Diversion Diversion - the Router Ad-Blocker

[thelonelycoder]

Hello Mr. Coder Sir,

Can you please double-check if the fix handled this issue? I continued to have this issue in my stats after the update (even after doing a full stats/log reset in both Diversion and the Jack Yaz UI script).
I eventually resolved it by changing my printer's IP address from 192.168.0.200 to 192.168.0.123-something

My pixelserv IP is 192.168.0.2

Yes, Mr. CriticJay, this is fixed in Diversion. It will not be fixed in @Jack Yaz uiDivStats as his script is currently being completely rewritten.

 

[tomsk]

Yes, Mr. CriticJay, this is fixed in Diversion. It will not be fixed in @Jack Yaz uiDivStats as his script is currently being completely rewritten.

Thats Mr. Jack Yaz

 

[thelonelycoder]

Thats Mr. Jack Yaz

Understood, Sir Tomsk. I will oblige in further electronic utterings on this medium.

 

[Jack Yaz]

Understood, Sir Tomsk. I will oblige in further electronic utterings on this medium.

It's getting very posh in here! For a lad from Croydon, anyway....

 

[thelonelycoder]

It's getting very posh in here! For a lad from Croydon, anyway....

Just pretending, In reality I'm a simple man, born in a blue collar household. We did and I still have a great view out the window though.

 

[tomsk]

Just pretending, In reality I'm a simple man, born in a blue collar household. We did and I still have a great view out the window though.

Just joking around guys ... Mr. ThelonelyCoder knows my daft sense of humour well... i was just about to break into a "Luxury... we used to dream of having a window" python sketch, but restraint on behalf of other members of the forum stopped me

 

[xordos]

Thanks for this great adblocker, I recently flashed my router and discovered this great tool. Thanks @thelonelycoder.

So I search this thread and saw the discussion about wildcard whitelist. Completely understand and I just want to share my hack as for myself it is very useful. You know, wife keep yelling about some site not working so I keep turning off adblocking, then later still want give it try, turned it on then wife yelling again... you know what I mean

So here it is, it is a "hack" that use the simplest apprach, and treat the whitelist as wildcard list. It use string searching so following 2 style works but have different result:

.abcd.net --> www.abcd.net will match, www.xxabcd.net won't
abcd.net --> www.xxabcd.net will match

--- /opt/share/diversion/file/functions.div.orig
+++ /opt/share/diversion/file/functions.div
@@ -4206,6 +4206,7 @@
                                                        sed -i "$(sed 's:.*:s/&/ /g:' ${DIVERSION_DIR}/list/whitelist.tmp)" "${DIVERSION_DIR}/list/$list"
                                                        sed -i "/^$blockingIPesc $\|^$blockingIPesc  $/d" "${DIVERSION_DIR}/list/$list"
                                                done
+                                               sed -i "$(sed 's# ##g;s#.*#s/[^[:blank:]]*&/ /g#' ${DIVERSION_DIR}/list/whitelist.tmp)" "${DIVERSION_DIR}/list/blockinglist"

                                                if [ -s "/jffs/addons/shared-whitelists/shared-Diversion-whitelist" ]; then
                                                        /opt/bin/grep "^[^#]" "${DIVERSION_DIR}/list/whitelist" | awk '{print $1}' > "${DIVERSION_DIR}/list/shared-Diversion-whitelist.tmp"

As you can see, it only add one line to /opt/share/diversion/file/functions.div

For the change to take effect, need "process" the white list, diversion menu el then 4.

If for any reason, the blockinglist file got messed up, please re-download the block list (diversion menu b, 4).

@thelonelycoder, this is my first post to the forum, and not sure you like others post hack to your official thread. If this is not good, let me know i will remove it. Again, thank you for this wonderful tool!

Edit: updated file path to use /opt/share/diversion

 

[thelonelycoder]

Thanks for this great adblocker, I recently flashed my router and discovered this great tool. Thanks @thelonelycoder.

So I search this thread and saw the discussion about wildcard whitelist. Completely understand and I just want to share my hack as for myself it is very useful. You know, wife keep yelling about some site not working so I keep turning off adblocking, then later still want give it try, turned it on then wife yelling again... you know what I mean

So here it is, it is a "hack" that use the simplest apprach, and treat the whitelist as wildcard list. It use string searching so following 2 style works but have different result:

.abcd.net --> www.abcd.net will match, www.xxabcd.net won't
abcd.net --> www.xxabcd.net will match

