diff --git a/dns/dnscrypt-proxy/Makefile b/dns/dnscrypt-proxy/Makefile index e7a60c446..ab1b5b906 100644 --- a/dns/dnscrypt-proxy/Makefile +++ b/dns/dnscrypt-proxy/Makefile @@ -1,5 +1,5 @@ PLUGIN_NAME= dnscrypt-proxy -PLUGIN_VERSION= 1.2 +PLUGIN_VERSION= 1.3 PLUGIN_COMMENT= Flexible DNS proxy supporting DNSCrypt and DoH PLUGIN_DEPENDS= dnscrypt-proxy2 PLUGIN_MAINTAINER= m.muenz@gmail.com diff --git a/dns/dnscrypt-proxy/pkg-descr b/dns/dnscrypt-proxy/pkg-descr index 0ecd2919a..b28bb8ba1 100644 --- a/dns/dnscrypt-proxy/pkg-descr +++ b/dns/dnscrypt-proxy/pkg-descr @@ -5,6 +5,10 @@ such as DNSCrypt v2 and DNS-over-HTTPS. Plugin Changelog ================ +1.3 + +* Add DNS blacklisting + 1.2 * Add logging to menu @@ -15,7 +19,10 @@ Plugin Changelog 1.0 -* Initial release +* Automatic selection of fastest DNS servers +* Allow to set cloaks/overrides +* Allow to set forwarders +* Allow to set whitelists WWW: https://github.com/jedisct1/dnscrypt-proxy diff --git a/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/Api/DnsblController.php b/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/Api/DnsblController.php new file mode 100644 index 000000000..9dd9a3bf1 --- /dev/null +++ b/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/Api/DnsblController.php @@ -0,0 +1,39 @@ + + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + */ + +namespace OPNsense\Dnscryptproxy\Api; + +use OPNsense\Base\ApiMutableModelControllerBase; + +class DnsblController extends ApiMutableModelControllerBase +{ + protected static $internalModelClass = '\OPNsense\Dnscryptproxy\Dnsbl'; + protected static $internalModelName = 'dnsbl'; +} diff --git a/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/Api/ServiceController.php b/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/Api/ServiceController.php index cfe173578..8a00c2b4a 100644 --- a/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/Api/ServiceController.php +++ b/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/Api/ServiceController.php @@ -33,6 +33,7 @@ namespace OPNsense\Dnscryptproxy\Api; use OPNsense\Base\ApiMutableServiceControllerBase; use OPNsense\Core\Backend; use OPNsense\Dnscryptproxy\General; +use OPNsense\Dnscryptproxy\Dnsbl; /** * Class ServiceController @@ -44,4 +45,13 @@ class ServiceController extends ApiMutableServiceControllerBase protected static $internalServiceTemplate = 'OPNsense/Dnscryptproxy'; protected static $internalServiceEnabled = 'enabled'; protected static $internalServiceName = 'dnscryptproxy'; + + public function dnsblAction() + { + $this->sessionClose(); + $mdl = new Dnsbl(); + $backend = new Backend(); + $response = $backend->configdpRun('dnscryptproxy dnsbl', array((string)$mdl->type)); + return array("response" => $response); + } } diff --git a/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/GeneralController.php b/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/GeneralController.php index 79a9d021e..cd033b802 100644 --- a/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/GeneralController.php +++ b/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/GeneralController.php @@ -37,6 +37,7 @@ class GeneralController extends \OPNsense\Base\IndexController $this->view->formDialogEditDnscryptproxyCloak = $this->getForm("dialogEditDnscryptproxyCloak"); $this->view->formDialogEditDnscryptproxyWhitelist = $this->getForm("dialogEditDnscryptproxyWhitelist"); $this->view->formDialogEditDnscryptproxyServer = $this->getForm("dialogEditDnscryptproxyServer"); + $this->view->dnsblForm = $this->getForm("dnsbl"); $this->view->pick('OPNsense/Dnscryptproxy/general'); } } diff --git a/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/dnsbl.xml b/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/dnsbl.xml new file mode 100644 index 000000000..a729272b8 --- /dev/null +++ b/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/dnsbl.xml @@ -0,0 +1,14 @@ +
+ + dnsbl.enabled + + checkbox + This will enable the use of DNS Blocklists for ADs, Malware, or both. + + + dnsbl.type + + select_multiple + Select which kind of DNSBL you want to use. + +
