mirror of
https://github.com/netbirdio/plugins.git
synced 2026-05-22 18:44:07 -07:00
Custom BLs & simplify code (#1647)
This commit is contained in:
Petr Kejval
GitHub
+9
-1
@@ -11,12 +11,20 @@
|
||||
<type>select_multiple</type>
|
||||
<help>Select which kind of DNSBL you want to use.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>dnsbl.lists</id>
|
||||
<label>URLs of Blacklists</label>
|
||||
<type>select_multiple</type>
|
||||
<style>tokenize</style>
|
||||
<allownew>true</allownew>
|
||||
<help>List of domains from where blacklist will be downloaded.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>dnsbl.whitelists</id>
|
||||
<label>Whitelist Domains</label>
|
||||
<type>select_multiple</type>
|
||||
<style>tokenize</style>
|
||||
<allownew>true</allownew>
|
||||
<help>List of domains to whitelist.</help>
|
||||
<help>List of domains to whitelist. You can use regex expressions.</help>
|
||||
</field>
|
||||
</form>
|
||||
|
||||
@@ -37,6 +37,9 @@
|
||||
<yy>YoYo List</yy>
|
||||
</OptionValues>
|
||||
</type>
|
||||
<lists type="CSVListField">
|
||||
<Required>N</Required>
|
||||
</lists>
|
||||
<whitelists type="CSVListField">
|
||||
<Required>N</Required>
|
||||
</whitelists>
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<menu>
|
||||
<Services>
|
||||
<Unbound>
|
||||
<DNSBL order="50" url="/ui/unboundplus/dnsbl/index"/>
|
||||
<Blacklist order="50" url="/ui/unboundplus/dnsbl/index"/>
|
||||
<Miscellaneous order="60" url="/ui/unboundplus/miscellaneous/index"/>
|
||||
</Unbound>
|
||||
</Services>
|
||||
|
||||
@@ -0,0 +1,193 @@
|
||||
#!/usr/local/bin/python3
|
||||
|
||||
# DNS BL script
|
||||
# Copyright 2020 Petr Kejval <petr.kejval6@gmail.com>
|
||||
|
||||
# Downloads blacklisted domains from user specified URLs and "compile" them into unbound.conf compatible file
|
||||
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
# are met:
|
||||
#
|
||||
# 1. Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
#
|
||||
# 2. Redistributions in binary form must reproduce the above copyright
|
||||
# notice, this list of conditions and the following disclaimer in the
|
||||
# documentation and/or other materials provided with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
# SUCH DAMAGE.
|
||||
|
||||
import re, urllib3, threading, subprocess
|
||||
|
||||
re_blacklist = re.compile(r'(^127\.0\.0\.1\s|^0\.0\.0\.0\s)(.*)|^([a-z_.-]+$)', re.I)
|
||||
re_whitelist = re.compile(r'$^') # default - match nothing
|
||||
blacklist = set()
|
||||
urls = set()
|
||||
|
||||
predefined_lists = {
|
||||
"aa": "https://adaway.org/hosts.txt",
|
||||
"ag": "https://justdomains.github.io/blocklists/lists/adguarddns-justdomains.txt",
|
||||
"bla": "https://blocklist.site/app/dl/ads",
|
||||
"blf": "https://blocklist.site/app/dl/fraud",
|
||||
"blp": "https://blocklist.site/app/dl/phishing",
|
||||
"ca": "http://sysctl.org/cameleon/hosts",
|
||||
"el": "https://justdomains.github.io/blocklists/lists/easylist-justdomains.txt",
|
||||
