What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Once the DropBox feature was added, I haven't looked back. Whitelists don't change extremely often (at least in my experience). For example, you can make a text file in Dropbox, share it with the URL sharing link, paste in a good whitelist set, then maintain your own if additional domains for your network needed to be whitelisted. Great example of one that changes every few months that has virtually eliminated whitelisting for me personally:
https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt

If you're using a whitelist that is changing every 5 minutes, then the author is being overly aggressive. The whitelist I use was updated 3 months ago for example.
Yes, this method works, but as I mentioned above, if you don't have authorization edit the list, you cannot add more domains locally. Unlike blacklists, where you may have "read-only" remote lists and still be able add additional domains locally.

Other words, unless there is a good reason for not able have multiple remote whitelists along side with local list, this looks like a missing useful feature ;)
 
@thelonelycoder Any advice on how to solve this?
Router has 15 days uptime, I didn't touch anything since then... when I went to check for script updates through AMTM, I've found I'm not able to open skynet, pixelserv shows not running in diversion menu, and this on syslog

Code:
Oct  9 08:00:01 kernel: EXT4-fs error (device sda1): add_dirent_to_buf:1280: inode #262145: block 1056800: comm sh: bad entry in directory: inode out of bounds - offset=0(0), inode=1074004099, rec_len=12, name_len=1
 
@thelonelycoder Any advice on how to solve this?
Router has 15 days uptime, I didn't touch anything since then... when I went to check for script updates through AMTM, I've found I'm not able to open skynet, pixelserv shows not running in diversion menu, and this on syslog

Code:
Oct  9 08:00:01 kernel: EXT4-fs error (device sda1): add_dirent_to_buf:1280: inode #262145: block 1056800: comm sh: bad entry in directory: inode out of bounds - offset=0(0), inode=1074004099, rec_len=12, name_len=1
With the Disk check enabled in amtm, reboot the router and cross fingers.
 
Yes, this method works, but as I mentioned above, if you don't have authorization edit the list, you cannot add more domains locally. Unlike blacklists, where you may have "read-only" remote lists and still be able add additional domains locally.

Other words, unless there is a good reason for not able have multiple remote whitelists along side with local list, this looks like a missing useful feature ;)
In that case, use it as intended for the hosted lists: Host it somewhere, Dropbox, Pastebin or your own Server.
 
With the Disk check enabled in amtm, reboot the router and cross fingers.
Sadly didn't work... :(
Think I'll have the annoying thing of formatting and reinstalling everything...
I don't know what causes it... but bothers me a lot. The usb drive it's not the root cause. Used different want even good brands and it repeats.
Did the format using fd, ext4 with journal, one partition, with swap/amtm/diversion/skynet only

I'm going to ask Eric, maybe he knows how to prevent it

Sent from S.G. S9 Plus Duos using Tapatalk
 
Sadly didn't work... :(
Think I'll have the annoying thing of formatting and reinstalling everything...
I don't know what causes it... but bothers me a lot. The usb drive it's not the root cause. Used different want even good brands and it repeats.
Did the format using fd, ext4 with journal, one partition, with swap/amtm/diversion/skynet only

I'm going to ask Eric, maybe he knows how to prevent it

Sent from S.G. S9 Plus Duos using Tapatalk
Is disk check able to complete properly?
 
Other words, unless there is a good reason for not able have multiple remote whitelists along side with local list, this looks like a missing useful feature
Let me elaborate to my previous reply (https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-197#post-519758).
I appreciate all user suggestions for Diversion and amtm and consider every idea/code snippet/suggestion for its merit.

However, I have a good reason to decline the addition of supporting both a local and hosted whitelist(s) in Diversion - it's the complexity it would add.
The way the whitelist logic is built now, adding such an option would complicate the code much more than one would think of this - on the surface - simple change.
The el code is already very complicated due to its many options and the resulting use cases. Adding more if/else clauses makes reading and understanding that code even harder, resulting in coding errors or affected cases not properly covered.

