diff --git a/dns/unbound-plus/src/opnsense/mvc/app/controllers/OPNsense/Unboundplus/forms/dnsbl.xml b/dns/unbound-plus/src/opnsense/mvc/app/controllers/OPNsense/Unboundplus/forms/dnsbl.xml
index 10eb50a93..2f7626943 100644
--- a/dns/unbound-plus/src/opnsense/mvc/app/controllers/OPNsense/Unboundplus/forms/dnsbl.xml
+++ b/dns/unbound-plus/src/opnsense/mvc/app/controllers/OPNsense/Unboundplus/forms/dnsbl.xml
@@ -11,12 +11,20 @@
select_multiple
Select which kind of DNSBL you want to use.
+
+ dnsbl.lists
+ URLs of Blacklists
+ select_multiple
+
+ true
+ List of domains from where blacklist will be downloaded.
+
dnsbl.whitelists
Whitelist Domains
select_multiple
true
- List of domains to whitelist.
+ List of domains to whitelist. You can use regex expressions.
diff --git a/dns/unbound-plus/src/opnsense/mvc/app/models/OPNsense/Unboundplus/Dnsbl.xml b/dns/unbound-plus/src/opnsense/mvc/app/models/OPNsense/Unboundplus/Dnsbl.xml
index 4073fac26..5b537c08f 100644
--- a/dns/unbound-plus/src/opnsense/mvc/app/models/OPNsense/Unboundplus/Dnsbl.xml
+++ b/dns/unbound-plus/src/opnsense/mvc/app/models/OPNsense/Unboundplus/Dnsbl.xml
@@ -37,6 +37,9 @@
YoYo List
+
+ N
+
N
diff --git a/dns/unbound-plus/src/opnsense/mvc/app/models/OPNsense/Unboundplus/Menu/Menu.xml b/dns/unbound-plus/src/opnsense/mvc/app/models/OPNsense/Unboundplus/Menu/Menu.xml
index a63bd5e52..32261d1a2 100644
--- a/dns/unbound-plus/src/opnsense/mvc/app/models/OPNsense/Unboundplus/Menu/Menu.xml
+++ b/dns/unbound-plus/src/opnsense/mvc/app/models/OPNsense/Unboundplus/Menu/Menu.xml
@@ -1,7 +1,7 @@
-
diff --git a/dns/unbound-plus/src/opnsense/scripts/OPNsense/Unboundplus/dnsbl.py b/dns/unbound-plus/src/opnsense/scripts/OPNsense/Unboundplus/dnsbl.py
new file mode 100755
index 000000000..08ac8503a
--- /dev/null
+++ b/dns/unbound-plus/src/opnsense/scripts/OPNsense/Unboundplus/dnsbl.py
@@ -0,0 +1,193 @@
+#!/usr/local/bin/python3
+
+# DNS BL script
+# Copyright 2020 Petr Kejval
+
+# Downloads blacklisted domains from user specified URLs and "compile" them into unbound.conf compatible file
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+import re, urllib3, threading, subprocess
+
+re_blacklist = re.compile(r'(^127\.0\.0\.1\s|^0\.0\.0\.0\s)(.*)|^([a-z_.-]+$)', re.I)
+re_whitelist = re.compile(r'$^') # default - match nothing
+blacklist = set()
+urls = set()
+
+predefined_lists = {
+ "aa": "https://adaway.org/hosts.txt",
+ "ag": "https://justdomains.github.io/blocklists/lists/adguarddns-justdomains.txt",
+ "bla": "https://blocklist.site/app/dl/ads",
+ "blf": "https://blocklist.site/app/dl/fraud",
+ "blp": "https://blocklist.site/app/dl/phishing",
+ "ca": "http://sysctl.org/cameleon/hosts",
+ "el": "https://justdomains.github.io/blocklists/lists/easylist-justdomains.txt",
+ "ep": "https://justdomains.github.io/blocklists/lists/easyprivacy-justdomains.txt",
+ "emd": "https://hosts-file.net/emd.txt",
+ "hpa": "https://hosts-file.net/ad_servers.txt",
+ "hpf": "https://hosts-file.net/fsa.txt",
+ "hpp": "https://hosts-file.net/psh.txt",
+ "hup": "https://hosts-file.net/pup.txt",
+ "nc": "https://justdomains.github.io/blocklists/lists/nocoin-justdomains.txt",
+ "rw": "https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt",
+ "mw": "http://malwaredomains.lehigh.edu/files/justdomains",