"ep": "https://justdomains.github.io/blocklists/lists/easyprivacy-justdomains.txt",
|
||||
"emd": "https://hosts-file.net/emd.txt",
|
||||
"hpa": "https://hosts-file.net/ad_servers.txt",
|
||||
"hpf": "https://hosts-file.net/fsa.txt",
|
||||
"hpp": "https://hosts-file.net/psh.txt",
|
||||
"hup": "https://hosts-file.net/pup.txt",
|
||||
"nc": "https://justdomains.github.io/blocklists/lists/nocoin-justdomains.txt",
|
||||
"rw": "https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt",
|
||||
"mw": "http://malwaredomains.lehigh.edu/files/justdomains",
|
||||
"pa": "https://raw.githubusercontent.com/chadmayfield/my-pihole-blocklists/master/lists/pi_blocklist_porn_all.list",
|
||||
"pt": "https://raw.githubusercontent.com/chadmayfield/pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list",
|
||||
"sa": "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt",
|
||||
"sb": "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts",
|
||||
"st": "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt",
|
||||
"ws": "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt",
|
||||
"wsu": "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/update.txt",
|
||||
"wse": "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/extra.txt",
|
||||
"yy": "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext"
|
||||
}
|
||||
|
||||
def add_to_blacklist(domain):
|
||||
""" Checks if domain is present in whitelist. If not, domain is addded to BL set. """
|
||||
match = re_whitelist.match(domain)
|
||||
if not match:
|
||||
blacklist.add(domain)
|
||||
|
||||
def parse_line(line):
|
||||
""" Checks if line matches re_blacklist. If so, tries add domain to BL set. """
|
||||
global blacklist
|
||||
match = re_blacklist.match(line)
|
||||
if match:
|
||||
if match.group(2) != None:
|
||||
add_to_blacklist(match.group(2))
|
||||
elif match.group(3) != None:
|
||||
add_to_blacklist(match.group(3))
|
||||
|
||||
def process_url(url):
|
||||
""" Reads and parses blacklisted domains from URL into BL set. """
|
||||
print(f"Processing BL items from: {url}")
|
||||
|
||||
try:
|
||||
http = urllib3.PoolManager()
|
||||
r = http.request('GET', url)
|
||||
|
||||
for line in str(r.data).split('\\n'):
|
||||
parse_line(line)
|
||||
except Exception as e:
|
||||
print(str(e))
|
||||
|
||||
def save_config_file():
|
||||
""" Saves blacklist in unbound.conf format """
|
||||
print(f"Saving {len(blacklist)} blacklisted domains into dnsbl.conf")
|
||||
|
||||
try:
|
||||
with open("/var/unbound/etc/dnsbl.conf", 'w') as file:
|
||||
# No domains found or DNSBL is disabled
|
||||
if (len(blacklist) == 0):
|
||||
file.write("")
|
||||
else:
|
||||
file.write('server:\n')
|
||||
for line in blacklist:
|
||||
#file.write('local-zone: "' + str(line) + '" static\n')
|
||||
file.write('local-data: "' + str(line) + ' A 0.0.0.0"\n')
|
||||
except Exception as e:
|
||||
print(str(e))
|
||||
exit(1)
|
||||
|
||||
def load_list(path, separator=None):
|
||||
""" Reads file with specified path into set to ensure unique values.
