This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
advanced-adblock [2023/08/05 17:20] – [Domain Blacklist URLs & Group-of-Lists] hogwild | advanced-adblock [2024/09/15 01:40] (current) – [Troubleshooting v2] -Condense hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Adblock ====== | + | ====== Adblock |
- | This menu contains settings to configure FreshTomato' | + | This menu contains settings to configure FreshTomato' |
+ | |||
+ | You are strongly advised | ||
+ | |||
+ | In documentation, | ||
- | In this documentation, | ||
===== v1 and v2 ===== | ===== v1 and v2 ===== | ||
Line 16: | Line 19: | ||
| ARM | [[advanced-adblock# | | ARM | [[advanced-adblock# | ||
- | \\ Adblock v1 functionality is a reduced version of ad-blocking scripts taken from code outside FreshTomato. | + | \\ Adblock v1 functionality is a reduced version of ad-blocking scripts taken from code outside FreshTomato. |
Adblock v2 uses advanced methods to block ads. It should be the preferred choice whenever possible. | Adblock v2 uses advanced methods to block ads. It should be the preferred choice whenever possible. | ||
Line 23: | Line 26: | ||
===== How Adblock Works ===== | ===== How Adblock Works ===== | ||
- | FreshTomato' | + | Adblock works through DNS cache poisoning, as follows: |
+ | |||
+ | \\ | ||
+ | |||
+ | - A client makes a DNS request to resolve a (sub)domain | ||
+ | - Dnsmasq searches both its caches for a match of the requested (sub)domain. \\ One cache is for positive lookups, and one cache is for failed lookups. (( | ||
+ | You can adjust settings for both these caches in the //dnsmasq custom configuration// | ||
+ | )) \\ If an entry in either cache is found, the script proceeds to step 5. | ||
+ | - Dnsmasq searches its configuration files for a corresponding entry. \\ For adblock, that's the dnsmasq.adblock file that holds the (sub)domains to block. \\ If found, the entry is processed. In the case of adblock, the action is: \\ resolve the domain to " | ||
+ | - Dnsmasq queries an upstream DNS server for the (sub)domain, | ||
+ | - The end result of the above steps is sent to the cache and returned \\ to the requesting client. | ||
+ | |||
+ | \\ | ||
+ | |||
+ | Given a list of sources, the original script simply blocks ads. However, there are other reasons for your network to avoid communicating with certain servers. This function was therefore appended with "DNS Filtering" | ||
- | * dnsmasq resolves the domain' | ||
- | * The adblock script then replaces that address with an address of 0.0.0.0 . | ||
- | * The 0.0.0.0 address is sent to the client requesting DNS resolution. | ||
- | * Since 0.0.0.0. is an NXDOMAIN (invalid/ | ||
- | Given a list of sources, the original script simply blocks ads. However, there are other reasons for your network to avoid communicating with certain servers. This function was therefore renamed "DNS Filtering" | ||
===== Adblock Settings ===== | ===== Adblock Settings ===== | ||
Line 41: | Line 53: | ||
**Debug mode (v1)** | **Debug mode (v1)** | ||
- | Checking this box enables debug mode for dnsmasq in the log. This tells FreshTomato | + | Checking this enables debug mode for dnsmasq in the log. This tells FreshTomato |
+ | |||
+ | For more on testing, see the Notes and Troubleshooting section of this page. | ||
\\ | \\ | ||
- | {{::adblock-v2-settings.jpg?580x199}} | + | {{::advanced-adblock-dns_filtering_settings.png?464}} |
\\ | \\ | ||
Line 51: | Line 65: | ||
**Max Log Level (v2)**: | **Max Log Level (v2)**: | ||
- | Thew new v2 interface lets you set the maximum log level output the script will generate. | + | The newer v2 interface lets you set the maximum log level output the script will generate. |
- | + | ||
- | Supported levels | + | |
* 0: The script will log only basic messages like start and stop. | * 0: The script will log only basic messages like start and stop. | ||
- | * 3 | + | * 3 |
* 4 | * 4 | ||
* 5 | * 5 | ||
* 6 | * 6 | ||
- | * 7 (Debug level) writes very detailed log information. This is helpful | + | * 7 (Debug level) writes very detailed log information. This is helpful |
+ | |||
+ | \\ | ||
- | The higher the setting, the more detailed | + | The higher the setting |