+ "pa": "https://raw.githubusercontent.com/chadmayfield/my-pihole-blocklists/master/lists/pi_blocklist_porn_all.list",
+ "pt": "https://raw.githubusercontent.com/chadmayfield/pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list",
+ "sa": "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt",
+ "sb": "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts",
+ "st": "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt",
+ "ws": "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt",
+ "wsu": "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/update.txt",
+ "wse": "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/extra.txt",
+ "yy": "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext"
+}
+
+def add_to_blacklist(domain):
+ """ Checks if domain is present in whitelist. If not, domain is addded to BL set. """
+ match = re_whitelist.match(domain)
+ if not match:
+ blacklist.add(domain)
+
+def parse_line(line):
+ """ Checks if line matches re_blacklist. If so, tries add domain to BL set. """
+ global blacklist
+ match = re_blacklist.match(line)
+ if match:
+ if match.group(2) != None:
+ add_to_blacklist(match.group(2))
+ elif match.group(3) != None:
+ add_to_blacklist(match.group(3))
+
+def process_url(url):
+ """ Reads and parses blacklisted domains from URL into BL set. """
+ print(f"Processing BL items from: {url}")
+
+ try:
+ http = urllib3.PoolManager()
+ r = http.request('GET', url)
+
+ for line in str(r.data).split('\\n'):
+ parse_line(line)
+ except Exception as e:
+ print(str(e))
+
+def save_config_file():
+ """ Saves blacklist in unbound.conf format """
+ print(f"Saving {len(blacklist)} blacklisted domains into dnsbl.conf")
+
+ try:
+ with open("/var/unbound/etc/dnsbl.conf", 'w') as file:
+ # No domains found or DNSBL is disabled
+ if (len(blacklist) == 0):
+ file.write("")
+ else:
+ file.write('server:\n')
+ for line in blacklist:
+ #file.write('local-zone: "' + str(line) + '" static\n')
+ file.write('local-data: "' + str(line) + ' A 0.0.0.0"\n')
+ except Exception as e:
+ print(str(e))
+ exit(1)
+
+def load_list(path, separator=None):
+ """ Reads file with specified path into set to ensure unique values.
+ Splits lines with defined separator. If sperator==None no split is performed. """
+ result = set()
+
+ try:
+ with open(path, 'r') as file:
+ for line in file.readlines():
+ if not separator == None:
+ for element in line.split(separator):
+ result.add(element.replace('\n', ''))
+ else:
+ result.add(line.replace('\n', ''))
+ except Exception as e:
+ print(str(e))
+
+ return result
+
+def load_whitelist():
+ """ Loads user defined whitelist in regex format and compiles it. """
+ print("Loading whitelist")
+ global re_whitelist
+ wl = load_list('/var/unbound/etc/whitelist.inc', ',')
+ wl.add('.*localhost$')
+ print(f"Loaded {len(wl)} whitelist items")
+
+ try:
+ re_whitelist = re.compile('|'.join(wl))
+ except Exception as e:
+ print(f"Whitelist regex compile failed: {str(e)}")
+
+def load_blacklists():
+ """ Loads user defined blacklists URLs. """
+ print("Loading blacklists URLs")
+ global urls
+ urls = load_list('/var/unbound/etc/lists.inc', ',')
+ print(f"Loaded {len(urls)} blacklists URLs")
+
+def load_predefined_lists():
+ """ Loads user chosen predefined lists """
+ print("Loading predefined lists URLs")
+ global urls
+ lists = load_list('/var/unbound/etc/dnsbl.inc')
