From 8633f8ef71a26cf6be8ad85cd70cefdf68bd29ae Mon Sep 17 00:00:00 2001 From: Petr Kejval Date: Mon, 10 Feb 2020 17:03:03 +0100 Subject: [PATCH] Custom BLs & simplify code (#1647) --- .../OPNsense/Unboundplus/forms/dnsbl.xml | 10 +- .../app/models/OPNsense/Unboundplus/Dnsbl.xml | 3 + .../models/OPNsense/Unboundplus/Menu/Menu.xml | 2 +- .../scripts/OPNsense/Unboundplus/dnsbl.py | 193 +++++++++++ .../scripts/OPNsense/Unboundplus/dnsbl.sh | 322 ------------------ .../conf/actions.d/actions_unboundplus.conf | 6 +- .../templates/OPNsense/Unboundplus/+TARGETS | 1 + .../templates/OPNsense/Unboundplus/lists.inc | 5 + .../OPNsense/Unboundplus/whitelist.inc | 10 +- 9 files changed, 219 insertions(+), 333 deletions(-) create mode 100755 dns/unbound-plus/src/opnsense/scripts/OPNsense/Unboundplus/dnsbl.py delete mode 100755 dns/unbound-plus/src/opnsense/scripts/OPNsense/Unboundplus/dnsbl.sh create mode 100644 dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/lists.inc diff --git a/dns/unbound-plus/src/opnsense/mvc/app/controllers/OPNsense/Unboundplus/forms/dnsbl.xml b/dns/unbound-plus/src/opnsense/mvc/app/controllers/OPNsense/Unboundplus/forms/dnsbl.xml index 10eb50a93..2f7626943 100644 --- a/dns/unbound-plus/src/opnsense/mvc/app/controllers/OPNsense/Unboundplus/forms/dnsbl.xml +++ b/dns/unbound-plus/src/opnsense/mvc/app/controllers/OPNsense/Unboundplus/forms/dnsbl.xml @@ -11,12 +11,20 @@ select_multiple Select which kind of DNSBL you want to use. + + dnsbl.lists + + select_multiple + + true + List of domains from where blacklist will be downloaded. + dnsbl.whitelists select_multiple true - List of domains to whitelist. + List of domains to whitelist. You can use regex expressions. diff --git a/dns/unbound-plus/src/opnsense/mvc/app/models/OPNsense/Unboundplus/Dnsbl.xml b/dns/unbound-plus/src/opnsense/mvc/app/models/OPNsense/Unboundplus/Dnsbl.xml index 4073fac26..5b537c08f 100644 --- a/dns/unbound-plus/src/opnsense/mvc/app/models/OPNsense/Unboundplus/Dnsbl.xml +++ b/dns/unbound-plus/src/opnsense/mvc/app/models/OPNsense/Unboundplus/Dnsbl.xml @@ -37,6 +37,9 @@ YoYo List + + N + N diff --git a/dns/unbound-plus/src/opnsense/mvc/app/models/OPNsense/Unboundplus/Menu/Menu.xml b/dns/unbound-plus/src/opnsense/mvc/app/models/OPNsense/Unboundplus/Menu/Menu.xml index a63bd5e52..32261d1a2 100644 --- a/dns/unbound-plus/src/opnsense/mvc/app/models/OPNsense/Unboundplus/Menu/Menu.xml +++ b/dns/unbound-plus/src/opnsense/mvc/app/models/OPNsense/Unboundplus/Menu/Menu.xml @@ -1,7 +1,7 @@ - + diff --git a/dns/unbound-plus/src/opnsense/scripts/OPNsense/Unboundplus/dnsbl.py b/dns/unbound-plus/src/opnsense/scripts/OPNsense/Unboundplus/dnsbl.py new file mode 100755 index 000000000..08ac8503a --- /dev/null +++ b/dns/unbound-plus/src/opnsense/scripts/OPNsense/Unboundplus/dnsbl.py @@ -0,0 +1,193 @@ +#!/usr/local/bin/python3 + +# DNS BL script +# Copyright 2020 Petr Kejval + +# Downloads blacklisted domains from user specified URLs and "compile" them into unbound.conf compatible file + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +import re, urllib3, threading, subprocess + +re_blacklist = re.compile(r'(^127\.0\.0\.1\s|^0\.0\.0\.0\s)(.*)|^([a-z_.