Show Posts
1
Tutorials and FAQs / Blocking ads using only unbound
« on: July 12, 2019, 11:36:01 pm »
I managed to get ad blocking done using only Unbound. Our command line friends, curl and awk do the heavy lifting.
This post is a little messy right now, but I'll get it cleaned up a little later.
HOUSEKEEPING INFO:
You will need to be able to log into the machine using either the console or SSH to get this accomplished.
The list I'm using is Steven Black's "Unified+Gambling+Fake News". You can choose from any of his other lists at https://github.com/StevenBlack/hosts/blob/master/readme.md. Rather than using one of the "Raw Hosts" URLS, choose one of the "Non Github Mirror" URLS. Curl seems to have an issue with the "Raw Hosts" URLS.
GETTING STARTED:
If you've opted to use a different filter list, you'll have to change the address that curl is using in the following script.
#!/bin/sh
#
# First, let's get the list
curl http://sbc.io/hosts/alternates/fakenews-gambling/hosts -o blockhosts.txt
# Too bad it's got a lot of stuff at the beginning we don't need.
# Time to remove the cruft
awk 'NR>=35{ print }' blockhosts.txt > hosts-fixed.txt
# Time to make it usable for the unbound service
echo -n "server:" > block.conf # MUST HAVE THIS AT THE TOP OF THE FILE
cat hosts-fixed.txt | grep '^0\.0\.0\.0' | awk '{ print "local-zone: \""$2"\" redirect\nlocal-data: \""$2" A 0.0.0.0\"" }' >> block.conf
# Present it to unbound
chown unbound:unbound block.conf
mv block.conf /var/unbound/block.conf
unbound-control -c /var/unbound/unbound.conf reload
Here's where you add the block list to Unbound.
Provided everything was entered correctly, the list should now be applied.
Since the "Cron" opnsense page doesn't allow for custom actions, you'll have to head back to the command line.
I've opted to update the list every night at 23:00 local.
If you're still logged in, keep going. Otherwise, log back into the command line and choose option #8.
Then:
Your system should now update the list, mangle it into a format that Unbound can use and reload the list every night at 2300 (local).
I'm working on making a command line install script to make the process a little easier for inexperienced people. Please be patient.
This post is a little messy right now, but I'll get it cleaned up a little later.
HOUSEKEEPING INFO:
You will need to be able to log into the machine using either the console or SSH to get this accomplished.
The list I'm using is Steven Black's "Unified+Gambling+Fake News". You can choose from any of his other lists at https://github.com/StevenBlack/hosts/blob/master/readme.md. Rather than using one of the "Raw Hosts" URLS, choose one of the "Non Github Mirror" URLS. Curl seems to have an issue with the "Raw Hosts" URLS.
GETTING STARTED:
- Make sure you've got a fully working Unbound setup.
- Then, log in via the command line, choose #8 and create a directory to house your working files.
- If you want to use the script as-is, then use "/usr/share/blocklist"
- Place the following script in the directory and name it "getlist.sh" (also as attachment)
If you've opted to use a different filter list, you'll have to change the address that curl is using in the following script.
#!/bin/sh
#
# First, let's get the list
curl http://sbc.io/hosts/alternates/fakenews-gambling/hosts -o blockhosts.txt
# Too bad it's got a lot of stuff at the beginning we don't need.
# Time to remove the cruft
awk 'NR>=35{ print }' blockhosts.txt > hosts-fixed.txt
# Time to make it usable for the unbound service
echo -n "server:" > block.conf # MUST HAVE THIS AT THE TOP OF THE FILE
cat hosts-fixed.txt | grep '^0\.0\.0\.0' | awk '{ print "local-zone: \""$2"\" redirect\nlocal-data: \""$2" A 0.0.0.0\"" }' >> block.conf
# Present it to unbound
chown unbound:unbound block.conf
mv block.conf /var/unbound/block.conf
unbound-control -c /var/unbound/unbound.conf reload
- Make the script executable: chmod u+x /usr/share/blocklist/getlist.sh
- You must run the script ONCE from the command line or this will fail: /usr/share/blocklist/getlist.sh
- ** Hint: don't log out just yet....
Here's where you add the block list to Unbound.
- Open your browser and log into the opnsense page.
- Navigate to Services -> Unbound DNS -> General (https://<your_machine>/services_unbound.php)
- Scroll down the "General" page until you see the button for Advanced and click on it.
- In the "Custom Options" box, enter: include: /var/unbound/block.conf
- Save your changes and then apply them.
Provided everything was entered correctly, the list should now be applied.
Since the "Cron" opnsense page doesn't allow for custom actions, you'll have to head back to the command line.
I've opted to update the list every night at 23:00 local.
If you're still logged in, keep going. Otherwise, log back into the command line and choose option #8.
Then:
- Type crontab -e, press Enter and go to the end of the file (you may have to hit the "End" key on the last line)
- Press a
- Press ENTER
- Type: 0 23 * * * (/usr/share/blocklist/getlist.sh) > /dev/null
- Press ESC, then : and finally wq!
Your system should now update the list, mangle it into a format that Unbound can use and reload the list every night at 2300 (local).
I'm working on making a command line install script to make the process a little easier for inexperienced people. Please be patient.