What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Nice, looks pretty good. But does this block ip's with iptables or does it just DNS block with the hosts file? If it's the latter then it seems like alot of trouble to go through instead of a simple script like the one I posted earlier.

DNS blocking. The operation of Diversion is explained on the website - https://diversion.ch/ . Isn't having choices good a good thing in life? I chose to use thelonelycoder's scripts, they have improved my life, not given me 'trouble'. I'm very grateful to him for spending his time developing and continuously supporting these scripts.
 
Last edited:
Nice, looks pretty good. But does this block ip's with iptables or does it just DNS block with the hosts file? If it's the latter then it seems like alot of trouble to go through instead of a simple script like the one I posted earlier.
What you have is very similar to what diversion does, but with diversion you get push button customized configuration of this type of blocking which is very valuable to the less technically inclined. Diversion offers error checking and a nice, friendly interface to bring something like your script to those who have no idea what it means or how to implement it. It’s much less trouble for most.
 
Nice, looks pretty good. But does this block ip's with iptables or does it just DNS block with the hosts file? If it's the latter then it seems like alot of trouble to go through instead of a simple script like the one I posted earlier.
Yup, then six years go by, your code has evolved and you find yourself posting a reply just as this one ;)
Edit: https://diversion.ch/diversion/diversion.html
 
Nice, looks pretty good. But does this block ip's with iptables or does it just DNS block with the hosts file? If it's the latter then it seems like alot of trouble to go through instead of a simple script like the one I posted earlier.
I found it slightly amusing that even six years later your script is almost identical to the original version of this script. I guess that's proof it's still the best technique. ;) The main difference of course is that because your script is for stock Asus firmware it won't survive a reboot.
 
Last edited:
Can someone tell me if my adblock / pixel server is working?

As a loan, according to the log, I would tap yes.

see post:
# 4613
4614
 

Attachments

  • log.png
    log.png
    346.4 KB · Views: 205
@thelonelycoder
Would it be possible to include in the future the ability to divert traffic to a valid IP rather than 0.0.0.0 or 127.0.0.1 with the idea to redirect to a different site rather than just block? For example, to enforce Google safe search, I would normally edit my DNSMasq file on the router to make this redirection to 216.239.38.120. It would be really handy if this could be handled by Diversion so it could more easily be disabled if needed (or used with Fast Switch). Below is an example of what could be used (I tried adding this to a host file, but Diversion ignored it since it only looks for 0.0.0.0 or 127.0.0.1).

# Force Google SafeSearch
216.239.38.120 google.com
204.79.197.220 bing.com
# YouTube Restricted Moderate
216.239.38.119 youtube.com
216.239.38.119 youtube.com
216.239.38.119 youtubei.googleapis.com
216.239.38.119 youtube.googleapis.com
216.239.38.119 youtube-nocookie.com
 
@thelonelycoder
Would it be possible to include in the future the ability to divert traffic to a valid IP rather than 0.0.0.0 or 127.0.0.1 with the idea to redirect to a different site rather than just block? For example, to enforce Google safe search, I would normally edit my DNSMasq file on the router to make this redirection to 216.239.38.120. It would be really handy if this could be handled by Diversion so it could more easily be disabled if needed (or used with Fast Switch). Below is an example of what could be used (I tried adding this to a host file, but Diversion ignored it since it only looks for 0.0.0.0 or 127.0.0.1).

# Force Google SafeSearch
216.239.38.120 google.com
204.79.197.220 bing.com
# YouTube Restricted Moderate
216.239.38.119 youtube.com
216.239.38.119 youtube.com
216.239.38.119 youtubei.googleapis.com
216.239.38.119 youtube.googleapis.com
216.239.38.119 youtube-nocookie.com
As you found out, Diversion auto-rewrites any <IP domain> pair to <blockingIP domain> in the blocking file and both blacklists.

Your feature request would be an additional separate file that gets added to Dnsmasq. I'm not sure this is within the scope of Diversion.
You all would have to convince me this is a welcome and fitting addition :D
 
As you found out, Diversion auto-rewrites any <IP domain> pair to <blockingIP domain> in the blocking file and both blacklists.

Your feature request would be an additional separate file that gets added to Dnsmasq. I'm not sure this is within the scope of Diversion.
You all would have to convince me this is a welcome and fitting addition :D

So it sounds like you are saying it would be possible, but it would be written to the location of the DNSmasq file rather than where the Diversion host file lives. Anybody else see how this could be useful or am I alone on this one?
 
So it sounds like you are saying it would be possible, but it would be written to the location of the DNSmasq file rather than where the Diversion host file lives. Anybody else see how this could be useful or am I alone on this one?
I might be misunderstanding. It seems you want to redirect outgoing URLs from your router clients to "safe" sources. I see Diversion as blocking incoming unwanted / objectionable / malicious contest. What you seek might be better for a new script or a "family / safe" DNS provider or the router DNS Filter? Apologies if I don't understand what you seek.
 
As I discovered yesterday, DNS filters such as Cleanbrowsing can easily be circumvented with an installed VPN client. I was thinking that maybe this would be an answer to that.
 
I might be misunderstanding. It seems you want to redirect outgoing URLs from your router clients to "safe" sources. I see Diversion as blocking incoming unwanted / objectionable / malicious contest. What you seek might be better for a new script or a "family / safe" DNS provider or the router DNS Filter? Apologies if I don't understand what you seek.
Ahem, Dnsmasq blocks outgoing requests in Diversion.
 
As I discovered yesterday, DNS filters such as Cleanbrowsing can easily be circumvented with an installed VPN client. I was thinking that maybe this would be an answer to that.
No, using a VPN on the client will completely bypass Diversion or any other router-based DNS server (assuming it's configured to do that).
 
Can someone tell me if my adblock / pixel server is working?

As a loan, according to the log, I would tap yes.

see post:
# 4613
4614
That looks fine to me, open 192.168.1.3/servstats in a browser to see if pixelserv-tls is busy or not.
 
As I discovered yesterday, DNS filters such as Cleanbrowsing can easily be circumvented with an installed VPN client. I was thinking that maybe this would be an answer to that.
You're playing whack-a-mole with your kids here. At least you're teaching them about technology as they have to go to greater and greater lengths to get around your blocks. :)

Next thing to do is figure out how to block their VPN connections. That's beyond my knowledge though.
 
You're playing whack-a-mole with your kids here. At least you're teaching them about technology as they have to go to greater and greater lengths to get around your blocks. :)

Next thing to do is figure out how to block their VPN connections. That's beyond my knowledge though.
you can start by blocking the standard openVPN server ports for connections from their clients
if they're smart and use a 443 port server though, tricky times ahead
 
Would it be possible to use a VPN client from my computer, and instead of using the VPN's assigned DNS, to have it get the DNS from the router so that I could still have the advantage of Diversion? I use a VPN that is not my own so I have no way to configure the VPN on the server side. I'm guessing I'm looking for this to do something that is not possible. You guys have been very helpful though.
 
Last edited:
Would it be possible to use a VPN client from my computer, and instead of using the VPN's assigned DNS, to have it get the DNS from the router so that I could still have the advantage of Diversion? I use a VPN that is not my own so I have no way to configure the VPN on the server side. I'm guessing I'm looking for this to do something that is not possible. You guys have been very helpful though.
That would be a configuration setting (if available) on the VPN client. It's nothing to do with the router.
 
Also, I just discovered that when I have DNS-based Filtering enabled and the Global Filter Mode set to "CleanBrowsing Family" (or any DNS service from the list), it ignores Diversion and no Ad-Blocking happens.
A5OIRbW.png
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top