|
||||
Splits lines with defined separator. If sperator==None no split is performed. """
|
||||
result = set()
|
||||
|
||||
try:
|
||||
with open(path, 'r') as file:
|
||||
for line in file.readlines():
|
||||
if not separator == None:
|
||||
for element in line.split(separator):
|
||||
result.add(element.replace('\n', ''))
|
||||
else:
|
||||
result.add(line.replace('\n', ''))
|
||||
except Exception as e:
|
||||
print(str(e))
|
||||
|
||||
return result
|
||||
|
||||
def load_whitelist():
|
||||
""" Loads user defined whitelist in regex format and compiles it. """
|
||||
print("Loading whitelist")
|
||||
global re_whitelist
|
||||
wl = load_list('/var/unbound/etc/whitelist.inc', ',')
|
||||
wl.add('.*localhost$')
|
||||
print(f"Loaded {len(wl)} whitelist items")
|
||||
|
||||
try:
|
||||
re_whitelist = re.compile('|'.join(wl))
|
||||
except Exception as e:
|
||||
print(f"Whitelist regex compile failed: {str(e)}")
|
||||
|
||||
def load_blacklists():
|
||||
""" Loads user defined blacklists URLs. """
|
||||
print("Loading blacklists URLs")
|
||||
global urls
|
||||
urls = load_list('/var/unbound/etc/lists.inc', ',')
|
||||
print(f"Loaded {len(urls)} blacklists URLs")
|
||||
|
||||
def load_predefined_lists():
|
||||
""" Loads user chosen predefined lists """
|
||||
print("Loading predefined lists URLs")
|
||||
global urls
|
||||
lists = load_list('/var/unbound/etc/dnsbl.inc')
|
||||
types = set()
|
||||
|
||||
for first in lists:
|
||||
first = str(first).split('=')[1]
|
||||
first = str(first).replace('"', '').replace('\n', '')
|
||||
first = first.split(',')
|
||||
for type in first:
|
||||
types.add(type)
|
||||
break
|
||||
|
||||
print(f"Loaded {len(types)} predefined blacklists URLs")
|
||||
|
||||
for type in types:
|
||||
try:
|
||||
urls.add(predefined_lists[type])
|
||||
except KeyError:
|
||||
continue
|
||||
except Exception as e:
|
||||
print(str(e))
|
||||
|
||||
if __name__ == "__main__":
|
||||
# Prepare lists from config files
|
||||
load_whitelist()
|
||||
load_blacklists()
|
||||
load_predefined_lists()
|
||||
|
||||
# Start processing BLs in threads
|
||||
threads = [threading.Thread(target=process_url, args=(url,)) for url in urls]
|
||||
for t in threads:
|
||||
t.start()
|
||||
for t in threads:
|
||||
t.join()
|
||||
|
||||
save_config_file()
|
||||
|
||||
print("Restarting unbound service")
|
||||
subprocess.Popen(["pluginctl", "-s", "unbound", "restart"])
|
||||
exit(0)
|
||||
@@ -1,322 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Copyright (c) 2018-2019 Michael Muenz <m.muenz@gmail.com>
|
||||
# Copyright (c) 2018 Franco Fichtner <franco@opnsense.org>
|
||||
# Copyright (c) 2019 Martin Wasley <martin@team-rebellion.net>
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
# are met:
|
||||
#
|
||||
# 1. Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
#
|
||||
# 2. Redistributions in binary form must reproduce the above copyright
|
||||
# notice, this list of conditions and the following disclaimer in the
|
||||
# documentation and/or other materials provided with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
# SUCH DAMAGE.
|
||||
|
||||
FETCH="/usr/bin/fetch -qT 5"
|
||||
|
||||
DESTDIR="/var/unbound/etc"
|
||||
WORKDIRPREFIX="/tmp/unbounddnsbl."
