Community discussions

MikroTik App
 
Term
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 88
Joined: Thu Jan 11, 2018 11:42 pm

Recommend way to block Ads with Mikrotik

Sun Mar 17, 2019 1:42 pm

Hello,
are you using Mikrotik to block ads? I know there is i.e. Pi-hole but I'm afraid pages loading will work slower if there will be requests to raspberry.

Found https://stopad.hook.sh

Tried it but it seems to not work for me, maybe I skipped something.
IP - DHCP - Networks - added IP of my mikrotik to DNS

/ip firewall nat
 add action=redirect chain=dstnat dst-port=53 in-interface=bridge protocol=udp

checked all sites in stopad.hook.sh, wrote 127.0.0.1, added script to my mikrotik


## StopAD - Script for blocking advertisements, based on your defined hosts files
## For changing any parameters, please, use this link: https://stopad.hook.sh/
##
## @github    <https://github.com/tarampampam/mikrotik-hosts-parser>
## @version   2.3.0
##
## Setup this Policy for script: [X] Read [X] Write [X] Policy [X] Test

:local hostScriptUrl "https://stopad.hook.sh/script/source?format=routeros&version=2.3.0&redirect_to=127.0.0.1&sources_urls=https%3A%2F%2Fraw.githubusercontent.com%2Ftarampampam%2Fstatic%2Fmaster%2Fhosts%2Fblock_shit.txt,https%3A%2F%2Fraw.githubusercontent.com%2Fcrazy-max%2FWindowsSpyBlocker%2Fmaster%2Fdata%2Fhosts%2Fspy.txt,https%3A%2F%2Fadaway.org%2Fhosts.txt,https%3A%2F%2Fwww.malwaredomainlist.com%2Fhostslist%2Fhosts.txt,https%3A%2F%2Fpgl.yoyo.org%2Fadservers%2Fserverlist.php%3Fhostformat%3Dhosts%26showintro%3D0%26mimetype%3Dplaintext,https%3A%2F%2Fsomeonewhocares.org%2Fhosts%2Fhosts,http%3A%2F%2Fwinhelp2002.mvps.org%2Fhosts.txt,https%3A%2F%2Fhosts-file.net%2Fad_servers.txt&excluded_hosts=localhost";
:local scriptName "stop_ad.script";
:local backupFileName "before_stopad";
:local logPrefix "[StopAD]";

do {
  /tool fetch check-certificate=no mode=https url=$hostScriptUrl dst-path=("./".$scriptName);
  :delay 3s;
  :if ([:len [/file find name=$scriptName]] > 0) do={
    /system backup save name=$backupFileName;
    :delay 1s;
    :if ([:len [/file find name=($backupFileName.".backup")]] > 0) do={
      /ip dns static remove [/ip dns static find comment=ADBlock];
      /import file-name=$scriptName;
      /file remove $scriptName;
      :log info "$logPrefix AD block script imported, backup file (\"$backupFileName.backup\") created";
    } else={
      :log warning "$logPrefix Backup file not created, importing AD block script stopped";
    }
  } else={
    :log warning "$logPrefix AD block script not downloaded, script stopped";
  }
} on-error={
  :log warning "$logPrefix AD block script download FAILED";
};

I started script manually but I still see ads in websites.
Any idea?
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Recommend way to block Ads with Mikrotik

Sun Mar 17, 2019 1:47 pm

No, I am using Pi-hole.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Recommend way to block Ads with Mikrotik

Sun Mar 17, 2019 3:11 pm

Where are you seeing ads??
 
Term
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 88
Joined: Thu Jan 11, 2018 11:42 pm

Re: Recommend way to block Ads with Mikrotik

Sun Mar 17, 2019 4:25 pm

ie letemsvetemapplem.cz, idnes.cz etc.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Recommend way to block Ads with Mikrotik

Sun Mar 17, 2019 4:35 pm

I never see ads on my MT router.
Do they popup in your Winbox??
 