--- /tmp/mnt/usbpen/entware/share/diversion/file/functions.div.orig
+++ /tmp/mnt/usbpen/entware/share/diversion/file/functions.div
@@ -4206,6 +4206,7 @@
                                                        sed -i "$(sed 's:.*:s/&/ /g:' ${DIVERSION_DIR}/list/whitelist.tmp)" "${DIVERSION_DIR}/list/$list"
                                                        sed -i "/^$blockingIPesc $\|^$blockingIPesc  $/d" "${DIVERSION_DIR}/list/$list"
                                                done
+                                               sed -i "$(sed 's# ##g;s#.*#s/[^[:blank:]]*&/ /g#' ${DIVERSION_DIR}/list/whitelist.tmp)" "${DIVERSION_DIR}/list/blockinglist"

                                                if [ -s "/jffs/addons/shared-whitelists/shared-Diversion-whitelist" ]; then
                                                        /opt/bin/grep "^[^#]" "${DIVERSION_DIR}/list/whitelist" | awk '{print $1}' > "${DIVERSION_DIR}/list/shared-Diversion-whitelist.tmp"

As you can see, it only add one line to /tmp/mnt/usbpen/entware/share/diversion/file/functions.div

For the change to take effect, need "process" the white list, diversion menu el then 4.

If for any reason, the blockinglist file got messed up, please re-download the block list (diversion menu b, 4).

@thelonelycoder, this is my first post to the forum, and not sure you like others post hack to your official thread. If this is not good, let me know i will remove it. Again, thank you for this wonderful tool!

... And as you probably read, there will be no wildcard whitelist option in Diversion.

 

[thelonelycoder]

Thanks for this great adblocker, I recently flashed my router and discovered this great tool. Thanks @thelonelycoder.

So I search this thread and saw the discussion about wildcard whitelist. Completely understand and I just want to share my hack as for myself it is very useful. You know, wife keep yelling about some site not working so I keep turning off adblocking, then later still want give it try, turned it on then wife yelling again... you know what I mean

So here it is, it is a "hack" that use the simplest apprach, and treat the whitelist as wildcard list. It use string searching so following 2 style works but have different result:

.abcd.net --> www.abcd.net will match, www.xxabcd.net won't
abcd.net --> www.xxabcd.net will match

--- /tmp/mnt/usbpen/entware/share/diversion/file/functions.div.orig
+++ /tmp/mnt/usbpen/entware/share/diversion/file/functions.div
@@ -4206,6 +4206,7 @@
                                                        sed -i "$(sed 's:.*:s/&/ /g:' ${DIVERSION_DIR}/list/whitelist.tmp)" "${DIVERSION_DIR}/list/$list"
                                                        sed -i "/^$blockingIPesc $\|^$blockingIPesc  $/d" "${DIVERSION_DIR}/list/$list"
                                                done
+                                               sed -i "$(sed 's# ##g;s#.*#s/[^[:blank:]]*&/ /g#' ${DIVERSION_DIR}/list/whitelist.tmp)" "${DIVERSION_DIR}/list/blockinglist"

                                                if [ -s "/jffs/addons/shared-whitelists/shared-Diversion-whitelist" ]; then
                                                        /opt/bin/grep "^[^#]" "${DIVERSION_DIR}/list/whitelist" | awk '{print $1}' > "${DIVERSION_DIR}/list/shared-Diversion-whitelist.tmp"

As you can see, it only add one line to /tmp/mnt/usbpen/entware/share/diversion/file/functions.div

For the change to take effect, need "process" the white list, diversion menu el then 4.

If for any reason, the blockinglist file got messed up, please re-download the block list (diversion menu b, 4).

@thelonelycoder, this is my first post to the forum, and not sure you like others post hack to your official thread. If this is not good, let me know i will remove it. Again, thank you for this wonderful tool!

For future code examples - which are always welcome BTW - please use the /opt path to Diversion files on the USB device:

/opt/share/diversion/

This works for all, as opposed to your individual device path.

 

[xordos]

For future code examples - which are always welcome BTW - please use the /opt path to Diversion files on the USB device:

/opt/share/diversion/

This works for all, as opposed to your individual device path.

Thanks @thelonelycoder , updated original post.

 

[CriticJay]

Has anyone done any analysis/observations on whether the new YT adblocker is affected by whether Pixelserv-TLS is enabled or disabled?

I'm primarily thinking about devices which cannot have the Pixelserv CA certificate installed, rather than regular Apple/Windows PCs and mobile phones:

- Apple TV
- Amazon Fire TV
- Google Chromecast
- smart TVs?

 

[dave14305]

Has anyone done any analysis/observations on whether the new YT adblocker is affected by whether Pixelserv-TLS is enabled or disabled?