The options Diversion offers in general and for the blocking list, whitelist and blacklists in particular are unsurpassed by any of the known DNS based ad-blockers out there. That includes Pi-hole which has nowhere near as many user configurable settings as Diversion does.

While considering your suggestion and also keeping a bug reported by @Adamm in mind, I did find a logical error in that particular very long code.
So, consider your idea a success, though not in the form you expected :)
 
Last edited:
Just got my weekly stats report and noticed the prevalence of the domain “result” in the report. This is related to the logging from having DNSSEC enabled. Is it simple to exclude lines like the one below.
Code:
Oct 12 08:27:43 dnsmasq[30821]: 997 192.168.1.86/63610 validation result is INSECURE

Edit: or maybe it’s a result of having the extra dnsmasq log format enabled.
 
Last edited:
Let me elaborate to my previous reply (https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-197#post-519758).
I appreciate all user suggestions for Diversion and amtm and consider every idea/code snippet/suggestion for its merit.

However, I have a good reason to decline the addition of supporting both a local and hosted whitelist(s) in Diversion - it's the complexity it would add.
The way the whitelist logic is built now, adding such an option would complicate the code much more than one would think of this - on the surface - simple change.
The el code is already very complicated due to its many options and the resulting use cases. Adding more if/else clauses makes reading and understanding that code even harder, resulting in coding errors or affected cases not properly covered.

The options Diversion offers in general and for the blocking list, whitelist and blacklists in particular are unsurpassed by any of the known DNS based ad-blockers out there. That includes Pi-hole which has nowhere near as many user configurable settings as Diversion does.

While considering your suggestion and also keeping a bug reported by @Adamm in mind, I did find a logical error in that particular very long code.
So, consider your idea a success, though not in the form you expected :)

Agreed on all points; the one feature request that would be amazing to see added would be regex blocking (beyond wildcard blocking). On my pi-hole setup, I use MUCH fewer blocklists and use one set of regex filters, and it's fast! You can keep your list of domains way down (which helps on Raspberry Pi hardware at least, especially if you are using a Pi Zero W):
https://github.com/mmotti/pihole-regex
 
Agreed on all points; the one feature request that would be amazing to see added would be regex blocking (beyond wildcard blocking). On my pi-hole setup, I use MUCH fewer blocklists and use one set of regex filters, and it's fast! You can keep your list of domains way down (which helps on Raspberry Pi hardware at least, especially if you are using a Pi Zero W):
https://github.com/mmotti/pihole-regex
That only works with their modified Dnsmasq binary, the FTLDNS. AFAIK there's no way to use regex directly with Dnsmasq.
 
That only works with their modified Dnsmasq binary, the FTLDNS. AFAIK there's no way to use regex directly with Dnsmasq.
Figured as much. It's a fantastic feature, especially if you use the right expressions. Do you have any wildcard blacklist suggestions?
 
Last edited:
I appreciate your response, I just thought I would ask because it would be the most likely candidate to support it being that you already have it setup to allow an individual hosted list for Wildcard-blocklist.

Thank you for your awesome work!
I have to put my foot down to curb feature creep and keep my sanity.
 
And here’s what it has caught:
ec9ccbc354715b37e29efc570fda230a.jpg



Sent from my iPhone using Tapatalk
 
Keep in mind, those numbers are after several years of use. 5-6 as best I can reckon. So diversion and ab-solution before it have done a really quite wonderful job all this time. Brave has just caught what slipped through their cracks and stopped a lot of noise in my portal to the matrix.


Sent from my iPhone using Tapatalk
 
Keep in mind, those numbers are after several years of use. 5-6 as best I can reckon. So diversion and ab-solution before it have done a really quite wonderful job all this time. Brave has just caught what slipped through their cracks and stopped a lot of noise in my portal to the matrix.
Keep in mind that while the in-browser ad-blocker sees the domain request and blocks it, the domain may also be blocked by Diversion.
Numbers in your in-browser ad-blocker may be way out of what it actually blocked per your posted statistics.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top