+ types = set()
+
+ for first in lists:
+ first = str(first).split('=')[1]
+ first = str(first).replace('"', '').replace('\n', '')
+ first = first.split(',')
+ for type in first:
+ types.add(type)
+ break
+
+ print(f"Loaded {len(types)} predefined blacklists URLs")
+
+ for type in types:
+ try:
+ urls.add(predefined_lists[type])
+ except KeyError:
+ continue
+ except Exception as e:
+ print(str(e))
+
+if __name__ == "__main__":
+ # Prepare lists from config files
+ load_whitelist()
+ load_blacklists()
+ load_predefined_lists()
+
+ # Start processing BLs in threads
+ threads = [threading.Thread(target=process_url, args=(url,)) for url in urls]
+ for t in threads:
+ t.start()
+ for t in threads:
+ t.join()
+
+ save_config_file()
+
+ print("Restarting unbound service")
+ subprocess.Popen(["pluginctl", "-s", "unbound", "restart"])
+ exit(0)
\ No newline at end of file
diff --git a/dns/unbound-plus/src/opnsense/scripts/OPNsense/Unboundplus/dnsbl.sh b/dns/unbound-plus/src/opnsense/scripts/OPNsense/Unboundplus/dnsbl.sh
deleted file mode 100755
index d9e11ca98..000000000
--- a/dns/unbound-plus/src/opnsense/scripts/OPNsense/Unboundplus/dnsbl.sh
+++ /dev/null
@@ -1,322 +0,0 @@
-#!/bin/sh
-
-# Copyright (c) 2018-2019 Michael Muenz
-# Copyright (c) 2018 Franco Fichtner
-# Copyright (c) 2019 Martin Wasley
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-
-FETCH="/usr/bin/fetch -qT 5"
-
-DESTDIR="/var/unbound/etc"
-WORKDIRPREFIX="/tmp/unbounddnsbl."
-WORKDIR="${WORKDIRPREFIX}${$}"
-
-rm -rf ${WORKDIRPREFIX}*
-mkdir -p ${WORKDIR}
-
-easylist() {
- # EasyList
- ${FETCH} https://justdomains.github.io/blocklists/lists/easylist-justdomains.txt -o ${WORKDIR}/easylist-raw
- sed "/\.$/d" ${WORKDIR}/easylist-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/easylist
- rm ${WORKDIR}/easylist-raw
-}
-
-easyprivacy() {
- # EasyPrivacy
- ${FETCH} https://justdomains.github.io/blocklists/lists/easyprivacy-justdomains.txt -o ${WORKDIR}/easyprivacy-raw
- sed "/\.$/d" ${WORKDIR}/easyprivacy-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/easyprivacy
- rm ${WORKDIR}/easyprivacy-raw
-}
-
-pornall() {
- # PornAll
- ${FETCH} https://raw.githubusercontent.com/chadmayfield/my-pihole-blocklists/master/lists/pi_blocklist_porn_all.list -o ${WORKDIR}/pornall-raw
- sed "/\.$/d" ${WORKDIR}/pornall-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/pornall
- rm ${WORKDIR}/pornall-raw
-}
-
-porntop() {
- # PornTop1M
- ${FETCH} https://raw.githubusercontent.com/chadmayfield/pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list -o ${WORKDIR}/porntop-raw
- sed "/\.$/d" ${WORKDIR}/porntop-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/porntop
- rm ${WORKDIR}/porntop-raw
-}
-
-emdlist() {
- # EMD
- ${FETCH} https://hosts-file.net/emd.txt -o ${WORKDIR}/emdlist-raw
- sed "/\.$/d" ${WORKDIR}/emdlist-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/emdlist
- rm ${WORKDIR}/emdlist-raw
-}
-
-adguard() {
- # AdGuard
- ${FETCH} https://justdomains.github.io/blocklists/lists/adguarddns-justdomains.txt -o ${WORKDIR}/adguard-raw
- sed "/\.$/d" ${WORKDIR}/adguard-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/adguard
- rm ${WORKDIR}/adguard-raw
-}
-
-nocoin() {
- # NoCoin
- ${FETCH} https://justdomains.github.io/blocklists/lists/nocoin-justdomains.txt -o ${WORKDIR}/nocoin-raw