-]+$)', re.I) +re_whitelist = re.compile(r'$^') # default - match nothing +blacklist = set() +urls = set() + +predefined_lists = { + "aa": "https://adaway.org/hosts.txt", + "ag": "https://justdomains.github.io/blocklists/lists/adguarddns-justdomains.txt", + "bla": "https://blocklist.site/app/dl/ads", + "blf": "https://blocklist.site/app/dl/fraud", + "blp": "https://blocklist.site/app/dl/phishing", + "ca": "http://sysctl.org/cameleon/hosts", + "el": "https://justdomains.github.io/blocklists/lists/easylist-justdomains.txt", + "ep": "https://justdomains.github.io/blocklists/lists/easyprivacy-justdomains.txt", + "emd": "https://hosts-file.net/emd.txt", + "hpa": "https://hosts-file.net/ad_servers.txt", + "hpf": "https://hosts-file.net/fsa.txt", + "hpp": "https://hosts-file.net/psh.txt", + "hup": "https://hosts-file.net/pup.txt", + "nc": "https://justdomains.github.io/blocklists/lists/nocoin-justdomains.txt", + "rw": "https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt", + "mw": "http://malwaredomains.lehigh.edu/files/justdomains", + "pa": "https://raw.githubusercontent.com/chadmayfield/my-pihole-blocklists/master/lists/pi_blocklist_porn_all.list", + "pt": "https://raw.githubusercontent.com/chadmayfield/pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list", + "sa": "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt", + "sb": "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts", + "st": "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt", + "ws": "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt", + "wsu": "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/update.txt", + "wse": "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/extra.txt", + "yy": "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext" +} + +def add_to_blacklist(domain): + """ Checks if domain is present in whitelist. If not, domain is addded to BL set. """ + match = re_whitelist.match(domain) + if not match: + blacklist.add(domain) + +def parse_line(line): + """ Checks if line matches re_blacklist. If so, tries add domain to BL set. """ + global blacklist + match = re_blacklist.match(line) + if match: + if match.group(2) != None: + add_to_blacklist(match.group(2)) + elif match.group(3) != None: + add_to_blacklist(match.group(3)) + +def process_url(url): + """ Reads and parses blacklisted domains from URL into BL set. """ + print(f"Processing BL items from: {url}") + + try: + http = urllib3.PoolManager() + r = http.request('GET', url) + + for line in str(r.data).split('\\n'): + parse_line(line) + except Exception as e: + print(str(e)) + +def save_config_file(): + """ Saves blacklist in unbound.conf format """ + print(f"Saving {len(blacklist)} blacklisted domains into dnsbl.conf") + + try: + with open("/var/unbound/etc/dnsbl.conf", 'w') as file: + # No domains found or DNSBL is disabled + if (len(blacklist) == 0): + file.write("") + else: + file.write('server:\n') + for line in blacklist: + #file.write('local-zone: "' + str(line) + '" static\n') + file.write('local-data: "' + str(line) + ' A 0.0.0.0"\n') + except Exception as e: + print(str(e)) + exit(1) + +def load_list(path, separator=None): + """ Reads file with specified path into set to ensure unique values. + Splits lines with defined separator. If sperator==None no split is performed. """ + result = set() + + try: + with open(path, 'r') as file: + for line in file.readlines(): + if not separator == None: + for element in line.split(separator): + result.add(element.replace('\n', '')) + else: + result.add(line.replace('\n', '')) + except Exception as e: + print(str(e)) + + return result + +def load_whitelist(): + """ Loads user defined whitelist in regex format and compiles it. """ + print("Loading whitelist") + global re_whitelist + wl = load_list('/var/unbound/etc/whitelist.inc', ',') + wl.add('.