|
||||
WORKDIR="${WORKDIRPREFIX}${$}"
|
||||
|
||||
rm -rf ${WORKDIRPREFIX}*
|
||||
mkdir -p ${WORKDIR}
|
||||
|
||||
easylist() {
|
||||
# EasyList
|
||||
${FETCH} https://justdomains.github.io/blocklists/lists/easylist-justdomains.txt -o ${WORKDIR}/easylist-raw
|
||||
sed "/\.$/d" ${WORKDIR}/easylist-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/easylist
|
||||
rm ${WORKDIR}/easylist-raw
|
||||
}
|
||||
|
||||
easyprivacy() {
|
||||
# EasyPrivacy
|
||||
${FETCH} https://justdomains.github.io/blocklists/lists/easyprivacy-justdomains.txt -o ${WORKDIR}/easyprivacy-raw
|
||||
sed "/\.$/d" ${WORKDIR}/easyprivacy-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/easyprivacy
|
||||
rm ${WORKDIR}/easyprivacy-raw
|
||||
}
|
||||
|
||||
pornall() {
|
||||
# PornAll
|
||||
${FETCH} https://raw.githubusercontent.com/chadmayfield/my-pihole-blocklists/master/lists/pi_blocklist_porn_all.list -o ${WORKDIR}/pornall-raw
|
||||
sed "/\.$/d" ${WORKDIR}/pornall-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/pornall
|
||||
rm ${WORKDIR}/pornall-raw
|
||||
}
|
||||
|
||||
porntop() {
|
||||
# PornTop1M
|
||||
${FETCH} https://raw.githubusercontent.com/chadmayfield/pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list -o ${WORKDIR}/porntop-raw
|
||||
sed "/\.$/d" ${WORKDIR}/porntop-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/porntop
|
||||
rm ${WORKDIR}/porntop-raw
|
||||
}
|
||||
|
||||
emdlist() {
|
||||
# EMD
|
||||
${FETCH} https://hosts-file.net/emd.txt -o ${WORKDIR}/emdlist-raw
|
||||
sed "/\.$/d" ${WORKDIR}/emdlist-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/emdlist
|
||||
rm ${WORKDIR}/emdlist-raw
|
||||
}
|
||||
|
||||
adguard() {
|
||||
# AdGuard
|
||||
${FETCH} https://justdomains.github.io/blocklists/lists/adguarddns-justdomains.txt -o ${WORKDIR}/adguard-raw
|
||||
sed "/\.$/d" ${WORKDIR}/adguard-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/adguard
|
||||
rm ${WORKDIR}/adguard-raw
|
||||
}
|
||||
|
||||
nocoin() {
|
||||
# NoCoin
|
||||
${FETCH} https://justdomains.github.io/blocklists/lists/nocoin-justdomains.txt -o ${WORKDIR}/nocoin-raw
|
||||
sed "/\.$/d" ${WORKDIR}/nocoin-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/nocoin
|
||||
rm ${WORKDIR}/nocoin-raw
|
||||
}
|
||||
|
||||
rwtracker() {
|
||||
# RansomWare Tracker abuse.ch
|
||||
${FETCH} https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt -o ${WORKDIR}/rwtracker-raw
|
||||
sed "/\.$/d" ${WORKDIR}/rwtracker-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/rwtracker
|
||||
rm ${WORKDIR}/rwtracker-raw
|
||||
}
|
||||
|
||||
mwdomains() {
|
||||
# MalwareDomains
|
||||
${FETCH} http://malwaredomains.lehigh.edu/files/justdomains -o ${WORKDIR}/malwaredomains-raw
|
||||
sed "/\.$/d" ${WORKDIR}/malwaredomains-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/malwaredomains
|
||||
rm ${WORKDIR}/malwaredomains-raw
|
||||
}
|
||||
|
||||
windowsspyblockerspy() {
|
||||
# WindowsSpyBlocker (spy)
|
||||
${FETCH} https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt -o ${WORKDIR}/windowsspyblockerspy-raw