diff --git a/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/Dnsbl.php b/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/Dnsbl.php new file mode 100644 index 000000000..cf75336d1 --- /dev/null +++ b/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/Dnsbl.php @@ -0,0 +1,35 @@ + + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +namespace OPNsense\Dnscryptproxy; + +use OPNsense\Base\BaseModel; + +class Dnsbl extends BaseModel +{ +} diff --git a/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/Dnsbl.xml b/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/Dnsbl.xml new file mode 100644 index 000000000..93fd42130 --- /dev/null +++ b/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/Dnsbl.xml @@ -0,0 +1,34 @@ + + //OPNsense/dnscryptproxy/dnsbl + DNSBL configuration + 1.0.0 + + + 0 + Y + + + N + Y + + AdAway List + AdGuard List + Cameleon List + Easy List + EMD Malicious Domains List + Easyprivacy List + Hbbtv List + Malwaredomain List + NoCoin List + PornTop1M List + Ransomware Tracker List + Simple Ad List + Simple Tracker List + Steven Black List + Windows Spyware Blocker + YoYo List + ZeusTracker Abuse.ch List + + + + diff --git a/dns/dnscrypt-proxy/src/opnsense/mvc/app/views/OPNsense/Dnscryptproxy/general.volt b/dns/dnscrypt-proxy/src/opnsense/mvc/app/views/OPNsense/Dnscryptproxy/general.volt index 8cd4ac2fb..7c9f06cf4 100644 --- a/dns/dnscrypt-proxy/src/opnsense/mvc/app/views/OPNsense/Dnscryptproxy/general.volt +++ b/dns/dnscrypt-proxy/src/opnsense/mvc/app/views/OPNsense/Dnscryptproxy/general.volt @@ -34,6 +34,7 @@ POSSIBILITY OF SUCH DAMAGE.
  • {{ lang._('Overrides') }}
  • {{ lang._('Whitelists') }}
  • {{ lang._('Servers') }}
    • +
  • {{ lang._('DNSBL') }}
    • @@ -157,6 +158,15 @@ POSSIBILITY OF SUCH DAMAGE.

    +
    +
    + {{ partial("layout_partials/base_form",['fields':dnsblForm,'id':'frm_dnsbl_settings'])}} +
    +
    + +
    +
    +
    {{ partial("layout_partials/base_dialog",['fields':formDialogEditDnscryptproxyForward,'id':'dialogEditDnscryptproxyForward','label':lang._('Edit Forwarders')])}} @@ -173,7 +183,11 @@ $( document ).ready(function() { $('.selectpicker').selectpicker('refresh'); }); - updateServiceControlUI('dnscryptproxy'); + var data_get_map2 = {'frm_dnsbl_settings':"/api/dnscryptproxy/dnsbl/get"}; + mapDataToFormUI(data_get_map2).done(function(data){ + formatTokenizersUI(); + $('.selectpicker').selectpicker('refresh'); + }); $("#grid-forwards").UIBootgrid( { 'search':'/api/dnscryptproxy/forward/searchForward', @@ -265,5 +279,17 @@ $( document ).ready(function() { }); }); + $("#saveAct_dnsbl").click(function(){ + saveFormToEndpoint(url="/api/dnscryptproxy/dnsbl/set", formid='frm_dnsbl_settings',callback_ok=function(){ + $("#saveAct_dnsbl_progress").addClass("fa fa-spinner fa-pulse"); + ajaxCall(url="/api/dnscryptproxy/service/dnsbl", sendData={}, callback=function(data,status) { + ajaxCall(url="/api/dnscryptproxy/service/reconfigure", sendData={}, callback=function(data,status) { + updateServiceControlUI('dnscryptproxy'); + $("#saveAct_dnsbl_progress").removeClass("fa fa-spinner fa-pulse"); + }); + }); + }); + }); + }); diff --git a/dns/dnscrypt-proxy/src/opnsense/scripts/OPNsense/Dnscryptproxy/dnsbl.sh b/dns/dnscrypt-proxy/src/opnsense/scripts/OPNsense/Dnscryptproxy/dnsbl.sh new file mode 100644 index 000000000..8f9c136de --- /dev/null +++ b/dns/dnscrypt-proxy/src/opnsense/scripts/OPNsense/Dnscryptproxy/dnsbl.sh @@ -0,0 +1,241 @@ +#!/bin/sh + +# Copyright (c) 2018 Michael Muenz +# Copyright (c) 2018 Franco Fichtner +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +FETCH="/usr/bin/fetch -qT 5" + +DESTDIR="/usr/local/etc/dnscrypt-proxy" +WORKDIRPREFIX="/tmp/dnscryptproxydnsbl." +WORKDIR="${WORKDIRPREFIX}${$}" + +rm -rf ${WORKDIRPREFIX}* +mkdir -p ${WORKDIR} + +easylist() { + # EasyList + ${FETCH} https://justdomains.github.io/blocklists/lists/easylist-justdomains.txt -o ${WORKDIR}/easylist-raw + sed "/\.