\\ | \\ | ||
Line 70: | Line 84: | ||
\\ | \\ | ||
- | A good way to view the logs is to go to the [[status-log|Logs]] menu and enter 'adblock' | + | \\ |
+ | |||
+ | A good way to view Adblock log entries | ||
+ | |||
+ | When set to level 7, Adblock writes | ||
| | ||
Line 76: | Line 94: | ||
**Blockfile size limit (v2 only)**: | **Blockfile size limit (v2 only)**: | ||
- | Adblock v1 may crash FreshTomato if it loads lists whose combined information exceeds your router' | + | Adblock v1 may crash FreshTomato if it loads lists whose combined information exceeds your router' |
\\ | \\ | ||
Line 84: | Line 102: | ||
\\ | \\ | ||
- | This limit is calculated as 10% of physical RAM (when external storage is set). When no external storage is found, the limit is calculated as 6.5% of RAM. The limit can be also manually configured. However, if your device becomes unstable, | + | When external storage is used, the limit is calculated as 10% of physical RAM. When no external storage is found, the limit is calculated as 6.5% of RAM. The limit can be also manually configured. However, if your device becomes unstable, |
- | To be clear, this is a limit, not a target. There' | + | This is a limit, not a target. There' |
\\ | \\ | ||
Line 92: | Line 110: | ||
**Custom Path (v2):** | **Custom Path (v2):** | ||
- | An important v2 feature is the ability | + | An important v2 feature is the option |
- | + | ||
- | \\ {{adblock-v2-custom_path.jpg? | + | |
\\ | \\ | ||
- | This is very useful when the script is re-run (manually or automatically) and there are no updated lists or configuration changes. The check for configuration changes involves controlling any modification to nvram variables since the last script run. | + | {{:: |
- | When a custom path is defined, | + | This is helpful when the script is rerun (manually or automatically) and there are no updated lists or configuration changes. The check for configuration changes involves controlling any modification to NVRAM variables since the last script run. |
+ | |||
+ | When a custom path is defined, | ||
- Download all http headers from only the enabled lists | - Download all http headers from only the enabled lists | ||
- Compare those headers with the ones stored locally | - Compare those headers with the ones stored locally | ||
- Decide whether to re-process the blocklists or not. | - Decide whether to re-process the blocklists or not. | ||
+ | |||
+ | \\ | ||
This runs as follows: | This runs as follows: | ||
- | * If the configuration | + | * If the configuration |
* No updated lists are available | * No updated lists are available | ||
* Skip the re-processing and return to idle. | * Skip the re-processing and return to idle. | ||
+ | |||
+ | \\ | ||
This saves time and resources. | This saves time and resources. | ||
- | Here, configuration means any externally-mapped files where // | + | Here, "configuration" |
\\ | \\ | ||
Line 121: | Line 143: | ||
==== Domain Blacklist URLs & Group-of-Lists ==== | ==== Domain Blacklist URLs & Group-of-Lists ==== | ||
- | This table contains a list of the blacklists FreshTomato can download and use to block ads. | + | This table contains a list of blacklists FreshTomato can download and use to block ads. |
- | **On: | + | **On: |
**Blacklist URL: | **Blacklist URL: | ||
- | **NOTE: | + | \\ |
+ | |||
+ | Since release 2023.4, default | ||
\\ | \\ | ||
- | {{:: | + | {{::advanced-adblock-domain_blacklist_urls.png?991}} |
\\ | \\ | ||
Line 146: | Line 170: | ||
* Reset FreshTomato to default settings | * Reset FreshTomato to default settings | ||
- | **Add: | + | \\ |
+ | |||
+ | **Add: | ||
You can also add a comment in the Description field. | You can also add a comment in the Description field. | ||
Line 155: | Line 181: | ||
==== Compatible data formats ==== | ==== Compatible data formats ==== | ||
- | Target lists to be downloaded must be in plain text format. As above, v2 can extract domains from lists in a variety of formats. Essentially, | + | Target lists to be downloaded must be in plain text. V2 can extract domains from lists in a variety of formats. Essentially, |
+ | |||
+ | - Lines from the source file are parsed | ||