|
||||
sed "/\.$/d" ${WORKDIR}/windowsspyblockerspy-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/windowsspyblockerspy
|
||||
rm ${WORKDIR}/windowsspyblockerspy-raw
|
||||
}
|
||||
|
||||
windowsspyblockerupdate() {
|
||||
# WindowsSpyBlocker (update)
|
||||
${FETCH} https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/update.txt -o ${WORKDIR}/windowsspyblockerupdate-raw
|
||||
sed "/\.$/d" ${WORKDIR}/windowsspyblockerupdate-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/windowsspyblockerupdate
|
||||
rm ${WORKDIR}/windowsspyblockerupdate-raw
|
||||
}
|
||||
|
||||
windowsspyblockerextra() {
|
||||
# WindowsSpyBlocker (extra)
|
||||
${FETCH} https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/extra.txt -o ${WORKDIR}/windowsspyblockerextra-raw
|
||||
sed "/\.$/d" ${WORKDIR}/windowsspyblockerextra-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/windowsspyblockerextra
|
||||
rm ${WORKDIR}/windowsspyblockerextra-raw
|
||||
}
|
||||
|
||||
cameleon() {
|
||||
# Cameleon List
|
||||
${FETCH} http://sysctl.org/cameleon/hosts -o ${WORKDIR}/cameleon-raw
|
||||
sed "/\.$/d" ${WORKDIR}/cameleon-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/cameleon
|
||||
rm ${WORKDIR}/cameleon-raw
|
||||
}
|
||||
|
||||
adaway() {
|
||||
# AdAway List
|
||||
${FETCH} https://adaway.org/hosts.txt -o ${WORKDIR}/adaway-raw
|
||||
sed "/\.$/d" ${WORKDIR}/adaway-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/adaway
|
||||
rm ${WORKDIR}/adaway-raw
|
||||
}
|
||||
|
||||
yoyo() {
|
||||
# YoYo List
|
||||
${FETCH} "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext" -o ${WORKDIR}/yoyo-raw
|
||||
sed "/\.$/d" ${WORKDIR}/yoyo-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/yoyo
|
||||
rm ${WORKDIR}/yoyo-raw
|
||||
}
|
||||
|
||||
stevenblack() {
|
||||
# StevenBlack
|
||||
${FETCH} https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts -o ${WORKDIR}/stevenblack-raw
|
||||
sed "/\.$/d" ${WORKDIR}/stevenblack-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/127\.0\.0\.1/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/stevenblack
|
||||
rm ${WORKDIR}/stevenblack-raw
|
||||
}
|
||||
|
||||
blocklistads() {
|
||||
# Blocklist.site Ads
|
||||
${FETCH} https://blocklist.site/app/dl/ads -o ${WORKDIR}/blocklistads-raw
|
||||
sed "/\.$/d" ${WORKDIR}/blocklistads-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/127\.0\.0\.1/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" > ${WORKDIR}/blocklistads
|
||||
rm ${WORKDIR}/blocklistads-raw
|
||||
}
|
||||
|
||||
blocklistfraud() {
|
||||
# Blocklist.site Fraud
|
||||
${FETCH} https://blocklist.site/app/dl/fraud -o ${WORKDIR}/blocklistfraud-raw
|
||||
sed "/\.$/d" ${WORKDIR}/blocklistfraud-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/127\.0\.0\.1/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" > ${WORKDIR}/blocklistfraud
|
||||
rm ${WORKDIR}/blocklistfraud-raw
|
||||
}
|
||||
|
||||
blocklistphishing() {
|
||||
# Blocklist.site Phishing
|
||||