I'm primarily thinking about devices which cannot have the Pixelserv CA certificate installed, rather than regular Apple/Windows PCs and mobile phones:

- Apple TV
- Amazon Fire TV
- Google Chromecast
- smart TVs?

Since the YT adblocker does not rely on the Pixelserv IP, it should not matter. It redirects all matching googlevideo.com domain names to the same (but valid) googlevideo.com IP that is found first in the dnsmasq log. At least that's my simplistic explanation.

 

[thelonelycoder]

Just joking around guys ... Mr. ThelonelyCoder knows my daft sense of humour well... i was just about to break into a "Luxury... we used to dream of having a window" python sketch, but restraint on behalf of other members of the forum stopped me

The Lady of the House Without Windows demeanor says it all.

 

[WhyNetworkAtAll]

I have a question on wildcard blacklisting + whitelisting for *alternate* blocking clients. How do I express the following to diversion?

For alternate clients (i.e. not all clients)

Blacklist:
* (i.e. everything)

Whitelist:
*.school.com
*.docs.google.com
www.reading.com
(about 30 entries, mixed of FQDNs and *.example.com wildcards)

Details: I have an RT-AC68U with the latest Asus Merlin (384.17). I have two classes of clients:

1. Kids' (<10 years) devices
2. Rest of the house (laptops, phones, printers, IoT etc)

For #2, rest of the house, it's easy. Diversion standard + standard blocklist does 99% of what I want. pixelserv-tls helps a bit but not essential for me (it's on though). I love that diversion running on the router itself simplifies filtering/management for guest networks too.

But for the kids devices, I'm currently pointing them (router -> LAN -> DNSFilter) to a separate PiHole 5 which blacklists everything * and then I've whitelisted some 20 odd wildcard domains (e.g. *.school-example.com) necessary for online schooling during COVID lockdown. I'm at a loss how to express this logic in diversion. Would appreciate some help.

Thanks

PS: I love the work here with Diversion but not sure if I should ask on this thread or create another one in the Asus Merlin forum.

 

[SomeWhereOverTheRainBow]

I have a question on wildcard blacklisting + whitelisting for *alternate* blocking clients. How do I express the following to diversion?

For alternate clients (i.e. not all clients)

Blacklist:
* (i.e. everything)

Whitelist:
*.school.com
*.docs.google.com
www.reading.com
(about 30 entries, mixed of FQDNs and *.example.com wildcards)

Details: I have an RT-AC68U with the latest Asus Merlin (384.17). I have two classes of clients:

1. Kids' (<10 years) devices
2. Rest of the house (laptops, phones, printers, IoT etc)

For #2, rest of the house, it's easy. Diversion standard + standard blocklist does 99% of what I want. pixelserv-tls helps a bit but not essential for me (it's on though). I love that diversion running on the router itself simplifies filtering/management for guest networks too.

But for the kids devices, I'm currently pointing them (router -> LAN -> DNSFilter) to a separate PiHole 5 which blacklists everything * and then I've whitelisted some 20 odd wildcard domains (e.g. *.school-example.com) necessary for online schooling during COVID lockdown. I'm at a loss how to express this logic in diversion. Would appreciate some help.

Thanks

PS: I love the work here with Diversion but not sure if I should ask on this thread or create another one in the Asus Merlin forum.

are you using the newest pihole 5.0? you can regex whitelist for all those whitelisted domains with subdomains you have a bunch of repeated domains for

unfortunately diversion does not support a wildcard whitelisting. at-least not that i know of.

 

[DonCatoli]

Something in the small blocking list is preventing the manual driver selection drops downs from displaying which forces me to disable diversion in order to download nVidia drivers, does anyone know what I would need to add to the whitelist to make this work again?, it was fine in the past. https://www.geforce.com/drivers

 

[SomeWhereOverTheRainBow]

Something in the small blocking list is preventing the manual driver selection drops downs from displaying which forces me to disable diversion in order to download nVidia drivers, does anyone know what I would need to add to the whitelist to make this work again?, it was fine in the past. https://www.geforce.com/drivers

hold on i will get you whitelist for nvidia

events.gfe.nvidia.com
ota-downloads.nvidia.com
gfwsl.geforce.com

 

[SomeWhereOverTheRainBow]

Try whitelisting those i put above ^^^^

you will need to reprocess your whitelist , and refresh your DNS before testing.

 

[SomeWhereOverTheRainBow]

It is that small mvp blocklist, that list tends to break alot of drivers and update associated platforms because it cross references domains used for gaming, windows updates, and nvidia stuffs.

 

[DonCatoli]

Try whitelisting those i put above ^^^^

you will need to reprocess your whitelist , and refresh your DNS before testing.

Working so far, thx... seems addresses 1 and 3 were getting blocked.