Is it at all possible to block a website using adblock blacklist for a specific user only?
Thanks
@dibdot As you know, I have used your Adblock package nearly since your inception of it and with great efficiency and very little issues since that time. Cheers to that! 
Anyway, regarding my LEDE KidSafe configuration (https://forum.openwrt.org/t/kidsafe-or-guest-wifi-forced-safesearch-and-adblock/6559):
Adblock has stopped filtering for me specifically on my KidSafe network only. Everything else works fine. This configuration had worked consistently for some time now but seems to have broken on one of your recent updates. I always backup/restore my overall LEDE configuration and everything has worked well with regard to that.
Is there something in one of your recent major upgrades to Adblock that would potentially break this setup? Thank you for your time.
Some basic info (stripped down a bit):
etc/config/network:
config interface 'kidsafe'
option _orig_ifname 'wlan2'
option _orig_bridge 'false'
option proto 'static'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
option delegate '0'
option force_link '0'
option type 'bridge'
etc/config/firewall:
config zone
option name 'kidsafe'
option input 'ACCEPT'
option forward 'DROP'
option output 'ACCEPT'
option network 'kidsafe'
config rule
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '53'
option name 'KidSafe DNS'
option src 'kidsafe'
config rule
option enabled '1'
option target 'ACCEPT'
option proto 'udp'
option dest_port '67-68'
option name 'KidSafe DHCP'
option src 'kidsafe'
config redirect 'adblock_dns_kidsafe'
option name 'Adblock DNS KidSafe'
option src 'kidsafe'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option target 'DNAT'
config forwarding
option dest 'wan'
option src 'kidsafe'
The main firewall rule in there which did all of the magic (much the same as your Force DNS rule) in which the Adblock would not work without on the KidSafe network is:
config redirect 'adblock_dns_kidsafe'
option name 'Adblock DNS KidSafe'
option src 'kidsafe'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option target 'DNAT'
Is there any troubleshooting that I can do to figure this out further? Thanks
So what I know so far is that devices on my regular 2.4GHz and 5GHz bands on LAN default LEDE settings essentially, that works well as always. The KidSafe network used to work with Adblock filtering but has since stopped working. If I switch those kids devices over to the regular networks, adblock works again. My setup does consist of two instances of dnsmasq which has worked great. I have not tried anything yet with regard to multiple Adblock instances (which I believe you mentioned in recent post).
Both instances with adblock enabled? If so please add the following to your config (per instance):
option serversfile '/tmp/adb_list.overall'
That should solve your issue.
I am using dnscrypt-proxy and force DNS with simple firewall rule, but if i use vpn on my laptop then i can access any websites, even those which are blocked by my router (/etc/hosts) Can i fix this?
Thank you for the prompt reply, Dirk. I apologize for forgetting to show my etc/config/dhcp file earlier. I've added the option serversfile ‘/tmp/adb_list.overall’ to the KidSafe configuration now as well, restarted everything clean, and tested again. Unfortunately, advertisements were still not filtered. Internet was working, but ads were simply not filtered.
I am wondering if something in my etc/config/dhcp file might be conflicting with the option serversfile setting and causing that specific setting to not be used?
etc/config/dhcp:
config dnsmasq 'main'
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option nonwildcard '1'
list interface 'lan'
option cachesize '1000'
option logfacility '/dev/null'
option noresolv '1'
list server '208.67.222.222'
list server '208.67.220.220'
option serversfile '/tmp/adb_list.overall'
config dnsmasq 'kidsafe'
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/kidsafe/'
option domain 'kidsafe'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases.kidsafe'
option strictorder '1'
option nonwildcard '1'
list interface 'kidsafe'
list notinterface 'lo'
option cachesize '1000'
option logfacility '/dev/null'
option noresolv '1'
option serversfile '/tmp/adb_list.overall'
list server '208.67.222.123'
list server '208.67.220.123'
list address '/google.com/216.239.38.120'
list address '/google.ca/216.239.38.120'
list address '/bing.com/204.79.197.220'
list address '/bing.ca/204.79.197.219'
list address '/www.youtube.com/216.239.38.119'
list address '/m.youtube.com/216.239.38.119'
list address '/youtubei.googleapis.com/216.239.38.119'
list address '/youtube.googleapis.com/216.239.38.119'
list address '/www.youtube-nocookie.com/216.239.38.119'
config dhcp 'lan'
option instance 'main'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'kidsafe_private'
option instance 'kidsafe'
option interface 'kidsafe'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
Please let me know if you see something conflicting in there. Thank you for your time. Some of those settings, such as noresolv and others, I am not too familiar with.
Lede stable 17.01.4, adblock 2.6.2
I filled in some blacklist entrys and was wondering why they weren't blocked until i found the list has to be enabled in the config file. Is this standard behavior? If so, possible to fix to a more "sane" behavior?
It is a bit irritating because I filled the blacklist with GUI and expected that the list will automatically be activated.
I can't reproduce your problem. I've copied your kidsafe config on one on my testing devices and adblock works on both instances. Did you reload the dnsmasq configuration after the manual serversfile change?
/etc/init.d/dnsmasq reload
The blacklist will be handled like all other blocklist sources ... and you can enable/disable the blacklist with the LuCI GUI as well. Of course we could change the default (which makes no harm) and enable this source in the default config.
Thoughts?
2 Likes
I have overseen that, so it was already sane behavior ;- ) So for an idiot proof setup I would vote to enable the empty blacklist and as you said it does no harm.
Alternatively: If at least one entry is entered thru the GUI set the list as enabled.
Thank you for your quick response!
I'd also suggest enabling the local blacklist in the default config, as the current default is rather unexpected (it took me a while to realize as well).
@dibdot Good news, everything was successful in the end with both instances of dnsmasq.
Your solution of:
option serversfile ‘/tmp/adb_list.overall’ (per instance in etc/config/dhcp)
plus
/etc/init.d/dnsmasq reload
was correct and resolved my problem. My mistake was that, since the inception of your Adblock package, I have always had the habit of running /etc/init.d/adblock restart after any changes. I've always done that instead of /etc/init.d/dnsmasq reload therefore I assume DNS cache on the router itself was cached and not flushed initially.
My apologies for my rookie mistake. Thank you again for your help and your always spot on, concise replies.
wget adaway error
OpenSSL: error:14077410:lib(20):func(119):reason(1040)
??
Installed ca-certificates and openssl packages don't help 
1 Like
Thanks and no worries ... now I have a test machine with multiple dnsmasq instances ... 
Please enable adblock debug and post the logs.
@dibdot
Thu Jan 4 09:35:17 2018 user.notice adblock-[3.1.0] debug: name: adaway, enabled: 1, url: https://adaway.org/hosts.txt, rset: $0~/^127.0.0.1[[:space:]]+([[:alnum:]_-]+.){1,}[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}
Thu Jan 4 09:35:18 2018 user.notice adblock-[3.1.0] debug: name: adaway, mode: restore, count: 0, in_rc: 4, out_rc: 4
Thu Jan 4 09:35:18 2018 user.notice adblock-[3.1.0] debug: name: adaway, mode: remove, count: 0, in_rc: 4, out_rc: 0
sorry if my question is a little weird, can someone tell me, what different between 3 AWK line, please
BEGIN{FS="[|^]"}$0~/^||([[:alnum:]_-]+.){1,}[[:alpha:]]+^("\$third-party")?$/{print tolower($3)}
$0~/^127.0.0.1[[:space:]]+([[:alnum:]_-]+.){1,}[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}
$0~/^([[:alnum:]_-]+.){1,}[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}
and how to read AWK line, thanks
See this AWK tutorial...