From 288e46a7ec780ed2fa3a2042bbc2c23d9b7e35a4 Mon Sep 17 00:00:00 2001 From: Rod Vagg Date: Mon, 15 May 2017 20:39:34 +1000 Subject: [PATCH] Make DNS blocklist URLs configurable (#548) --- config.cfg | 6 +++++ roles/dns_adblocking/tasks/main.yml | 2 +- .../templates/{adblock.sh => adblock.sh.j2} | 25 +++++++++++-------- 3 files changed, 21 insertions(+), 12 deletions(-) rename roles/dns_adblocking/templates/{adblock.sh => adblock.sh.j2} (50%) diff --git a/config.cfg b/config.cfg index 78407bae..0c1e0d36 100644 --- a/config.cfg +++ b/config.cfg @@ -20,6 +20,12 @@ vpn_network_ipv6: 'fd9d:bc11:4020::/48' server_name: "{{ ansible_ssh_host }}" IP_subject_alt_name: "{{ ansible_ssh_host }}" +adblock_lists: + - "http://winhelp2002.mvps.org/hosts.txt" + - "https://adaway.org/hosts.txt" + - "https://www.malwaredomainlist.com/hostslist/hosts.txt" + - "https://hosts-file.net/ad_servers.txt" + dns_servers: ipv4: - 8.8.8.8 diff --git a/roles/dns_adblocking/tasks/main.yml b/roles/dns_adblocking/tasks/main.yml index 7e85e0ea..3989bf4f 100644 --- a/roles/dns_adblocking/tasks/main.yml +++ b/roles/dns_adblocking/tasks/main.yml @@ -29,7 +29,7 @@ - name: Adblock script created template: - src: adblock.sh + src: adblock.sh.j2 dest: /usr/local/sbin/adblock.sh owner: root group: "{{ root_group|default('root') }}" diff --git a/roles/dns_adblocking/templates/adblock.sh b/roles/dns_adblocking/templates/adblock.sh.j2 similarity index 50% rename from roles/dns_adblocking/templates/adblock.sh rename to roles/dns_adblocking/templates/adblock.sh.j2 index 864e35ef..23565645 100644 --- a/roles/dns_adblocking/templates/adblock.sh +++ b/roles/dns_adblocking/templates/adblock.sh.j2 @@ -7,36 +7,39 @@ ENDPOINT_IP6="::" IPV6="Y" TEMP=`mktemp` TEMP_SORTED=`mktemp` +DNSMASQ_WHITELIST="/var/lib/dnsmasq/white.list" +DNSMASQ_BLACKLIST="/var/lib/dnsmasq/black.list" +DNSMASQ_BLOCKHOSTS="/var/lib/dnsmasq/block.hosts" +BLOCKLIST_URLS="{% for url in adblock_lists %}{{ url }} {% endfor %}" #Delete the old block.hosts to make room for the updates -rm -f /var/lib/dnsmasq/block.hosts +rm -f $DNSMASQ_BLOCKHOSTS echo 'Downloading hosts lists...' #Download and process the files needed to make the lists (enable/add more, if you want) -wget -qO- http://winhelp2002.mvps.org/hosts.txt| awk -v r="$ENDPOINT_IP4" '{sub(/^0.0.0.0/, r)} $0 ~ "^"r' > "$TEMP" -wget -qO- "https://adaway.org/hosts.txt"|awk -v r="$ENDPOINT_IP4" '{sub(/^127.0.0.1/, r)} $0 ~ "^"r' >> "$TEMP" -wget -qO- https://www.malwaredomainlist.com/hostslist/hosts.txt|awk -v r="$ENDPOINT_IP4" '{sub(/^127.0.0.1/, r)} $0 ~ "^"r' >> "$TEMP" -wget -qO- "https://hosts-file.net/.\ad_servers.txt"|awk -v r="$ENDPOINT_IP4" '{sub(/^127.0.0.1/, r)} $0 ~ "^"r' >> "$TEMP" +for url in $BLOCKLIST_URLS; do + wget -qO- "$url" | awk -v r="$ENDPOINT_IP4" '{sub(/^(0.0.0.0|127.0.0.1)/, r)} $0 ~ "^"r' >> "$TEMP" +done #Add black list, if non-empty -if [ -s "/var/lib/dnsmasq/black.list" ] +if [ -s "$DNSMASQ_BLACKLIST" ] then echo 'Adding blacklist...' - awk -v r="$ENDPOINT_IP4" '/^[^#]/ { print r,$1 }' /var/lib/dnsmasq/black.list >> "$TEMP" + awk -v r="$ENDPOINT_IP4" '/^[^#]/ { print r,$1 }' $DNSMASQ_BLACKLIST >> "$TEMP" fi #Sort the download/black lists awk '{sub(/\r$/,"");print $1,$2}' "$TEMP"|sort -u > "$TEMP_SORTED" #Filter (if applicable) -if [ -s "/var/lib/dnsmasq/white.list" ] +if [ -s "$DNSMASQ_WHITELIST" ] then #Filter the blacklist, suppressing whitelist matches # This is relatively slow =-( echo 'Filtering white list...' - egrep -v "^[[:space:]]*$" /var/lib/dnsmasq/white.list | awk '/^[^#]/ {sub(/\r$/,"");print $1}' | grep -vf - "$TEMP_SORTED" > /var/lib/dnsmasq/block.hosts + egrep -v "^[[:space:]]*$" $DNSMASQ_WHITELIST | awk '/^[^#]/ {sub(/\r$/,"");print $1}' | grep -vf - "$TEMP_SORTED" > $DNSMASQ_BLOCKHOSTS else - cat "$TEMP_SORTED" > /var/lib/dnsmasq/block.hosts + cat "$TEMP_SORTED" > $DNSMASQ_BLOCKHOSTS fi if [ "$IPV6" = "Y" ] @@ -44,7 +47,7 @@ then safe_pattern=$(printf '%s\n' "$ENDPOINT_IP4" | sed 's/[[\.*^$(){}?+|/]/\\&/g') safe_addition=$(printf '%s\n' "$ENDPOINT_IP6" | sed 's/[\&/]/\\&/g') echo 'Adding ipv6 support...' - sed -i -re "s/^(${safe_pattern}) (.*)$/\1 \2\n${safe_addition} \2/g" /var/lib/dnsmasq/block.hosts + sed -i -re "s/^(${safe_pattern}) (.*)$/\1 \2\n${safe_addition} \2/g" $DNSMASQ_BLOCKHOSTS fi service dnsmasq restart