Term
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 88
Joined: Thu Jan 11, 2018 11:42 pm

Re: Recommend way to block Ads with Mikrotik

Sun Mar 17, 2019 4:49 pm

I'm talking about pc browser, not mikrotik. Want to block ads in browsers via mikrotik
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Recommend way to block Ads with Mikrotik

Sun Mar 17, 2019 4:56 pm

I'm talking about pc browser, not mikrotik. Want to block ads in browsers via mikrotik
That is a browser problem. Fix it in your browser and also is a user problem, thus educate your users.
What next, automatically provide tissue paper when a PC user is going to sneeze??
I know, while we are at...... howbout ask MT to cure cancer.................

By the way, Type 2 Diabetes is DIY disease!!! Chew on that for a while!!!
 
Term
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 88
Joined: Thu Jan 11, 2018 11:42 pm

Re: Recommend way to block Ads with Mikrotik

Sun Mar 17, 2019 5:30 pm

You don't understand me. I'm looking for similar solution like Pi-hole but for mikrotik. Some script.

Don' want use adblock, ublock etc in my computers and mobile devices.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Recommend way to block Ads with Mikrotik

Sun Mar 17, 2019 5:49 pm

You don't understand me. I'm looking for similar solution like Pi-hole but for mikrotik. Some script.

Don' want use adblock, ublock etc in my computers and mobile devices.
But that would put pi-hole out of business, a very ruthless move on the part of MT.
What is it exactly that pi-hole does then? If its not CPU intensive it sounds like something that should be coded in to the MT functionality??
Perhaps a feature request??

Quick research, is that they use a BASH list............anyway a pointer to a DB to check against adds.
Dont see why the MT couldnt check the same DB (ie not loaded onto the device) for DNS activies??????????????
 
nostromog
Member Candidate
Member Candidate
Posts: 226
Joined: Wed Jul 18, 2018 3:39 pm

Re: Recommend way to block Ads with Mikrotik

Sun Mar 17, 2019 7:21 pm

Hello,
are you using Mikrotik to block ads? I know there is i.e. Pi-hole but I'm afraid pages loading will work slower if there will be requests to raspberry.
I made some tests with a pi-hole running with docker in my laptop and I don't think any slowing will be significant. But I don't have a place
right now where I can run a docker container reliably, and also I have a travel router where I like the scripted idea...

So thank you for:
Found https://stopad.hook.sh

(...)

I started script manually but I still see ads in websites.
Any idea?
You can see ads in websites for several reasons:
  • Your dhcp-server network in the router is giving them a DNS different from your router. You can check and solve this one in your router.
  • Your PCs are ignoring the DNS settings that the DHCP server provides. You can force them by firewalling / redirecting DNS request to the router
  • Some program/apps use their own web services to resolve or fetch apps using addresses
  • Not everything is covered by those scripts/dns entries
You need to check which one applies and solve it.
 
Casa
just joined
Posts: 1
Joined: Sat Oct 12, 2019 3:47 pm

Re: Recommend way to block Ads with Mikrotik

Sat Oct 12, 2019 3:51 pm

Hey, Term, have you been able to make any progress on solving this issue?
I've used the same script and added ~15,000 hosts to dns static settings to no noticeable effect.
I'll try to check why it doesn't work (it does resolve added dns to the ip adress I specified), but if you've had any insights since your last post - please share it.
 
zibadun
just joined
Posts: 5
Joined: Fri Dec 27, 2019 12:10 am

Re: Recommend way to block Ads with Mikrotik

Fri Dec 27, 2019 12:13 am

I think pi hole is the best way to block ads. best $10 i ever spent. Check out this thread on reddit:
https://www.reddit.com/r/pihole/comment ... d_via_usb/
 
complex1
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Wed Jan 04, 2017 9:55 pm
Location: NL-NH

Re: Recommend way to block Ads with Mikrotik

Fri Dec 27, 2019 6:48 pm

@Term,

I use the IP-addresses provided by https://public-pihole.com/ and this work well (for me).
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1345
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Recommend way to block Ads with Mikrotik

Fri Dec 27, 2019 8:34 pm

I think pi hole is the best way to block ads. The best $10 i ever spent. Check out this thread on reddit:

Update:
I understand now. A Pi Zero W is plugged into a MikroTik's USB port to get power and also act like an ethernet card. The MikroTik is this person's router, and they send DNS queries to this USB-to-Ethernet port. Very clever. I think I'll just build or buy a small server. Would be cool if MikroTik had a package for this.