$/d" ${WORKDIR}/easylist-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/easylist + rm ${WORKDIR}/easylist-raw +} + +easyprivacy() { + # EasyPrivacy + ${FETCH} https://justdomains.github.io/blocklists/lists/easyprivacy-justdomains.txt -o ${WORKDIR}/easyprivacy-raw + sed "/\.$/d" ${WORKDIR}/easyprivacy-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/easyprivacy + rm ${WORKDIR}/easyprivacy-raw +} + +pornall() { + # PornAll + ${FETCH} https://raw.githubusercontent.com/chadmayfield/my-pihole-blocklists/master/lists/pi_blocklist_porn_all.list -o ${WORKDIR}/pornall-raw + sed "/\.$/d" ${WORKDIR}/pornall-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/pornall + rm ${WORKDIR}/pornall-raw +} + +porntop() { + # PornTop1M + ${FETCH} https://raw.githubusercontent.com/chadmayfield/pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list -o ${WORKDIR}/porntop-raw + sed "/\.$/d" ${WORKDIR}/porntop-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/porntop + rm ${WORKDIR}/porntop-raw +} + +emdlist() { + # EMD + ${FETCH} https://hosts-file.net/emd.txt -o ${WORKDIR}/emdlist-raw + sed "/\.$/d" ${WORKDIR}/emdlist-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/emdlist + rm ${WORKDIR}/emdlist-raw +} + +adguard() { + # AdGuard + ${FETCH} https://justdomains.github.io/blocklists/lists/adguarddns-justdomains.txt -o ${WORKDIR}/adguard-raw + sed "/\.$/d" ${WORKDIR}/adguard-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/adguard + rm ${WORKDIR}/adguard-raw +} + +nocoin() { + # NoCoin + ${FETCH} https://justdomains.github.io/blocklists/lists/nocoin-justdomains.txt -o ${WORKDIR}/nocoin-raw + sed "/\.$/d" ${WORKDIR}/nocoin-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/nocoin + rm ${WORKDIR}/nocoin-raw +} + +rwtracker() { + # RansomWare Tracker abuse.ch + ${FETCH} https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt -o ${WORKDIR}/rwtracker-raw + sed "/\.$/d" ${WORKDIR}/rwtracker-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/rwtracker + rm ${WORKDIR}/rwtracker-raw +} + +mwdomains() { + # MalwareDomains + ${FETCH} http://malwaredomains.lehigh.edu/files/justdomains -o ${WORKDIR}/malwaredomains-raw + sed "/\.$/d" ${WORKDIR}/malwaredomains-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/malwaredomains + rm ${WORKDIR}/malwaredomains-raw +} + +windowsspyblocker() { + # WindowsSpyBlocker + ${FETCH} https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt -o ${WORKDIR}/windowsspyblocker-raw + sed "/\.$/d" ${WORKDIR}/windowsspyblocker-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/windowsspyblocker + rm ${WORKDIR}/windowsspyblocker-raw +} + +cameleon() { + # Cameleon List + ${FETCH} http://sysctl.org/cameleon/hosts -o ${WORKDIR}/cameleon-raw + sed "/\.$/d" ${WORKDIR}/cameleon-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/cameleon + rm ${WORKDIR}/cameleon-raw +} + +adaway() { + # AdAway List + ${FETCH} https://adaway.org/hosts.txt -o ${WORKDIR}/adaway-raw + sed "/\.$/d" ${WORKDIR}/adaway-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/adaway + rm ${WORKDIR}/adaway-raw +} + +yoyo() { + # YoYo List + ${FETCH} "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext" -o ${WORKDIR}/yoyo-raw + sed "/\.$/d" ${WORKDIR}/yoyo-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/yoyo + rm ${WORKDIR}/yoyo-raw +} + +stevenblack() { + # StevenBlack + ${FETCH} https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts -o ${WORKDIR}/stevenblack-raw + sed "/\.$/d" ${WORKDIR}/stevenblack-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/127\.0\.0\.1/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/stevenblack + rm ${WORKDIR}/stevenblack-raw +} + +hbbtv() { + # HBBTV List + ${FETCH} https://raw.githubusercontent.com/Akamaru/Pi-Hole-Lists/master/hbbtv.txt -o ${WORKDIR}/hbbtv-raw + sed "/\.$/d" ${WORKDIR}/hbbtv-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/hbbtv + rm ${WORKDIR}/hbbtv-raw +} + +simplead() { + # Simple Ad List + ${FETCH} https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt -o ${WORKDIR}/simplead-raw + sed "/\.$/d" ${WORKDIR}/simplead-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/simplead + rm ${WORKDIR}/simplead-raw +} + +simpletrack() { + # Simple Tracking List + ${FETCH} https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt -o ${WORKDIR}/simpletrack-raw + sed "/\.