diff options
| author | Dirk Brenken <dev@brenken.org> | 2021-03-22 21:53:04 +0100 |
|---|---|---|
| committer | Dirk Brenken <dev@brenken.org> | 2021-03-23 11:11:23 +0100 |
| commit | df9ee1388e59b964dfafd28310c59f62c9071932 (patch) | |
| tree | c944721af1f8eced76fe6c6290d0c032d09b16ac /net/adblock | |
| parent | ccfe1bfa508e7041c4b5f902f1354ef9566bff28 (diff) | |
adblock: update 4.1.0-3
* add a restrictive "jail mode only" variant, just point your
jail directory to your primary dns directory
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Diffstat (limited to 'net/adblock')
| -rw-r--r-- | net/adblock/Makefile | 2 | ||||
| -rw-r--r-- | net/adblock/files/README.md | 3 | ||||
| -rwxr-xr-x | net/adblock/files/adblock.sh | 47 |
3 files changed, 45 insertions, 7 deletions
diff --git a/net/adblock/Makefile b/net/adblock/Makefile index 6481a79f3..ff10162da 100644 --- a/net/adblock/Makefile +++ b/net/adblock/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adblock PKG_VERSION:=4.1.0 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org> diff --git a/net/adblock/files/README.md b/net/adblock/files/README.md index f0f145c3f..33b5ea00a 100644 --- a/net/adblock/files/README.md +++ b/net/adblock/files/README.md @@ -208,6 +208,9 @@ and at the end of the file add: Adblock deposits the final blocklist 'adb_list.overall' in '/etc/kresd', no further configuration needed. <b>Please note:</b> The knot-resolver (kresd) is only available on Turris devices and does not support the SafeSearch functionality yet. +**Use restrictive jail modes:** +You can enable a restrictive 'adb_list.jail' to block access to all domains except those listed in the whitelist file. Usually this list will be generated as an additional list for guest or kidsafe configurations (for a separate dns server instance). If the jail directory points to your primary dns directory, adblock enables the restrice jail mode (jail mode only). + **Enable E-Mail notification via 'msmtp':** To use the email notification you have to install & configure the package 'msmtp'. Modify the file '/etc/msmtprc': diff --git a/net/adblock/files/adblock.sh b/net/adblock/files/adblock.sh index 0177a793b..731310e99 100755 --- a/net/adblock/files/adblock.sh +++ b/net/adblock/files/adblock.sh @@ -281,10 +281,9 @@ f_dns() f_log "err" "dns backend not found, please set 'adb_dns' manually" fi - if [ "${adb_dns}" != "raw" ] && { [ "${adb_dnsdir}" = "${adb_tmpbase}" ] || [ "${adb_dnsdir}" = "${adb_backupdir}" ] || \ - [ "${adb_dnsdir}" = "${adb_reportdir}" ] || [ "${adb_dnsdir}" = "${adb_jaildir}" ]; } + if [ "${adb_dns}" != "raw" ] && { [ "${adb_dnsdir}" = "${adb_tmpbase}" ] || [ "${adb_dnsdir}" = "${adb_backupdir}" ] || [ "${adb_dnsdir}" = "${adb_reportdir}" ]; } then - f_log "err" "dns directory '${adb_dnsdir}' has been misconfigured, it must not point to the 'adb_tmpbase', 'adb_backupdir', 'adb_reportdir' or 'adb_jaildir'" + f_log "err" "dns directory '${adb_dnsdir}' has been misconfigured, it must not point to the 'adb_tmpbase', 'adb_backupdir', 'adb_reportdir'" fi if [ "${adb_action}" = "start" ] && [ -z "${adb_trigger}" ] @@ -686,7 +685,7 @@ f_list() case "${mode}" in "blacklist"|"whitelist") src_name="${mode}" - if [ "${src_name}" = "blacklist" ] && [ -s "${adb_blacklist}" ] + if [ "${src_name}" = "blacklist" ] && [ -f "${adb_blacklist}" ] then rset="/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}" "${adb_awk}" "${rset}" "${adb_blacklist}" | \ @@ -694,7 +693,7 @@ f_list() "${adb_sort}" ${adb_srtopts} -u "${adb_tmpdir}/tmp.raw.${src_name}" 2>/dev/null > "${adb_tmpfile}.${src_name}" out_rc="${?}" rm -f "${adb_tmpdir}/tmp.raw.${src_name}" - elif [ "${src_name}" = "whitelist" ] && [ -s "${adb_whitelist}" ] + elif [ "${src_name}" = "whitelist" ] && [ -f "${adb_whitelist}" ] then rset="/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}" "${adb_awk}" "${rset}" "${adb_whitelist}" > "${adb_tmpdir}/tmp.raw.${src_name}" @@ -976,6 +975,13 @@ f_switch() then f_env printf "${adb_dnsheader}" > "${adb_dnsdir}/${adb_dnsfile}" + if [ "${adb_jail}" = "1" ] && [ "${adb_jaildir}" = "${adb_dnsdir}" ] + then + printf "${adb_dnsheader}" > "${adb_jaildir}/${adb_dnsjail}" + elif [ -f "${adb_dnsdir}/${adb_dnsjail}" ] + then + rm -f "${adb_dnsdir}/${adb_dnsjail}" + fi f_count done="true" elif [ "${mode}" = "resume" ] && [ "${status}" = "paused" ] @@ -1125,7 +1131,13 @@ f_jsnup() json_get_var runtime "last_run" fi fi - sources="$(printf "%s\n" ${adb_sources} | "${adb_sort}" | "${adb_awk}" '{ORS=" ";print $0}')" + if [ "${adb_jail}" = "1" ] && [ "${adb_jaildir}" = "${adb_dnsdir}" ] + then + adb_cnt="0" + sources="restrictive_jail" + else + sources="$(printf "%s\n" ${adb_sources} | "${adb_sort}" | "${adb_awk}" '{ORS=" ";print $0}')" + fi > "${adb_rtfile}" json_load_file "${adb_rtfile}" >/dev/null 2>&1 @@ -1198,6 +1210,29 @@ f_main() ( f_list "${entry}" "${entry}" )& done + if [ "${adb_dns}" != "raw" ] && [ "${adb_jail}" = "1" ] && [ "${adb_jaildir}" = "${adb_dnsdir}" ] + then + printf "${adb_dnsheader}" > "${adb_dnsdir}/${adb_dnsfile}" + chown "${adb_dnsuser}" "${adb_jaildir}/${adb_dnsjail}" 2>/dev/null + f_dnsup + if [ "${?}" = "0" ] + then + if [ "${adb_action}" != "resume" ] + then + f_jsnup "enabled" + fi + f_log "info" "restrictive jail mode enabled successfully (${adb_sysver})" + else + f_log "err" "dns backend restart in jail mode failed" + fi + f_rmtemp + return + elif [ -f "${adb_dnsdir}/${adb_dnsjail}" ] + then + rm -f "${adb_dnsdir}/${adb_dnsjail}" + f_dnsup + fi + # safe search preparation # if [ "${adb_safesearch}" = "1" ] && [ "${adb_dnssafesearch}" != "0" ] |