*localhost$') + print(f"Loaded {len(wl)} whitelist items") + + try: + re_whitelist = re.compile('|'.join(wl)) + except Exception as e: + print(f"Whitelist regex compile failed: {str(e)}") + +def load_blacklists(): + """ Loads user defined blacklists URLs. """ + print("Loading blacklists URLs") + global urls + urls = load_list('/var/unbound/etc/lists.inc', ',') + print(f"Loaded {len(urls)} blacklists URLs") + +def load_predefined_lists(): + """ Loads user chosen predefined lists """ + print("Loading predefined lists URLs") + global urls + lists = load_list('/var/unbound/etc/dnsbl.inc') + types = set() + + for first in lists: + first = str(first).split('=')[1] + first = str(first).replace('"', '').replace('\n', '') + first = first.split(',') + for type in first: + types.add(type) + break + + print(f"Loaded {len(types)} predefined blacklists URLs") + + for type in types: + try: + urls.add(predefined_lists[type]) + except KeyError: + continue + except Exception as e: + print(str(e)) + +if __name__ == "__main__": + # Prepare lists from config files + load_whitelist() + load_blacklists() + load_predefined_lists() + + # Start processing BLs in threads + threads = [threading.Thread(target=process_url, args=(url,)) for url in urls] + for t in threads: + t.start() + for t in threads: + t.join() + + save_config_file() + + print("Restarting unbound service") + subprocess.Popen(["pluginctl", "-s", "unbound", "restart"]) + exit(0) \ No newline at end of file diff --git a/dns/unbound-plus/src/opnsense/scripts/OPNsense/Unboundplus/dnsbl.sh b/dns/unbound-plus/src/opnsense/scripts/OPNsense/Unboundplus/dnsbl.sh deleted file mode 100755 index d9e11ca98..000000000 --- a/dns/unbound-plus/src/opnsense/scripts/OPNsense/Unboundplus/dnsbl.sh +++ /dev/null @@ -1,322 +0,0 @@ -#!/bin/sh - -# Copyright (c) 2018-2019 Michael Muenz -# Copyright (c) 2018 Franco Fichtner -# Copyright (c) 2019 Martin Wasley -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. - -FETCH="/usr/bin/fetch -qT 5" - -DESTDIR="/var/unbound/etc" -WORKDIRPREFIX="/tmp/unbounddnsbl." -WORKDIR="${WORKDIRPREFIX}${$}" - -rm -rf ${WORKDIRPREFIX}* -mkdir -p ${WORKDIR} - -easylist() { - # EasyList - ${FETCH} https://justdomains.github.io/blocklists/lists/easylist-justdomains.txt -o ${WORKDIR}/easylist-raw - sed "/\.$/d" ${WORKDIR}/easylist-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/easylist - rm ${WORKDIR}/easylist-raw -} - -easyprivacy() { - # EasyPrivacy - ${FETCH} https://justdomains.github.io/blocklists/lists/easyprivacy-justdomains.txt -o ${WORKDIR}/easyprivacy-raw - sed "/\.$/d" ${WORKDIR}/easyprivacy-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/easyprivacy - rm ${WORKDIR}/easyprivacy-raw -} - -pornall() { - # PornAll - ${FETCH} https://raw.githubusercontent.com/chadmayfield/my-pihole-blocklists/master/lists/pi_blocklist_porn_all.list -o ${WORKDIR}/pornall-raw - sed "/\.$/d" ${WORKDIR}/pornall-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/pornall - rm ${WORKDIR}/pornall-raw -} - -porntop() { - # PornTop1M - ${FETCH} https://raw.githubusercontent.com/chadmayfield/pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list -o ${WORKDIR}/porntop-raw - sed "/\.$/d" ${WORKDIR}/porntop-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/porntop - rm ${WORKDIR}/porntop-raw -} - -emdlist() { - # EMD - ${FETCH} https://hosts-file.net/emd.txt -o ${WORKDIR}/emdlist-raw - sed "/\.