Can you expand on this more? I'm researching implementing Pi-hole and thought I would use a Raspberry Pi 4 Model B or something. The reddit link makes it seem like the hAP AC could be used? I want to use, I guess, a Pi-hole server and hand out its IP address to all my clients.
 
User avatar
floaty
Member
Member
Posts: 314
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: Recommend way to block Ads with Mikrotik

Sat Dec 28, 2019 2:50 am

... every filter (dns, av, antispam ... whatsoever) will slow down your secured application ... EVERY !
... because you delegated sagacity to an entity with more discipline than you own by yourself ... and thats a good thing ... when it comes to computed routines 8)
... but it adds cpu-, asic-, whatsoever-related-time to decide...
.
suggestion:
change /etc/cron.d/pihole
from
.
#          standard crontab job error handling.
11 4   * * 7   root    PATH="$PATH:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log >/dev/null 2>&1
.
to
.
#          standard crontab job error handling.
11 4   * * *   root    PATH="$PATH:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log >/dev/null 2>&1
.
... for a more day-by-day-discipline ... this is not (only) a joke
 
User avatar
floaty
Member
Member
Posts: 314
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: Recommend way to block Ads with Mikrotik

Sat Dec 28, 2019 3:03 am

btw.
there tons of articles in this forum how to make use of anti-spam-, anti-phishing, - or country-code related community-lists with a MTik-board.
.
add a local anti-virus-proxy ... and your'e good to go
 
jimbobst
just joined
Posts: 19
Joined: Tue Dec 24, 2019 4:56 am

Re: Recommend way to block Ads with Mikrotik

Sat Dec 28, 2019 3:35 am

@Term,

I use the IP-addresses provided by https://public-pihole.com/ and this work well (for me).
Out of interest, how many hops and what roundtrip times are you seeing to the pihole servers you are using?

I initially used the public servers but found them very slow for my location - a traceroute would show many hops and 300ms+ roundtrip times from here in NZ. Also it was blacklisting some dropbox A records which caused me issues.

I found the free DNS servers at adguard to be very good
https://adguard.com/en/adguard-dns/overview.html. They seem to have more locations and the roundtrip is only 50ms. They also have some "family friendly" DNS servers which may interest some households.

While I have ordered a raspberry pi zero to use as a pi-hole/unbound, unless you are a techy that wants to have more control over blocklists, caching, privacy etc, simply using free public DNS servers would likely suffice for most home use internet setups.
 
User avatar
floaty
Member
Member
Posts: 314
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: Recommend way to block Ads with Mikrotik

Sat Dec 28, 2019 4:07 am

just had an over-christmas-discussion with my colleagues over the topic ...
.
just check !!
... even dns-filtering is a walrus-nipples-thing :
.
... ad-content is filtered ... the loaded site(s) seems to be slow ... because the content of interest is placed last ... no effin pictures of socks inbetween :!:
.
so everyone who's lookin on it's (screen) browser says: lame web-performance !
.
this a case for pestalozzi .. not for tesla ( while claude e. shannon is taking notes )
 
noythetop
just joined
Posts: 2
Joined: Sat Dec 28, 2019 12:50 pm

Re: Recommend way to block Ads with Mikrotik

Sat Dec 28, 2019 3:47 pm

I think pi hole is the best way to block ads. best $10 i ever spent. Check out this thread on reddit:
https://www.reddit.com/r/pihole/comment ... d_via_usb/
+1 for pi hole. Does the job perfectly.
 
stuartkoh
newbie
Posts: 30
Joined: Tue Apr 09, 2019 2:16 pm
Location: USA

Re: Recommend way to block Ads with Mikrotik

Sat Dec 28, 2019 5:14 pm

I use Pi-hole and find that it works quite well. It doesn't slow anything down. In fact, it speeds up browsing because I'm not pulling in as many ads.

