What's new

Who's running adblocking on there router?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Pros: Both seem to work very well from the reports I've read. :)

Cons: It's a Netgear! :p:D:D

(Asus + RMerlin + Diversion user here). :)
 
I've been using HELLO_wORLD's blocking method since it was first available.
I'm using it with the default firehol lists to block malware/bad actors.
I've installed the extra util iprange, easy & no issues.
I like the fact it is not over-engineered.

Will try his new named version when available.
 
They work differently and are complementary.

My method (aegis formerly firewall-blocklist) is blocking lists of IP adresses and/or ranges for all inward and outward traffic. Useful to be protected from known dangerous servers or adresses, block IP ranges from specific countries etc... Default sources I included are blocking more than half a billion IP adresses. It can be used to block ads by blocking IP adresses of known ad servers, but I think an ad blocker is more efficient at that.

@kamoj method blocks at the dns level (so domains) and uses dns lists (not ip lists). Lists are smaller. It is more logical for ad blocking as they are often dns based.

I personally use aegis on the router and an adblocker (on my Synology, a bind dns RPZ based script with a sinkhole (redirecting all web requests of known ad servers to a local nginx server serving blank page and image).

So the answer is: it depends on your needs and both can be used at the same time ;)
 
I've been using HELLO_wORLD's blocking method since it was first available.
I'm using it with the default firehol lists to block malware/bad actors.
I've installed the extra util iprange, easy & no issues.
I like the fact it is not over-engineered.

Will try his new named version when available.
aegis is available :)
 
Ah so yours is an IP blocking system, and kamoj blocks via dns lists or Manually added ip addresses. (Similar to openwrt adblock and banip)

I like the way yours survives a reboot, having to tinker with the router every reboot does get on my nerves.
 
Ah so yours is an IP blocking system, and kamoj blocks via dns lists or Manually added ip addresses. (Similar to openwrt adblock and banip)

I like the way yours survives a reboot, having to tinker with the router every reboot does get on my nerves.

And if installed on external drive it also survives firmware flash/update as well ;)
 
I'm using Aegis (by HELLO_wORLD) mainly for blocking malware.
And I've managed to get Pihole v5 running (compiled via entware and some hacking) on my R7800 for ad blocking.
I like Pihole, because it also comes with a nice GUI and it has the possibilility to blacklist or whitelist DNS names per device.
 
Yeah pi-hole would be awesome, I liked the reports on adblock as you could see what was and wasn't being blocked...
 
I was considering using blacklists (and whitelists) with DNSCrypt, instead I tried NextDNS which was much easier to implement. I created an account on nextdns.io (free), configured a few block lists and then configured it on the Orbi with Stubby. Setup was pretty easy and required copying and pasting the configuration from the NextDNS site and rebooting Orbi.

One advantage of using NextDNS without adblocking is that I can still block trackers and also trackers that mask themselves. the custom lists on NextDNS are a nice feature and requires 0 changes and maintenance on the router.
 
I was considering using blacklists (and whitelists) with DNSCrypt, instead I tried NextDNS which was much easier to implement. I created an account on nextdns.io (free), configured a few block lists and then configured it on the Orbi with Stubby. Setup was pretty easy and required copying and pasting the configuration from the NextDNS site and rebooting Orbi.

One advantage of using NextDNS without adblocking is that I can still block trackers and also trackers that mask themselves. the custom lists on NextDNS are a nice feature and requires 0 changes and maintenance on the router.

I like NextDNS but my network is more responsive running Skynet and Unbound. For me, responsiveness is more important than blocking ads.
 
I was considering using blacklists (and whitelists) with DNSCrypt, instead I tried NextDNS which was much easier to implement. I created an account on nextdns.io (free), configured a few block lists and then configured it on the Orbi with Stubby. Setup was pretty easy and required copying and pasting the configuration from the NextDNS site and rebooting Orbi.

One advantage of using NextDNS without adblocking is that I can still block trackers and also trackers that mask themselves. the custom lists on NextDNS are a nice feature and requires 0 changes and maintenance on the router.
I looked at NextDNS but it's not free anymore, you get a certain amount of free traffic then it stops working until the next day unless you pay. I also see it's moving to a completely pay only service soon.
 
Last edited:
Yes, Skynet is an add on script that provides blocking of malicious IP addresses and Unbound a recursive DNS server. I am actually a paid subscriber to NextDNS Pro. The annual fee is only $19.90 which is very reasonable to me. I was running their client installed on my router and it worked very well. I would highly recommend them to anyone looking for such a solution. I used OpenDNS for several years before they got acquired by Cisco. Their router based setup is somewhat lacking and their user interface is not user friendly nor as intuitive as NextDNS. I also was a paid subscriber to their premium plan for two years but finally got tired of the aforementioned issues. It was a much simpler service before Cisco purchased them.
 
I'm using Aegis (by HELLO_wORLD) mainly for blocking malware.
And I've managed to get Pihole v5 running (compiled via entware and some hacking) on my R7800 for ad blocking.
I like Pihole, because it also comes with a nice GUI and it has the possibilility to blacklist or whitelist DNS names per device.
I assume you run Debian via entware with pi-hole installed on it? Does it survive router reboots and firmware upgrades? Can't find much about it on the internet, did you use a guide or did you just do it all yourself.
 
No, I tried that at first, but couldn't get it running.
I compiled dnsmasq-FTL from souce on the router itself (via gcc from entware).
(did need to patch the source in some locations to get it to compile).

Webinterface uses nginx + php-fcgi + a lot of php-modules also from entware (except one that was missing in Voxels entware repo, so I compiled that one myself aswell)
(first used lighttpd, but that had a lot of issues with php not responding).

To fix all the wrong paths to point to the entware locations, I used a lot of symlinks.
(in dnsmasq-FTL, I did patch them. But fixing it also in all the other scripts, is way too much work)

And then here and there, when something wasn't working, I fixed the issue.

It does survive reboots and firmware upgrades; the entware start-script recreates all required symlinks and modifications. And all the entware stuff is never touched by a firmware update.
But when entware receives an update, then the dnsmasq-FTL binary might require a rebuild.

And automatic update of Pihole also doesn't work.
(I did recently update from Pihole v5 beta to Pihole v5, and now again some functions in webgui are broken, because it overwrote my fixes. (and I didn't document them all yet.)
 
The thing I like about Aegis is I dont get any dns leaks as I do with adguard, stubby and dnscrypt.
Although It would be nice to have a gui with it.
 
Maybe a completely different approach, but i'm using a Raspberry PI with Pi-hole as DHCP server and adblocker. In Pi-hole i'm using #1 blocklist by sjhgvr, which is a very complete adblocking list. Also my VPN server is running on the same RPI, which means also adblocking when i'm not home.

Perhaps something to think about.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top