$/d" ${WORKDIR}/simpletrack-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/simpletrack + rm ${WORKDIR}/simpletrack-raw +} + +zeusabuse() { + # Zeus Tracker List from abuse.ch + ${FETCH} https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist -o ${WORKDIR}/zeusabuse-raw + sed "/\.$/d" ${WORKDIR}/zeusabuse-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/zeusabuse + rm ${WORKDIR}/zeusabuse-raw +} + +install() { + # Put all files in correct format + for FILE in $(find ${WORKDIR} -type f); do + awk '{ if (length($1) < 245) print $1 }' ${FILE} | sort -u > ${FILE}.inc + done + # Merge resulting files (/dev/null in case there are none) + cat $(find ${WORKDIR} -type f -name "*.inc") /dev/null | sort -u > ${DESTDIR}/blacklist.txt + chown _dnscrypt-proxy:_dnscrypt-proxy ${DESTDIR}/blacklist.txt + rm -rf ${WORKDIR} +} + +DNSBL=${1} + +if [ -z "${DNSBL}" ]; then + . /etc/rc.conf.d/dnscrypt_proxy + DNSBL=${dnscrypt_proxy_dnsbl} +fi + +for CAT in $(echo ${DNSBL} | tr ',' ' '); do + case "${CAT}" in + aa) + adaway + ;; + ag) + adguard + ;; + ca) + cameleon + ;; + el) + easylist + ;; + ep) + easyprivacy + ;; + emd) + emdlist + ;; + ht) + hbbtv + ;; + nc) + nocoin + ;; + rw) + rwtracker + ;; + mw) + mwdomains + ;; + pa) + #pornall + ;; + pt) + porntop + ;; + sa) + simplead + ;; + sb) + stevenblack + ;; + st) + simpletrack + ;; + ws) + windowsspyblocker + ;; + yy) + yoyo + ;; + za) + zeusabuse + ;; + esac +done + +install diff --git a/dns/dnscrypt-proxy/src/opnsense/service/conf/actions.d/actions_dnscryptproxy.conf b/dns/dnscrypt-proxy/src/opnsense/service/conf/actions.d/actions_dnscryptproxy.conf index d6cf6f255..3eae8eadb 100644 --- a/dns/dnscrypt-proxy/src/opnsense/service/conf/actions.d/actions_dnscryptproxy.conf +++ b/dns/dnscrypt-proxy/src/opnsense/service/conf/actions.d/actions_dnscryptproxy.conf @@ -21,3 +21,16 @@ command:/usr/local/etc/rc.d/dnscrypt-proxy status; exit 0 parameters: type:script_output message:request dnscrypt-proxy status + +[dnsbl] +command:/usr/local/opnsense/scripts/OPNsense/Dnscryptproxy/dnsbl.sh +parameters: %s +type:script +message:fetching DNSBLs + +[dnsblcron] +command:/usr/local/opnsense/scripts/OPNsense/Dnscryptproxy/dnsbl.sh;/usr/local/etc/rc.d/dnscrypt-proxy restart +parameters: +type:script +message:fetching DNSBLs and restart +description: Download DNSCrypt-Proxy DNSBLs and restart diff --git a/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml b/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml index be120de7a..f6627a3a7 100644 --- a/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml +++ b/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml @@ -131,6 +131,13 @@ cache = false log_file = '/var/log/dnscrypt-proxy/whitelisted.log' log_format = 'tsv' +{% if helpers.exists('OPNsense.dnscryptproxy.dnsbl.enabled') and OPNsense.dnscryptproxy.dnsbl.enabled == '1' %} +[blacklist] + blacklist_file = 'blacklist.txt' + log_file = '/var/log/dnscrypt-proxy/blocked.log' + log_format = 'tsv' +{% endif %} + [sources] [sources.'public-resolvers'] urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'] diff --git a/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt_proxy b/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt_proxy index 8b8088749..82b567fa7 100644 --- a/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt_proxy +++ b/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt_proxy @@ -3,6 +3,11 @@ dnscrypt_proxy_enable="YES" {% if helpers.exists('OPNsense.dnscryptproxy.general.allowprivileged') and OPNsense.dnscryptproxy.general.allowprivileged == '1' %} dnscrypt_proxy_suexec="YES" {% endif %} +{% if helpers.exists('OPNsense.dnscryptproxy.dnsbl.enabled') and OPNsense.dnscryptproxy.dnsbl.enabled == '1' %} +{% if helpers.exists('OPNsense.dnscryptproxy.dnsbl.type') and OPNsense.dnscryptproxy.dnsbl.type != '' %} +dnscrypt_proxy_dnsbl="{{ OPNsense.dnscryptproxy.dnsbl.type }}" +{% endif %} +{% endif %} {% else %} dnscrypt_proxy_enable="NO" {% endif %}