- sed "/\.$/d" ${WORKDIR}/nocoin-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/nocoin
- rm ${WORKDIR}/nocoin-raw
-}
-
-rwtracker() {
- # RansomWare Tracker abuse.ch
- ${FETCH} https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt -o ${WORKDIR}/rwtracker-raw
- sed "/\.$/d" ${WORKDIR}/rwtracker-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/rwtracker
- rm ${WORKDIR}/rwtracker-raw
-}
-
-mwdomains() {
- # MalwareDomains
- ${FETCH} http://malwaredomains.lehigh.edu/files/justdomains -o ${WORKDIR}/malwaredomains-raw
- sed "/\.$/d" ${WORKDIR}/malwaredomains-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/malwaredomains
- rm ${WORKDIR}/malwaredomains-raw
-}
-
-windowsspyblockerspy() {
- # WindowsSpyBlocker (spy)
- ${FETCH} https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt -o ${WORKDIR}/windowsspyblockerspy-raw
- sed "/\.$/d" ${WORKDIR}/windowsspyblockerspy-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/windowsspyblockerspy
- rm ${WORKDIR}/windowsspyblockerspy-raw
-}
-
-windowsspyblockerupdate() {
- # WindowsSpyBlocker (update)
- ${FETCH} https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/update.txt -o ${WORKDIR}/windowsspyblockerupdate-raw
- sed "/\.$/d" ${WORKDIR}/windowsspyblockerupdate-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/windowsspyblockerupdate
- rm ${WORKDIR}/windowsspyblockerupdate-raw
-}
-
-windowsspyblockerextra() {
- # WindowsSpyBlocker (extra)
- ${FETCH} https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/extra.txt -o ${WORKDIR}/windowsspyblockerextra-raw
- sed "/\.$/d" ${WORKDIR}/windowsspyblockerextra-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/windowsspyblockerextra
- rm ${WORKDIR}/windowsspyblockerextra-raw
-}
-
-cameleon() {
- # Cameleon List
- ${FETCH} http://sysctl.org/cameleon/hosts -o ${WORKDIR}/cameleon-raw
- sed "/\.$/d" ${WORKDIR}/cameleon-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/cameleon
- rm ${WORKDIR}/cameleon-raw
-}
-
-adaway() {
- # AdAway List
- ${FETCH} https://adaway.org/hosts.txt -o ${WORKDIR}/adaway-raw
- sed "/\.$/d" ${WORKDIR}/adaway-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/adaway
- rm ${WORKDIR}/adaway-raw
-}
-
-yoyo() {
- # YoYo List
- ${FETCH} "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext" -o ${WORKDIR}/yoyo-raw
- sed "/\.$/d" ${WORKDIR}/yoyo-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/yoyo
- rm ${WORKDIR}/yoyo-raw
-}
-
-stevenblack() {
- # StevenBlack
- ${FETCH} https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts -o ${WORKDIR}/stevenblack-raw
- sed "/\.$/d" ${WORKDIR}/stevenblack-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/127\.0\.0\.1/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/stevenblack
- rm ${WORKDIR}/stevenblack-raw
-}
-
-blocklistads() {
- # Blocklist.site Ads
- ${FETCH} https://blocklist.site/app/dl/ads -o ${WORKDIR}/blocklistads-raw
- sed "/\.$/d" ${WORKDIR}/blocklistads-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/127\.0\.0\.1/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" > ${WORKDIR}/blocklistads
- rm ${WORKDIR}/blocklistads-raw
-}
-
-blocklistfraud() {
- # Blocklist.site Fraud
- ${FETCH} https://blocklist.site/app/dl/fraud -o ${WORKDIR}/blocklistfraud-raw
