Mikrotik + AdBlock Plus

amt779 · February 25, 2014, 7:18pm

There’s a fancy dream of all web users to make it safer and faster. One of a relly good tools for that is AdBlockPlus Service. This service supplys regex filter rules of a harmfull content, as such https://easylist-downloads.adblockplus.org/malwaredomains_full.txt

Is it possible to apply AdBlockPlus regex filter rules as a basic traffic filter in RouterOS?

If such feature would get available it would make dream come true about routers of all home users ever. I’d even pay for it. I use at home MikroTik RB951G-2HnD with RouterOS 5.26

jandafields · February 26, 2014, 4:59pm

Look at L7 rules in Mikrotik.

TonyJr · February 26, 2014, 10:31pm

This looks good - I am going to import these into a metarouter and see how it runs as a web proxy, redirecting any of those matched l7 regex’s to a simple ‘possible malware’ static html file. I am not good with scripting, but I am sure it would be quite easy to schedule downloading, parsing and updating the L7 protocol list. I will post back with results, when I have had time to try this.

dixieip · March 2, 2014, 12:24am

Did you ever get that entire list imported into the Mikrotik OS? If so can you send me the script?

Buzz · January 1, 2015, 12:07am

is there anyway to block adblock list from mikrotik using layer 7 or something else ???

jjoelc · October 5, 2015, 6:16pm

https://github.com/aziraphale/routeros-dns-adblock

Just in case anyone else runs across this in a google search like I did. Be sure to read the “ReadMe” as always, but it works out great for me on my RB450G.

SyCo · October 6, 2015, 11:42am

Thanks for the link and update

blackdiamond · March 31, 2016, 9:09am

Has anyone implemented this: https://github.com/aziraphale/routeros-dns-adblock

my skills are lacking in the php i am lost at step 5.

MikroDik69 · April 21, 2016, 6:49am

Yeah,I can’t figure out or understand the instructions for the routeros-dns-adblock.

kor3k · September 28, 2016, 3:43pm

yes i have. i used this repo to create a list with almost 52k entries. it does it’s job well.

but be aware, that the implementation as DNS static entries takes shitload of RAM (cca 200 MB), so it cannot be used on mtiks with low RAM amount. also, it takes about 10 minutes to load after reboot, and during that time, DNS service is not responding.

because of this, i also implemented it as a firewall address list. it uses much less memory (cca 50MB, works on 128MB RAM mtiks) and reboot loading is non-blocking.

adblock-dns.rsc
adblock-addrlist.rsc

kor3k · September 30, 2016, 2:02pm

also created an updatable lightweight version of it (13.5k entries ATM). it uses the http://winhelp2002.mvps.org/hosts.txt file.

kivimart · September 30, 2016, 5:27pm

adblock-dns.rsc
adblock-addrlist.rsc[/quote]

Is this lists updated Daily or how often.?

Skickat från min Nexus 6P via Tapatalk

kor3k · October 3, 2016, 2:58pm

this list is not updated at all, the author refers to it as a “list of immortal malware/ad sites”.

if you want updated list with currently active malwares/ads, use this:

MikroTikFan · November 23, 2016, 9:35pm

I have been implemented whole stuff like is described in GitHub https://github.com/aziraphale/routeros-dns-adblock
I’m using RB3011 and I have 140 k records of static DNS.

/ip dns print
                servers: 8.8.8.8
        dynamic-servers: 
  allow-remote-requests: yes
    max-udp-packet-size: 4096
   query-server-timeout: 2s
    query-total-timeout: 10s
             cache-size: 2048KiB
          cache-max-ttl: 1w
             cache-used: 2048KiB

Static records are like that one (just example).
Below also firewall rule.

add address=240.0.0.2 name=001soft.cn comment=adblock.prime
... (140k records)


/ip firewall filter add chain=forward action=reject reject-with=tcp-reset connection-state=new protocol=tcp 
dst-address=240.0.0.0/4 in-interface=ether1-gateway log=yes log-prefix="adblock.prime"/

Unfortunately this is not working ;-(

I’m trying to found out why I still have adds ?
I wondering why I don’t see also any traffic on this firewall rule.

Please help me where I did it wrong?

che · November 23, 2016, 10:44pm

You might want to look at the size of your DNS cache. I have not done napkin math to tell you the exact cache size required for almost 150k entries, but I guess you could increase it to 200MB for starters, and if it’s still full try increasing it even more. There is enough memory available on the board you are using. On a side note, I think loading MIkroTik’s simple DNS service with hundreds of thousands of static entries is a horrible idea, but I support your experiment and would love to hear the results you get from this. People use dedicated appliances like PiHole for this purpose - which often proves to be unreliable solution.

Regarding firewall rule, your in-interface is wrong - it should be your local network interface (or master port if you use hardware switch feature, or bridge interface if you use software switching), not gateway one.

49er · November 24, 2016, 8:24am

Can anyone explain me how to use this?
I want to use the version that is auto updated.
I see a PHP file but howto implement this in mikrotik router?

MikroTikFan · November 24, 2016, 11:40am

che:

You might want to look at the size of your DNS cache. I have not done napkin math to tell you the exact cache size required for almost 150k entries, but I guess you could increase it to 200MB for starters, and if it’s still full try increasing it even more. There is enough memory available on the board you are using. On a side note, I think loading MIkroTik’s simple DNS service with hundreds of thousands of static entries is a horrible idea, but I support your experiment and would love to hear the results you get from this. People use dedicated appliances like PiHole for this purpose - which often proves to be unreliable solution.

Regarding firewall rule, your in-interface is wrong - it should be your local network interface (or master port if you use hardware switch feature, or bridge interface if you use software switching), not gateway one.

I made a change and now I have bridge-local interface and I still do not see any blocked traffic by this reject rule and I still see ads.

/ip firewall filter add chain=forward action=reject reject-with=tcp-reset connection-state=new protocol=tcp 
dst-address=240.0.0.0/4 in-interface=bridge-local log=yes log-prefix="adblock.prime"

Please support me what may cause this problem and how to fix this ?

che · November 24, 2016, 7:02pm

Did you increase size of DNS cache? Default 2MB is nowhere near enough for what you want to achieve. If you did not do that, most probably you see no hits because your DNS cache is not working at all. If you did increase the cache size, another firewall rule is interfering with your rule - in this case export firewall rules and paste them here in

 tags.

MikroTikFan · November 26, 2016, 9:08am

che:

Did you increase size of DNS cache? Default 2MB is nowhere near enough for what you want to achieve. If you did not do that, most probably you see no hits because your DNS cache is not working at all. If you did increase the cache size, another firewall rule is interfering with your rule - in this case export firewall rules and paste them here in
 tags.[/quote]


Hob bit this should be ?

/ip dns print
                servers: 8.8.8.8
        dynamic-servers: 
  allow-remote-requests: yes
    max-udp-packet-size: 4096
   query-server-timeout: 2s
    query-total-timeout: 10s
             [b]cache-size: 2048KiB[/b]
          cache-max-ttl: 1w
             cache-used: 2048KiB
             
             
 [b]cache-size: ? [/b]

che · November 26, 2016, 9:41am

Yes, that is the value you need to alter.

The thing that indicates problem is this value: cache-used: 2048KiB - it means your cache is full and not working for additional queries. You can add two zeros and make this value something like this: cache-size: 204800KiB (making it ~200MiB). Monitor “cache-used” value after you alter the cache size, if it stays the same or increases just slightly you will most likely need to reboot the router.