$/d" ${WORKDIR}/emdlist-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/emdlist - rm ${WORKDIR}/emdlist-raw -} - -adguard() { - # AdGuard - ${FETCH} https://justdomains.github.io/blocklists/lists/adguarddns-justdomains.txt -o ${WORKDIR}/adguard-raw - sed "/\.$/d" ${WORKDIR}/adguard-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/adguard - rm ${WORKDIR}/adguard-raw -} - -nocoin() { - # NoCoin - ${FETCH} https://justdomains.github.io/blocklists/lists/nocoin-justdomains.txt -o ${WORKDIR}/nocoin-raw - sed "/\.$/d" ${WORKDIR}/nocoin-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/nocoin - rm ${WORKDIR}/nocoin-raw -} - -rwtracker() { - # RansomWare Tracker abuse.ch - ${FETCH} https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt -o ${WORKDIR}/rwtracker-raw - sed "/\.$/d" ${WORKDIR}/rwtracker-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/rwtracker - rm ${WORKDIR}/rwtracker-raw -} - -mwdomains() { - # MalwareDomains - ${FETCH} http://malwaredomains.lehigh.edu/files/justdomains -o ${WORKDIR}/malwaredomains-raw - sed "/\.$/d" ${WORKDIR}/malwaredomains-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/malwaredomains - rm ${WORKDIR}/malwaredomains-raw -} - -windowsspyblockerspy() { - # WindowsSpyBlocker (spy) - ${FETCH} https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt -o ${WORKDIR}/windowsspyblockerspy-raw - sed "/\.$/d" ${WORKDIR}/windowsspyblockerspy-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/windowsspyblockerspy - rm ${WORKDIR}/windowsspyblockerspy-raw -} - -windowsspyblockerupdate() { - # WindowsSpyBlocker (update) - ${FETCH} https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/update.txt -o ${WORKDIR}/windowsspyblockerupdate-raw - sed "/\.$/d" ${WORKDIR}/windowsspyblockerupdate-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/windowsspyblockerupdate - rm ${WORKDIR}/windowsspyblockerupdate-raw -} - -windowsspyblockerextra() { - # WindowsSpyBlocker (extra) - ${FETCH} https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/extra.txt -o ${WORKDIR}/windowsspyblockerextra-raw - sed "/\.$/d" ${WORKDIR}/windowsspyblockerextra-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/windowsspyblockerextra - rm ${WORKDIR}/windowsspyblockerextra-raw -} - -cameleon() { - # Cameleon List - ${FETCH} http://sysctl.org/cameleon/hosts -o ${WORKDIR}/cameleon-raw - sed "/\.$/d" ${WORKDIR}/cameleon-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/cameleon - rm ${WORKDIR}/cameleon-raw -} - -adaway() { - # AdAway List - ${FETCH} https://adaway.org/hosts.txt -o ${WORKDIR}/adaway-raw - sed "/\.$/d" ${WORKDIR}/adaway-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/adaway - rm ${WORKDIR}/adaway-raw -} - -yoyo() { - # YoYo List - ${FETCH} "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext" -o ${WORKDIR}/yoyo-raw - sed "/\.$/d" ${WORKDIR}/yoyo-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/yoyo - rm ${WORKDIR}/yoyo-raw -} - -stevenblack() { - # StevenBlack - ${FETCH} https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts -o ${WORKDIR}/stevenblack-raw - sed "/\.$/d" ${WORKDIR}/stevenblack-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/127\.0\.0\.1/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/stevenblack - rm ${WORKDIR}/stevenblack-raw -} - -blocklistads() { - # Blocklist.site Ads - ${FETCH} https://blocklist.site/app/dl/ads -o ${WORKDIR}/blocklistads-raw - sed "/\.