- sed "/\.$/d" ${WORKDIR}/blocklistfraud-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/127\.0\.0\.1/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" > ${WORKDIR}/blocklistfraud
- rm ${WORKDIR}/blocklistfraud-raw
-}
-
-blocklistphishing() {
- # Blocklist.site Phishing
- ${FETCH} https://blocklist.site/app/dl/phishing -o ${WORKDIR}/blocklistphishing-raw
- sed "/\.$/d" ${WORKDIR}/blocklistphishing-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/127\.0\.0\.1/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" > ${WORKDIR}/blocklistphishing
- rm ${WORKDIR}/blocklistphishing-raw
-}
-
-hphosts-ads() {
- # hphosts-ads
- ${FETCH} https://hosts-file.net/ad_servers.txt -o ${WORKDIR}/hphosts-ads-raw
- sed "/\.$/d" ${WORKDIR}/hphosts-ads-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/hphosts-ads
- rm ${WORKDIR}/hphosts-ads-raw
-}
-
-hphosts-fsa() {
- # hphosts-fsa
- ${FETCH} https://hosts-file.net/fsa.txt -o ${WORKDIR}/hphosts-fsa-raw
- sed "/\.$/d" ${WORKDIR}/hphosts-fsa-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/hphosts-fsa
- rm ${WORKDIR}/hphosts-fsa-raw
-}
-
-hphosts-psh() {
- # hphosts-psh
- ${FETCH} https://hosts-file.net/psh.txt -o ${WORKDIR}/hphosts-psh-raw
- sed "/\.$/d" ${WORKDIR}/hphosts-psh-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/hphosts-psh
- rm ${WORKDIR}/hphosts-psh-raw
-}
-
-hphosts-pup() {
- # hphosts-pup
- ${FETCH} https://hosts-file.net/pup.txt -o ${WORKDIR}/hphosts-pup-raw
- sed "/\.$/d" ${WORKDIR}/hphosts-pup-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/hphosts-pup
- rm ${WORKDIR}/hphosts-pup-raw
-}
-
-simplead() {
- # Simple Ad List
- ${FETCH} https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt -o ${WORKDIR}/simplead-raw
- sed "/\.$/d" ${WORKDIR}/simplead-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/simplead
- rm ${WORKDIR}/simplead-raw
-}
-
-simpletrack() {
- # Simple Tracking List
- ${FETCH} https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt -o ${WORKDIR}/simpletrack-raw
- sed "/\.$/d" ${WORKDIR}/simpletrack-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/simpletrack
- rm ${WORKDIR}/simpletrack-raw
-}
-
-install() {
- # Put all files in correct format
- for FILE in $(find ${WORKDIR} -type f); do
- WHITE=$(cat ${DESTDIR}/whitelist.inc | tr ',' '|')
- if [ -z "${WHITE}" ]; then
- cat ${FILE} | sort -u | awk '{printf "server:\n", $1; printf "local-data: \"%s A 0.0.0.0\"\n", $1}' > ${FILE}.inc
- else
- cat ${FILE} | sort -u | egrep -v "$WHITE" | awk '{printf "server:\n", $1; printf "local-data: \"%s A 0.0.0.0\"\n", $1}' > ${FILE}.inc
- fi
- done
- # Merge resulting files (/dev/null in case there are none)
- if [ -s "/var/unbound/etc/dnsbl.inc" ]; then
- cat $(find ${WORKDIR} -type f -name "*.inc") /dev/null > ${DESTDIR}/dnsbl.conf
- chown unbound:unbound ${DESTDIR}/dnsbl.conf
- else
- rm -rf ${DESTDIR}/dnsbl.conf
- fi
- rm -rf ${WORKDIR}
- pluginctl -s unbound restart
-}
-
-DNSBL=${1}
-
-if [ -z "${DNSBL}" ]; then
- . /var/unbound/etc/dnsbl.inc
- DNSBL=${unbound_dnsbl}
-fi
-
-for CAT in $(echo ${DNSBL} | tr ',' ' '); do
- case "${CAT}" in
- aa)
- adaway
- ;;
- ag)
- adguard
- ;;
- bla)
- blocklistads
- ;;
- blf)
- blocklistfraud
- ;;
- blp)
- blocklistphishing
- ;;
- ca)
- cameleon
- ;;
- el)
- easylist
- ;;
- ep)
- easyprivacy
- ;;
- emd)
- emdlist
- ;;
- hpa)
- hphosts-ads
- ;;
- hpf)
- hphosts-fsa
- ;;
- hpp)
