OpenWrt Forum Archive

Topic: Fast/lean adblocking for OpenWrt/LEDE with web ui: simple-adblock

The content of this topic has been archived between 5 Apr 2016 and 5 Apr 2018. Unfortunately there are posts – most likely complete pages – missing.

I really liked bole5's dnsmasq-based adblocking script for its elegance and simplicity, but I wanted more features, so I've used his as a base to create my own.
- Supports Attitude Adjustment, Chaos Calmer, Designated Driver
- Doesn't stay in memory -- creates the list of blocked domains and then uses DNSMASQ and firewall to redirect requests to a 1x1 transparent gif served with uhttpd
- Supports both hosts files and list of domains for blocking
- Supports remote whitelist URLs, just put whitelisted domains one per line
- Supports whitelisted domains in config file
- Uses ufetch-client on DD instead of wget
- As some of the standard lists URLs are using https, requires either wget/libopenssl (AA, CC) or ustream-ssl (DD)
- Has setup function which installs dependencies and configures everything (/etc/init.d/adblock setup)
- Has update function which downloads updated script version from (/etc/init.d/adblock update)
- Has verbosity settings (adblock.config.verbosity, default value 2) controlling output verbosity
- Very lightweight, the whole script is just one /etc/init.d/adblock file
- Logs single entry in the system log with the number of blocked domains if verbosity is set to 0
- Shows ad blocking status in the banner (can be disabled)

The setup script also installs the proper sort binary instead of using busybox which should speed things up.

Everything is available at and feel free to fork/submit pull requests or use in your own build.

I'm only using this in my custom builds, but it should work on a stock OpenWrt image (let me know if you try and it doesn't). It *requires* uhttpd and installs coreutils-sort and either wget/libopenssl (AA, CC) or libustream-polarssl (DD).

For more details check out the github page and script sources.

Again, all the credit goes to bole5, I've just slightly improved on his work and made a one-line installer. Now that it's on github people can contribute to the script easier. Would be great if someone volunteers to make this into a package. wink

(Last edited by stangri on 4 Apr 2016, 01:46)

Pretty slick with the one line install !

Any chance of seeing a url blacklist?

I find that sometimes the only way to stop the Android browser highjacking is to manually add the "offending" urls....

Just added it, use the following command to add blacklisted domains to your config:

uci add_list
uci add_list
uci add_list
uci add_list

And then run:

wget --no-check-certificate -qO /etc/init.d/adblock
chmod +x /etc/init.d/adblock
/etc/init.d/adblock reload

Just added support for updating script from github, in the future you'd only need to run

/etc/init.d/adblock update

to fetch the newest script version.

(Last edited by stangri on 30 Jan 2016, 05:30)

Can't seem to get it rolling - upgrading from arokh's install.

After putting your script in the adblock config file, I get the following:

root@OpenWrt ~# wget --no-check-certificate -qO /etc/init.d/adblock https://raw.
root@OpenWrt ~# chmod +x /etc/init.d/adblock
root@OpenWrt ~# /etc/init.d/adblock reload
sed: /tmp/domains.bad.tmp: No such file or directory
cat: can't open '/tmp/hosts.white.tmp': No such file or directory
/etc/rc.common: adblock is not enabled in the config file
/etc/rc.common: To enable, run 'uci set adblock.config.enabled=1'

root@OpenWrt ~# uci set adblock.config.enabled=1
uci: Parse error (invalid command) at line 4, byte 0

mojolacerator wrote:

After putting your script in the adblock config file

Oh, I see what happened.
The commands I listed were for running from the console/terminal, not to be copy-pasted into the config. bad.

ok, will try again when I get some time.

blacklist is not as important, I decided to poison the addresses in dnsmasq. there's only 34, so no biggy.

I ran the link to update my arokh build, but it doesn't seem to make any changes to /etc/config/adblock .  Should it be?

lukano wrote:

I ran the link to update my arokh build, but it doesn't seem to make any changes to /etc/config/adblock .  Should it be?

Valid point, after your comment I realized I need to add config settings supporting new features for the current bole5/arokh users, so I've created a proper update script instead of just updating the service. So you can just run the new update script:

sh -c "$(wget --no-check-certificate -O -)"

It will ensure all required binaries are installed, add the config settings to make use of new features, update the adblocking script itself and then reload it.

I would be grateful if you try it and submit feedback.

(Last edited by stangri on 22 Feb 2016, 03:07)

Perhaps my case it breaking things, but that's not working either.

I had a link to one single 6mb big glob of hosts file in my adblock config, but I went and removed URL lines from the config and tried with no change.  That said, I didn't try with no config at all (trying that now).

Did you get any messages at all when you ran that one-line command?

Here's results from all lines;

root@nihilus ~# sh -c "$(wget --no-check-certificate https://raw.githubuserconte -O -)"
Connecting to (
-                    100% |*******************************|  1852   0:00:00 ETA
root@nihilus ~# wget --no-check-certificate -qO /etc/init.d/adblock https://raw.
root@nihilus ~# chmod +x /etc/init.d/adblock
root@nihilus ~# /etc/init.d/adblock reload
sed: /tmp/domains.bad.tmp: No such file or directory
cat: can't open '/tmp/hosts.white.tmp': No such file or directory
Command failed: Not found
sed: /tmp/domains.bad.tmp: No such file or directory
cat: can't open '/tmp/hosts.white.tmp': No such file or directory

Thanks for prompt reply.

Reflecting on your earlier message -- did you delete /etc/config/adblock manually before running

If so, best way to proceed would be to do:

/etc/init.d/adblock update
/etc/init.d/adblock setup
/etc/init.d/adblock reload

The first line will fetch the updated adblocking script with the setup function, the second one will set up everything for the adblocking (required packages are installed, config file is created from scratch and the uhttp and firewall settings are added if missing) and the third one will start/reload the actual adblocking.

That should solve your problems.

(Last edited by stangri on 24 Feb 2016, 15:35)

No I didn't delete it.  Was that a step in the process that I missed?

lukano wrote:

No I didn't delete it.  Was that a step in the process that I missed?

No, on the opposite, if you're upgrading from the arokh's build it should have been kept intact.

Anyways, try the update/setup/reload.

With the going up and down, the first step (opkg update/opkg install) might fail or stall tho.

Ok, thanks Stangri.  Sorry for the late reply.  That did fix the config file, but my poor old WNDR3700v1 is still running out of memory on at least some of the sorting steps and towards the end causes the router to lock up and reboot.  It then gets in a loop until I can SSH in fast enough to disable adblock and stop the process.

I assume this is a case of needing to provide the router with some swap, due to lack of ram?

Thanks for continuous feedback!

I think the default config is pretty modest with the lists it includes. The script at github has the list sizes in the comments, check them out and only enable the ones your router can handle.

It is unexpected to me that your router would lock up when running the script and running out of memory. I've experimented with some rather large lists on mine and they were just causing the script to end prematurely. Also, when the router restarts, the actual downloading/sorting doesn't begin until about a minute after start-up. So there's still time to issue uci commands.

I should consider NOT enabling adblock service by default tho. I'll make updates next time I'm editing.

I've modified the script a little to work on PROCD-less AA (12.09) and tested it on WDR3600 running AA.

I would welcome more feedback from people still running AA -- just be conservative about the lists you enable in configs if your router has little RAM.

Supports ufetch-client if available (requires ustream-ssl for https links), no longer requires wget/libopenssl on DD. On AA/CC still uses wget/libopenssl.

Sorry, posts 19 to 25 are missing from our archive.