$/d" ${WORKDIR}/blocklistads-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/127\.0\.0\.1/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" > ${WORKDIR}/blocklistads - rm ${WORKDIR}/blocklistads-raw -} - -blocklistfraud() { - # Blocklist.site Fraud - ${FETCH} https://blocklist.site/app/dl/fraud -o ${WORKDIR}/blocklistfraud-raw - sed "/\.$/d" ${WORKDIR}/blocklistfraud-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/127\.0\.0\.1/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" > ${WORKDIR}/blocklistfraud - rm ${WORKDIR}/blocklistfraud-raw -} - -blocklistphishing() { - # Blocklist.site Phishing - ${FETCH} https://blocklist.site/app/dl/phishing -o ${WORKDIR}/blocklistphishing-raw - sed "/\.$/d" ${WORKDIR}/blocklistphishing-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/127\.0\.0\.1/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" > ${WORKDIR}/blocklistphishing - rm ${WORKDIR}/blocklistphishing-raw -} - -hphosts-ads() { - # hphosts-ads - ${FETCH} https://hosts-file.net/ad_servers.txt -o ${WORKDIR}/hphosts-ads-raw - sed "/\.$/d" ${WORKDIR}/hphosts-ads-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/hphosts-ads - rm ${WORKDIR}/hphosts-ads-raw -} - -hphosts-fsa() { - # hphosts-fsa - ${FETCH} https://hosts-file.net/fsa.txt -o ${WORKDIR}/hphosts-fsa-raw - sed "/\.$/d" ${WORKDIR}/hphosts-fsa-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/hphosts-fsa - rm ${WORKDIR}/hphosts-fsa-raw -} - -hphosts-psh() { - # hphosts-psh - ${FETCH} https://hosts-file.net/psh.txt -o ${WORKDIR}/hphosts-psh-raw - sed "/\.$/d" ${WORKDIR}/hphosts-psh-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/hphosts-psh - rm ${WORKDIR}/hphosts-psh-raw -} - -hphosts-pup() { - # hphosts-pup - ${FETCH} https://hosts-file.net/pup.txt -o ${WORKDIR}/hphosts-pup-raw - sed "/\.$/d" ${WORKDIR}/hphosts-pup-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/hphosts-pup - rm ${WORKDIR}/hphosts-pup-raw -} - -simplead() { - # Simple Ad List - ${FETCH} https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt -o ${WORKDIR}/simplead-raw - sed "/\.$/d" ${WORKDIR}/simplead-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/simplead - rm ${WORKDIR}/simplead-raw -} - -simpletrack() { - # Simple Tracking List - ${FETCH} https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt -o ${WORKDIR}/simpletrack-raw - sed "/\.$/d" ${WORKDIR}/simpletrack-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/simpletrack - rm ${WORKDIR}/simpletrack-raw -} - -install() { - # Put all files in correct format - for FILE in $(find ${WORKDIR} -type f); do - WHITE=$(cat ${DESTDIR}/whitelist.inc | tr ',' '|') - if [ -z "${WHITE}" ]; then - cat ${FILE} | sort -u | awk '{printf "server:\n", $1; printf "local-data: \"%s A 0.0.0.0\"\n", $1}' > ${FILE}.inc - else - cat ${FILE} | sort -u | egrep -v "$WHITE" | awk '{printf "server:\n", $1; printf "local-data: \"%s A 0.0.0.0\"\n", $1}' > ${FILE}.inc - fi - done - # Merge resulting files (/dev/null in case there are none) - if [ -s "/var/unbound/etc/dnsbl.inc" ]; then - cat $(find ${WORKDIR} -type f -name "*.inc") /dev/null > ${DESTDIR}/dnsbl.conf - chown unbound:unbound ${DESTDIR}/dnsbl.conf - else - rm -rf ${DESTDIR}/dnsbl.conf - fi - rm -rf ${WORKDIR} - pluginctl -s unbound restart -} - -DNSBL=${1} - -if [ -z "${DNSBL}" ]; then - . /var/unbound/etc/dnsbl.inc - DNSBL=${unbound_dnsbl} -fi - -for CAT in $(echo ${DNSBL} | tr ',' ' '); do - case "${CAT}" in - aa) - adaway - ;; - ag) - adguard - ;; - bla) - blocklistads - ;; - blf) - blocklistfraud - ;; - blp) - blocklistphishing - ;; - ca) - cameleon - ;; - el) - easylist - ;; - ep) - easyprivacy - ;; - emd) - emdlist - ;; - hpa) - hphosts-ads - ;; - hpf) - hphosts-fsa - ;; - hpp) - hphosts-psh - ;; - hup) - hphosts-pup - ;; - nc) - nocoin - ;; - rw) - rwtracker - ;; - mw) - mwdomains - ;; - pa) - #pornall - ;; - pt) - porntop - ;; - sa) - simplead - ;; - sb) - stevenblack - ;; - st) - simpletrack - ;; - ws) - windowsspyblockerspy - ;; - wsu) - windowsspyblockerupdate - ;; - wse) - windowsspyblockerextra - ;; - yy) - yoyo - ;; - esac -done - -install diff --git a/dns/unbound-plus/src/opnsense/service/conf/actions.d/actions_unboundplus.conf b/dns/unbound-plus/src/opnsense/service/conf/actions.d/actions_unboundplus.conf index 0c38ad254..86d4c3f0c 100644 --- a/dns/unbound-plus/src/opnsense/service/conf/actions.d/actions_unboundplus.conf +++ b/dns/unbound-plus/src/opnsense/service/conf/actions.d/actions_unboundplus.conf @@ -1,11 +1,11 @@ [dnsbl] -command:/usr/local/opnsense/scripts/OPNsense/Unboundplus/dnsbl.sh -parameters: %s +command:/usr/local/opnsense/scripts/OPNsense/Unboundplus/dnsbl.py +parameters: type:script message:fetching DNSBLs [dnsblcron] -command:/usr/local/opnsense/scripts/OPNsense/Unboundplus/dnsbl.sh +command:/usr/local/opnsense/scripts/OPNsense/Unboundplus/dnsbl.py parameters: type:script message:fetching DNSBLs and restart Unbound diff --git a/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/+TARGETS b/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/+TARGETS index c9be1287b..edd98110e 100644 --- a/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/+TARGETS +++ b/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/+TARGETS @@ -1,3 +1,4 @@ dnsbl.inc:/var/unbound/etc/dnsbl.inc whitelist.inc:/var/unbound/etc/whitelist.inc miscellaneous.conf:/var/unbound/etc/miscellaneous.conf +lists.inc:/var/unbound/etc/lists.inc \ No newline at end of file diff --git a/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/lists.inc b/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/lists.inc new file mode 100644 index 000000000..947a52761 --- /dev/null +++ b/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/lists.inc @@ -0,0 +1,5 @@ +{% if helpers.exists('OPNsense.unboundplus.dnsbl.enabled') and OPNsense.unboundplus.dnsbl.enabled == '1' %} +{% if helpers.exists('OPNsense.unboundplus.dnsbl.lists') and OPNsense.unboundplus.dnsbl.lists != '' %} +{{ OPNsense.unboundplus.dnsbl.lists|default("") }} +{% endif %} +{% endif %} diff --git a/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/whitelist.inc b/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/whitelist.inc index 473b3824f..04cde11c3 100644 --- a/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/whitelist.inc +++ b/dns/unbound-plus/src/opnsense/service/templates/OPNsense/Unboundplus/whitelist.inc @@ -1,7 +1,5 @@ -{% if helpers.exists('OPNsense.unboundplus.dnsbl.enabled') and OPNsense.unboundplus.dnsbl.enabled == '1' %} -{% if helpers.exists('OPNsense.unboundplus.dnsbl.type') and OPNsense.unboundplus.dnsbl.type != '' %} -{% if helpers.exists('OPNsense.unboundplus.dnsbl.whitelists') and OPNsense.unboundplus.dnsbl.whitelists != '' %} +{% if helpers.exists('OPNsense.unboundplus.dnsbl.enabled') and OPNsense.unboundplus.dnsbl.enabled == '1' %} +{% if helpers.exists('OPNsense.unboundplus.dnsbl.whitelists') and OPNsense.unboundplus.dnsbl.whitelists != '' %} {{ OPNsense.unboundplus.dnsbl.whitelists|default("") }} -{% endif %} -{% endif %} -{% endif %} +{% endif %} +{% endif %}