- hphosts-psh
- ;;
- hup)
- hphosts-pup
- ;;
- nc)
- nocoin
- ;;
- rw)
- rwtracker
- ;;
- mw)
- mwdomains
- ;;
- pa)
- #pornall
- ;;
- pt)
- porntop
- ;;
- sa)
- simplead
- ;;
- sb)
- stevenblack
- ;;
- st)
- simpletrack
- ;;
- ws)
- windowsspyblockerspy
- ;;
- wsu)
- windowsspyblockerupdate
- ;;
- wse)
- windowsspyblockerextra
- ;;
- yy)
- yoyo
- ;;
- esac
-done
-
-install
diff --git a/dns/unbound-plus/src/opnsense/service/conf/actions.d/actions_unboundplus.conf b/dns/unbound-plus/src/opnsense/service/conf/actions.d/actions_unboundplus.conf
index 0c38ad254..86d4c3f0c 100644
--- a/dns/unbound-plus/src/opnsense/service/conf/actions.d/actions_unboundplus.conf
+++ b/dns/unbound-plus/src/opnsense/service/conf/actions.d/actions_unboundplus.conf
@@ -1,11 +1,11 @@
[dnsbl]
-command:/usr/local/opnsense/scripts/OPNsense/Unboundplus/dnsbl.sh
-parameters: %s
+command:/usr/local/opnsense/scripts/OPNsense/Unboundplus/dnsbl.py
+parameters:
type:script
message:fetching DNSBLs
[dnsblcron]
-command:/usr/local/opnsense/scripts/OPNsense/Unboundplus/dnsbl.sh
+command:/usr/local/opnsense/scripts/OPNsense/Unboundplus/dnsbl.py
parameters:
type:script
message:fetching DNSBLs and restart Unbound
diff --git a/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/+TARGETS b/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/+TARGETS
index c9be1287b..edd98110e 100644
--- a/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/+TARGETS
+++ b/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/+TARGETS
@@ -1,3 +1,4 @@
dnsbl.inc:/var/unbound/etc/dnsbl.inc
whitelist.inc:/var/unbound/etc/whitelist.inc
miscellaneous.conf:/var/unbound/etc/miscellaneous.conf
+lists.inc:/var/unbound/etc/lists.inc
\ No newline at end of file
diff --git a/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/lists.inc b/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/lists.inc
new file mode 100644
index 000000000..947a52761
--- /dev/null
+++ b/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/lists.inc
@@ -0,0 +1,5 @@
+{% if helpers.exists('OPNsense.unboundplus.dnsbl.enabled') and OPNsense.unboundplus.dnsbl.enabled == '1' %}
+{% if helpers.exists('OPNsense.unboundplus.dnsbl.lists') and OPNsense.unboundplus.dnsbl.lists != '' %}
+{{ OPNsense.unboundplus.dnsbl.lists|default("") }}
+{% endif %}
+{% endif %}
diff --git a/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/whitelist.inc b/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/whitelist.inc
index 473b3824f..04cde11c3 100644
--- a/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/whitelist.inc
+++ b/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/whitelist.inc
@@ -1,7 +1,5 @@
-{% if helpers.exists('OPNsense.unboundplus.dnsbl.enabled') and OPNsense.unboundplus.dnsbl.enabled == '1' %}
-{% if helpers.exists('OPNsense.unboundplus.dnsbl.type') and OPNsense.unboundplus.dnsbl.type != '' %}
-{% if helpers.exists('OPNsense.unboundplus.dnsbl.whitelists') and OPNsense.unboundplus.dnsbl.whitelists != '' %}
+{% if helpers.exists('OPNsense.unboundplus.dnsbl.enabled') and OPNsense.unboundplus.dnsbl.enabled == '1' %}
+{% if helpers.exists('OPNsense.unboundplus.dnsbl.whitelists') and OPNsense.unboundplus.dnsbl.whitelists != '' %}
{{ OPNsense.unboundplus.dnsbl.whitelists|default("") }}
-{% endif %}
-{% endif %}
-{% endif %}
+{% endif %}
+{% endif %}