${FETCH} https://blocklist.site/app/dl/phishing -o ${WORKDIR}/blocklistphishing-raw
|
||||
sed "/\.$/d" ${WORKDIR}/blocklistphishing-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/127\.0\.0\.1/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" > ${WORKDIR}/blocklistphishing
|
||||
rm ${WORKDIR}/blocklistphishing-raw
|
||||
}
|
||||
|
||||
hphosts-ads() {
|
||||
# hphosts-ads
|
||||
${FETCH} https://hosts-file.net/ad_servers.txt -o ${WORKDIR}/hphosts-ads-raw
|
||||
sed "/\.$/d" ${WORKDIR}/hphosts-ads-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/hphosts-ads
|
||||
rm ${WORKDIR}/hphosts-ads-raw
|
||||
}
|
||||
|
||||
hphosts-fsa() {
|
||||
# hphosts-fsa
|
||||
${FETCH} https://hosts-file.net/fsa.txt -o ${WORKDIR}/hphosts-fsa-raw
|
||||
sed "/\.$/d" ${WORKDIR}/hphosts-fsa-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/hphosts-fsa
|
||||
rm ${WORKDIR}/hphosts-fsa-raw
|
||||
}
|
||||
|
||||
hphosts-psh() {
|
||||
# hphosts-psh
|
||||
${FETCH} https://hosts-file.net/psh.txt -o ${WORKDIR}/hphosts-psh-raw
|
||||
sed "/\.$/d" ${WORKDIR}/hphosts-psh-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/hphosts-psh
|
||||
rm ${WORKDIR}/hphosts-psh-raw
|
||||
}
|
||||
|
||||
hphosts-pup() {
|
||||
# hphosts-pup
|
||||
${FETCH} https://hosts-file.net/pup.txt -o ${WORKDIR}/hphosts-pup-raw
|
||||
sed "/\.$/d" ${WORKDIR}/hphosts-pup-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/hphosts-pup
|
||||
rm ${WORKDIR}/hphosts-pup-raw
|
||||
}
|
||||
|
||||
simplead() {
|
||||
# Simple Ad List
|
||||
${FETCH} https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt -o ${WORKDIR}/simplead-raw
|
||||
sed "/\.$/d" ${WORKDIR}/simplead-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/simplead
|
||||
rm ${WORKDIR}/simplead-raw
|
||||
}
|
||||
|
||||
simpletrack() {
|
||||
# Simple Tracking List
|
||||
${FETCH} https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt -o ${WORKDIR}/simpletrack-raw
|
||||
sed "/\.$/d" ${WORKDIR}/simpletrack-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/simpletrack
|
||||
rm ${WORKDIR}/simpletrack-raw
|
||||
}
|
||||
|
||||
install() {
|
||||
# Put all files in correct format
|
||||
for FILE in $(find ${WORKDIR} -type f); do
|
||||
WHITE=$(cat ${DESTDIR}/whitelist.inc | tr ',' '|')
|
||||
if [ -z "${WHITE}" ]; then
|
||||
cat ${FILE} | sort -u | awk '{printf "server:\n", $1; printf "local-data: \"%s A 0.0.0.0\"\n", $1}' > ${FILE}.inc
|
||||
else
|
||||
cat ${FILE} | sort -u | egrep -v "$WHITE" | awk '{printf "server:\n", $1; printf "local-data: \"%s A 0.0.0.0\"\n", $1}' > ${FILE}.inc
|
||||
fi
|
||||
done
|
||||
# Merge resulting files (/dev/null in case there are none)
|
||||
if [ -s "/var/unbound/etc/dnsbl.inc" ]; then
|
||||
cat $(find ${WORKDIR} -type f -name "*.inc") /dev/null > ${DESTDIR}/dnsbl.conf
|
||||
chown unbound:unbound ${DESTDIR}/dnsbl.conf
|
||||
else
|
||||
rm -rf ${DESTDIR}/dnsbl.conf
|
||||
fi
|
||||
rm -rf ${WORKDIR}
|
||||
pluginctl -s unbound restart
|
||||
}
|
||||
|
||||
DNSBL=${1}
|
||||
|
||||
if [ -z "${DNSBL}" ]; then
|
||||
. /var/unbound/etc/dnsbl.inc
|
||||