+ | - Comments | ||
+ | - The domains are extracted. | ||
+ | - This is true regardless of where (in which column) those domains are in the list. | ||
+ | |||
+ | \\ | ||
**Group-of-lists** | **Group-of-lists** | ||
- | Currently, v2 also accepts a new list format called " | + | Currently, v2 also accepts a new list format called " |
\\ | \\ | ||
Line 178: | Line 211: | ||
</ | </ | ||
- | | + | |
- | Adblock automatically handles EOL (End of Line) characters in files, when necessary. It converts | + | When needed, |
- | Group-of-lists are visible in the log file. For example, | + | Group-of-lists are visible in the log. For example, |
==== Domain blacklist custom ==== | ==== Domain blacklist custom ==== | ||
- | {{: | + | {{: |
\\ | \\ | ||
Line 193: | Line 226: | ||
=== Domain Syntax === | === Domain Syntax === | ||
- | Several syntaxes are valid for this list: | + | The syntax |
- | | + | |
- | | + | |
- | | + | |
- | When adding custom entries: | + | \\ \\ This table summarizes the Domain blacklist syntax: |
- | If you blacklist: " | + | ^ Adding custom entry ^ Will blacklist |
+ | | " | ||
+ | | " | ||
+ | | preceding "#" | ||
+ | | | ||
- | "sub1.sub.domain.com" | + | \\ You can also specify a path to a file of domains (one domain per line). For example: |
- | " | + | \\ |
- | and all other subdomains will be blacklisted. | + | **Sort a-z ↓** **:** Sorts the contents of this field alphabetically. This was introduced in release 2024.1.\\ |
- | However, this may not be what you want. | + | \\ |
- | To prevent subdomains of an entry from being filtered, prepend a " | ||
- | For example, if you enter " | + | ==== Domain whitelist ==== |
- | Prepending a " | + | {{: |
- | + | ||
- | Any line starting with a "#" | + | |
- | + | ||
- | **Sort a-z ↓** **:** Clicking this button sorts the contents of this field alphabetically. \\ | + | |
\\ | \\ | ||
+ | === Domain whitelist syntax === | ||
- | ==== Domain whitelist | + | The Domain whitelist |
- | {{: | + | * Standard domains (one entry per line). |
+ | * Prepending a " | ||
+ | * Prepending a "#" | ||
\\ | \\ | ||
- | Domain whitelist | + | This table summarizes the Domain whitelist |
- | * Standard domains (one entry per line) | + | ^ Adding custom |
- | * A path to a file of domains. For example: | + | | "sub.domain.com" |
- | * A domain prepended with a "%" sign will indicate a " | + | | "%sub.domain.com" |
- | * Blacklisting all subdomains may not be your goal. Whitelisting | + | | "#" |
+ | | | ||
- | Any line starting with a “#” or “!” character is considered commented and ignored. | + | \\ |
- | **Sort | + | You can also specify |
- | \\ | + | \\ **Sort a-z ↓** : Clicking this button sorts the field contents alphabetically. |
+ | |||
+ | \\ | ||
=== Maintaining the Domain whitelist === | === Maintaining the Domain whitelist === | ||
- | A good way to maintain the whitelist is to share it on your LAN, and educate | + | One way to maintain the whitelist is to share it on your LAN, and teach users nslookup verification and whitelist additions. |
Such a process could be automated as follows: | Such a process could be automated as follows: | ||
Line 254: | Line 292: | ||
- How to use nslookup on a URL to verify DNS lookups are being poisoned | - How to use nslookup on a URL to verify DNS lookups are being poisoned | ||
- Where to find the whitelist (via its samba share) and; | - Where to find the whitelist (via its samba share) and; | ||
- | - After the whitelist has been edited, to configure settings in [[admin-buttons|Buttons/ | + | - After the whitelist has been edited, to configure settings in [[admin-buttons|Buttons/ |
| | ||
Line 261: | Line 299: | ||
==== Enforcing Client Compliance ==== | ==== Enforcing Client Compliance ==== | ||
- | For Adblock to work properly, client devices **must be configured** | + | For Adblock to work properly, client devices **must be configured** |
- | For the latter, | + | For the latter, enable DHCP. Then, enable the DNS server, |
- | These steps are mandatory. Clients that bypass FreshTomato' | + | These steps are mandatory. Clients that bypass FreshTomato' |
- | Three optional settings | + | \\ |
+ | |||
+ | Three optional settings | ||
