DansGuardian is another package that has been ported to pfSense and does not need a blacklist but can use it as a supplement to its own algorithm to kill adverts and dodgy sites.

pfSense is much easier to setup compared to running scripts on a router in my opinion. But of course you have the overhead of a separate box to take care of.

That leaves me to wonder if this method may work. Looks like I'll have to test it out...

Thanks for the info..
 
That thread says:

"The ad blocking method from tutorial is based on hosts blacklist. I'll describe how to do it, but IMHO, it's a simplest and worst one. "

But the author did not elaborate on why it is the worst approach.
Sorry for that. I have to be more verbose here.

I mean host based ad blocking method is too rough. Yes, there is a big number of hosts that must be blocked entirely, but in most cases we need to block just some part of web page, not a whole page or host. For example, with host-based approach we can't block an ads from google without blocking all other google services.

Almost all modern ad blockers on PC removes unwanted parts of web pages, not a whole pages or hosts. Asus RT-N66U/N16/AC66U routers is powerful enough to perform this task with dansguardian or privoxy on board.

If you will feel it slows down a web surfing, you can always fall back to hosts-based solution. You even don't need to load those blacklist to router, you may use OpenDNS DNS service for that.

To whom it may be interesting, I've ported a dnscypt-proxy — a tool that may be used to protects surfers against DNS spoofing.
 
I was very interested in this, and it does make sense to do it in the router. But now I have an ad blocking browser for my iPad, "Atomic" browser, and I've rooted my Android phone, which allows me to use an app that pretty much removes the ads from there. So while I still see a few ads, there aren't enough to bother me.

It would be nice to do this on the router, but I don't want to give over the bandwidth on this central resource to blocking ads. That's my choice, maybe I'll feel that the next router has more extra processing power for this, or it will come built-in.
 
Having ipset support would be ideal in terms of performance for those kind of blacklists. Unfortunately my last attempt at porting ipset to our kernel wasn't entirely successful - I had issues with the client itself. Maybe someday I'll give it another try.
 
One of the things I have found trying to do this, is that every time I try to do some variant of ad block it fails. I noticed that every time I place the script on JFFS partition then reboot I can no longer access the net, then If I reboot again, the scripts are gone even tho Format JFFS partition at next boot is clicked off in the Webif.

I'm not sure how I want to attack this... Dont have lots of time to mess with it...spent too much already...

I can tell ya this...I have to get something working, because these adds are driving me nuts!! I so dont want to go back to DDWRT right now...

Maybe I need to reflash the firmware...?
 
Last edited:
kinda working

let adsuck to run at boot time:
Code:
echo \#!/bin/sh > /jffs/scripts/services-start
echo adsuck -d -l 127.0.0.1 -c /opt/etc/adsuck -f resolv.conf -p 65053 -u admin Hosts.sex Hosts.trc Hosts.pub >> /jffs/scripts/services-start
echo no-resolv > /jffs/configs/dnsmasq.conf.add
echo server=127.0.0.1\#65053 >> /jffs/configs/dnsmasq.conf.add

that didn't work for me there was no internet at all.

what works for me on cable but takes a long time to tell there is internet.
blocks most the ad's and dodsn't work at all on wifi wont get an ip:
Code:
echo \#!/bin/sh > /jffs/scripts/services-start
echo adsuck -d -l 192.168.1.1 -c /opt/etc/adsuck -f /resolv.conf -u admin /Hosts.sex /Hosts.trc /Hosts.pub >> /jffs/scripts/services-start
echo no-resolv > /jffs/configs/dnsmasq.conf.add
echo server=/192.168.1.1#53 >> /jffs/configs/dnsmasq.conf.add
 
Code:
echo server=/192.168.1.1#53 >> /jffs/configs/dnsmasq.conf.add
Wait, dnsmasq must be on UDP 53 port, not the adsuck. If adsuck occupy UDP 53 port first then dnsmasq will fail to start. A dnsmasq not a DNS forwarder only, but DCHP server too. That's why Wi-Fi devices can't get an IP addresses.
 
Wait, dnsmasq must be on UDP 53 port, not the adsuck. If adsuck occupy UDP 53 port first then dnsmasq will fail to start. A dnsmasq not a DNS forwarder only, but DCHP server too. That's why Wi-Fi devices can't get an IP addresses.

i know but that is the only port i can make it work on it's like adsuck cant start as the port it want to use is closed or maby adsuck is running but dnsmasq can't connect to the port as it's closed and i have no idea what to do there as this is my first time messing with linux
 
Last edited:

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top