DNSBL=${unbound_dnsbl}
|
||||
fi
|
||||
|
||||
for CAT in $(echo ${DNSBL} | tr ',' ' '); do
|
||||
case "${CAT}" in
|
||||
aa)
|
||||
adaway
|
||||
;;
|
||||
ag)
|
||||
adguard
|
||||
;;
|
||||
bla)
|
||||
blocklistads
|
||||
;;
|
||||
blf)
|
||||
blocklistfraud
|
||||
;;
|
||||
blp)
|
||||
blocklistphishing
|
||||
;;
|
||||
ca)
|
||||
cameleon
|
||||
;;
|
||||
el)
|
||||
easylist
|
||||
;;
|
||||
ep)
|
||||
easyprivacy
|
||||
;;
|
||||
emd)
|
||||
emdlist
|
||||
;;
|
||||
hpa)
|
||||
hphosts-ads
|
||||
;;
|
||||
hpf)
|
||||
hphosts-fsa
|
||||
;;
|
||||
hpp)
|
||||
hphosts-psh
|
||||
;;
|
||||
hup)
|
||||
hphosts-pup
|
||||
;;
|
||||
nc)
|
||||
nocoin
|
||||
;;
|
||||
rw)
|
||||
rwtracker
|
||||
;;
|
||||
mw)
|
||||
mwdomains
|
||||
;;
|
||||
pa)
|
||||
#pornall
|
||||
;;
|
||||
pt)
|
||||
porntop
|
||||
;;
|
||||
sa)
|
||||
simplead
|
||||
;;
|
||||
sb)
|
||||
stevenblack
|
||||
;;
|
||||
st)
|
||||
simpletrack
|
||||
;;
|
||||
ws)
|
||||
windowsspyblockerspy
|
||||
;;
|
||||
wsu)
|
||||
windowsspyblockerupdate
|
||||
;;
|
||||
wse)
|
||||
windowsspyblockerextra
|
||||
;;
|
||||
yy)
|
||||
yoyo
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
install
|
||||
@@ -1,11 +1,11 @@
|
||||
[dnsbl]
|
||||
command:/usr/local/opnsense/scripts/OPNsense/Unboundplus/dnsbl.sh
|
||||
parameters: %s
|
||||
command:/usr/local/opnsense/scripts/OPNsense/Unboundplus/dnsbl.py
|
||||
parameters:
|
||||
type:script
|
||||
message:fetching DNSBLs
|
||||
|
||||
[dnsblcron]
|
||||
command:/usr/local/opnsense/scripts/OPNsense/Unboundplus/dnsbl.sh
|
||||
command:/usr/local/opnsense/scripts/OPNsense/Unboundplus/dnsbl.py
|
||||
parameters:
|
||||
type:script
|
||||
message:fetching DNSBLs and restart Unbound
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
dnsbl.inc:/var/unbound/etc/dnsbl.inc
|
||||
whitelist.inc:/var/unbound/etc/whitelist.inc
|
||||
miscellaneous.conf:/var/unbound/etc/miscellaneous.conf
|
||||
lists.inc:/var/unbound/etc/lists.inc
|
||||
@@ -0,0 +1,5 @@
|
||||
{% if helpers.exists('OPNsense.unboundplus.dnsbl.enabled') and OPNsense.unboundplus.dnsbl.enabled == '1' %}
|
||||
{% if helpers.exists('OPNsense.unboundplus.dnsbl.lists') and OPNsense.unboundplus.dnsbl.lists != '' %}
|
||||
{{ OPNsense.unboundplus.dnsbl.lists|default("") }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
@@ -1,7 +1,5 @@
|
||||
{% if helpers.exists('OPNsense.unboundplus.dnsbl.enabled') and OPNsense.unboundplus.dnsbl.enabled == '1' %}
|
||||
{% if helpers.exists('OPNsense.unboundplus.dnsbl.type') and OPNsense.unboundplus.dnsbl.type != '' %}
|
||||
{% if helpers.exists('OPNsense.unboundplus.dnsbl.whitelists') and OPNsense.unboundplus.dnsbl.whitelists != '' %}
|
||||
{% if helpers.exists('OPNsense.unboundplus.dnsbl.enabled') and OPNsense.unboundplus.dnsbl.enabled == '1' %}
|
||||
{% if helpers.exists('OPNsense.unboundplus.dnsbl.whitelists') and OPNsense.unboundplus.dnsbl.whitelists != '' %}
|
||||
{{ OPNsense.unboundplus.dnsbl.whitelists|default("") }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
Reference in New Issue
Block a user