- Enable //Intercept DNS port// in the [[advanced-dhcpdns|DHCP/ | - Enable //Intercept DNS port// in the [[advanced-dhcpdns|DHCP/ | ||
- | - Enable //Prevent Client auto DoH// in the [[advanced-dhcpdns|DHCP/ | + | - Enable //Prevent Client auto DoH// in [[advanced-dhcpdns|DHCP/ |
- | - Enable the "DoH Server" | + | - Enable the "DoH Server" |
- | Adblock v1 functionality is a reduced version of ad-blocking | + | V1 functionality is a reduced version of scripts from code outside FreshTomato. |
- | Adblock/DNS Filtering affects name resolution only. If an application communicates directly via IP address, Adblock cannot prevent that. | + | Adblock v2 uses advanced methods to block ads. It should be the preferred choice whenever possible. |
+ | |||
+ | Adblock/DNS Filtering | ||
- | Thorough management of domain blocking can be tedious | + | Thorough management of domain blocking can be tedious. For example, with email spam, you'll probably have to deal with false positives. |
- | Regardless of version, the script is always named " | + | Regardless of version, the script is always named " |
\\ | \\ | ||
Line 286: | Line 328: | ||
===== Adblock v2 ===== | ===== Adblock v2 ===== | ||
- | Adblock v2 improves on the original (v1) script. | + | Adblock v2 improves on the v1 script. |
\\ \\ \\ {{: | \\ \\ \\ {{: | ||
Line 293: | Line 335: | ||
==== v2 Improvements ==== | ==== v2 Improvements ==== | ||
- | * Adblock v2 performs | + | * Performs |
- | * Allows | + | * Lets you to run certain script functions |
- | * Can accept | + | * Accepts |
- | * Prevents | + | * This includes Easylist format. |
- | * Supports | + | * Can prevent |
- | * Supports external storage. | + | * Supports |
- | * Prevents false positives via a new, hard-coded 30-minute interval between runs. This is enabled | + | * Supports external storage. |
- | * Includes more troubleshooting options. Debug logging and script tracing can be enabled to look deep into the \\ lowest operational level of the script. | + | * Prevents false positives via a hard-coded 30-minute interval between runs. \\ This enables |
- | * Can be operated | + | * Includes more troubleshooting options. |
+ | * Debug logging and script tracing can look \\ deep into the lowest operational level of the script. | ||
+ | * Can be operated | ||
\\ | \\ | ||
- | To get help with adblock at the command line, type '' | + | \\ |
+ | |||
+ | To get help with adblock at a command line, type '' | ||
\\ | \\ | ||
Line 313: | Line 359: | ||
\\ | \\ | ||
- | \\ {{: | + | \\ {{: |
- | | + | \\ {{: |
+ | |||
+ | \\ \\ \\ | ||
+ | |||
+ | To open the last trace file automatically, | ||
- | \\ \\ To open the last trace file automatically, | + | You'll be prompted to select the viewer in which to view trace files. |
- | \\ {{: | + | \\ {{: |
\\ | \\ | ||
Line 332: | Line 382: | ||
\\ | \\ | ||
- | | {{ : | + | | {{ : |
- | | ::: | **Unload: | + | | ::: | **Unload: |
- | | ::: | **Update: | + | | ::: | **Update: |
| ::: | **Reset-limit: | | ::: | **Reset-limit: | ||
- | | ::: | **Clear all files: | + | | ::: | **Clear all files: |
- | | ::: | **Snapshot: | + | | ::: | **Snapshot: |
- | | ::: | **Enable Only: | + | | ::: | **Enable Only: |
- | | ::: | **Disable Only: | + | | ::: | **Disable Only:** lets you disable adblock ('' |
\\ | \\ | ||
Line 345: | Line 395: | ||
\\ | \\ | ||
- | Refresh: | + | Refresh: |
- | ===== Quick-run (v2) and Full-run Operations ===== | + | ===== Swift-run (v2) and Full-run |
\\ | \\ | ||
Line 356: | Line 406: | ||
\\ | \\ | ||
- | Modifications to the adblock script configuration | + | Modifications to the adblock script configuration |
- List (enable/ | - List (enable/ | ||
Line 370: | Line 420: | ||
\\ | \\ | ||
- | Only two operations from the above list can be run in Quick-run mode, as they don't require full processing: | + | The only two operations from the above list that can be run in Swift-run mode are: |
- | * No. (4) Addition of simple custom blacklist | + | * No. 4 - Addition of simple custom blacklist |
- | * No. (5) Addition of simple whitelisted | + | * No. 5 - Addition of simple whitelisted |
- | \\ | + | |
- | Operations (4) and (5) are the most common | + | These operations |
- | Please note that "quick" is a temporary action | + | Please note that "swift" is a temporary action |
===== Command line operations (v2) ===== | ===== Command line operations (v2) ===== | ||
- | | + | |
+ | |||
+ | {{: | ||
\\ | \\ | ||
Line 390: | Line 442: | ||
\\ | \\ | ||
- | As seen above in the " | + | The table below summarizes all command switches (v2 only): |
- | | + | ^ Command |
+ | | Help | " | ||
+ | | Status | ||
+ | | Start | " | ||
+ | | Stop | " | ||
+ | | Update | ||
+ | | Upgrade | ||
+ | | Test | " | ||
+ | | Reset | " | ||
+ | | Clear | " | ||
+ | | Trace/ | ||
+ | | Snapshot | " | ||
+ | | Enable | ||
+ | | Disable | ||
- | '' | + | |
- | + | ||
- | \\ Status | + | |
- | + | ||
- | '' | + | |
- | + | ||
- | \\ Start | + | |
- | + | ||
- | '' | + | |
- | + | ||
- | \\ Stop | + | |
- | + | ||
- | '' | + | |
- | + | ||
- | \\ Update | + | |
- | + | ||
- | '' | + | |
- | + | ||
- | \\ Upgrade | + | |
- | + | ||
- | '' | + | |
- | + | ||
- | Since it is stored in RAM, it will be lost after a reboot. Therefore, an extra parameter is supported: | + | |
- | + | ||
- | \\ Test | + | |
- | + | ||
- | '' | + | |
- | + | ||
- | \\ Reset | + | |
- | + | ||
- | '' | + | |
- | + | ||
- | \\ Clear/ | + | |
- | + | ||
- | '' | + | |
- | + | ||
- | \\ Trace/ | + | |
- | + | ||
- | '' | + | |
- | + | ||
- | \\ Snapshot | + | |
- | + | ||
- | '' | + | |
- | + | ||
- | \\ Enable | + | |
- | + | ||
- | '' | + | |
- | + | ||
- | \\ Disable | + | |
- | + | ||
- | '' | + | |
- | + | ||
- | \\ | + | |
- | + | ||
- | \\ | + | |
==== Adblock test command (v2) ==== | ==== Adblock test command (v2) ==== | ||
- | \\ | + | |
- | {{:pasted: | + | Typing: |
- | To simplify and speed up testing of broken resolution or other DNS issues, use the " | + | {{: |
Specifically: | Specifically: | ||
- | * dnsmasq | + | * Dnsmasq |
- | * Cloudflare answer - This query bypasses the usual dnsmasq process and sends a query to address 1.1.1.1 . \\ This can help you to verify if a domain exists. | + | * Cloudflare answer - This query bypasses the usual dnsmasq process |
- | * Blockfile ref - This checks whether there are any references to the tested domain | + | * Blockfile ref - Checks if the blockfile contains |
- | + | ||
- | \\ With these three pieces of information, | + | |
- | + | ||
+ | \\ With these 3 pieces of information, | ||
===== Automatic list updates ===== | ===== Automatic list updates ===== | ||
- | As part of normal | + | Normally, |
\\ | \\ | ||
- | To verify the current scheduled update time: | + | To verify the current scheduled update time, type: |
'' | '' | ||
Line 487: | Line 495: | ||
This picture illustrates the syntax of crontable expressions: | This picture illustrates the syntax of crontable expressions: | ||
- | \\ | + | \\ {{:: |
- | + | ||
- | {{:: | + | |
\\ | \\ | ||
Line 500: | Line 506: | ||
===== Future development goals ===== | ===== Future development goals ===== | ||
- | * Add an option to let FreshTomato users share their Whitelists. \\ This would allow the creation of a shared database of " | + | * Add an option to let FreshTomato users share their Whitelists. \\ This would allow creation of a shared database of " |
- | * Add a test function to the web interface (currently only command line) | + | * Add a test function to the web interface (currently only command line). |
\\ | \\ | ||
Line 560: | Line 566: | ||
| | ||
- | \\ \\ To open the last trace file automatically, | + | \\ \\ To open the last trace file automatically, |
- | \\ {{: | + | \\ {{: |
\\ | \\ | ||
Line 570: | Line 576: | ||
**Apple iOS devices (paid iCloud service only)** | **Apple iOS devices (paid iCloud service only)** | ||
- | Apple IOS devices have settings that may interfere with adblock | + | Apple IOS devices have settings that may interfere with Adblock |
+ | |||
+ | \\ {{: | ||
\\ | \\ | ||
- | |||
- | {{: | ||
\\ {{: | \\ {{: | ||
\\ | \\ | ||
- | |||
- | Alternatively, | ||
\\ | \\ | ||
+ | |||
+ | Alternatively, | ||
{{: | {{: | ||
- | You might connect your mobile/ | + | You might connect your mobile/ |
- | Remember, these options are only available | + | Remember, these options are only available |