I had it running on a Raspberry Pi Zero W and the performance was excellent. I saw far fewer ads on all of my devices, and not just via web browser. You can also block sites that host malware or are fraudulent if you want. Blocking things that track you is another possibility.

You can point your Pi-hole at whatever upstream DNS providers you like. It can also work with DNS over TLS or DNS over HTTPS if you want to do that. It can do DNSSEC too. It does some caching, so repeat queries may return faster for you, depending upon what other query caching you're doing, etc. It doesn't, by default, use a very large cache, so I wouldn't say that caching is its best feature. Any queries for records pointing to ad servers are returned very quickly, and that will help things load more rapidly too.

I have actually switched to using a Raspberry Pi 3 b+ for Pi-hole. I wanted to do DNS over HTTPS, and I used the cloudflare proxy for this. Cloudflare has dropped support for old Raspberry Pis, so the Zero W was only able to run an older version of cloudflared. I ran into some problems with that older version, and I had a 3 b+ sitting around, so I just switched to that and am now using the current version of cloudflared.

My Mikrotik router is set to use my Pi-hole system for its DNS, and I also have it set to pass that out to client devices via DHCP. That gives me ad-blocking for things like smartphones.

There are a few things to be aware of. The blocklists are maintained on the Pi-hole server and will apply to any device using it for DNS. Users will therefore be unable to directly disable ad-blocking for a particular site; that would have to be done in Pi-hole. That hasn't been a problem for me, but it could be depending on your users and how many of them there are.

Pi-hole also doesn't currently do a great job of blocking youtube ads. Google does their own ad-serving and they've integrated it tightly enough with youtube that it's very difficult to use DNS to block those ads. You would therefore still need an ad-blocking browser extension if you want to block all youtube ads.

You have to give some thought to your choice of which blocklists to use (just as you do with an ad-blocking extension in your browser). You can add a lot of lists and be very restrictive, but then you also stand more of a chance of breaking some sites. Or you can add few lists and it may not block all ads. I've taken a compromise approach and I use a fair number of blocklists, but only ones that shouldn't require me to do a lot of adjustment (make exceptions so sites can work, etc.).

I still see some ads with Pi-hole. It's not perfect. However, it blocks ads in more than just browsers, and it blocks does noticeably improve the experience of using a smartphone IMO. Blocking tracking and other data collection for my entire LAN is also very valuable to me.

As I mentioned, I'm doing DoH (DNS over HTTPS). This keeps my ISP from seeing my DNS queries. (They can still see your traffic if you're not using a VPN, but they can't harvest quite as much info as if you don't encrypt your DNS queries.) Yes, this does shift your trust from your ISP to your DNS provider. In my case, I trust my DNS provider more than I trust my ISP. (I'm stuck with my ISP until maybe the new satellite systems give me an alternative.)

I found that setting up Pi-hole and getting everything the way I want it was fun. I already had the hardware, so I didn't have to buy anything new to set it up. It was a nice little project and I feel it's been quite useful.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10186
Joined: Mon Jun 08, 2015 12:09 pm

Re: Recommend way to block Ads with Mikrotik

Sat Dec 28, 2019 6:40 pm

As you already wrote, ad-blocking using DNS is limited and will not always work.
The best ad-blocking is still in the browser, as it can operate on full URL instead of only hostname.
Also it can in theory (unfortunately ABP cannot do that) load some ad data and not display it, e.g. in cases where a website will not work when you do not load the ads.
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1345
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Recommend way to block Ads with Mikrotik

Sat Dec 28, 2019 7:00 pm

@stuartkoh

Thanks for the write-up.
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1345
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Recommend way to block Ads with Mikrotik

Sun Dec 29, 2019 11:25 pm

I found the free DNS servers at AdGuard to be very good. They seem to have more locations and the roundtrip is only 50ms. They also have some "family friendly" DNS servers which may interest some households.

Nice find. Will give them a try.
 
jimbobst
just joined
Posts: 19
Joined: Tue Dec 24, 2019 4:56 am

Re: Recommend way to block Ads with Mikrotik

Sun Dec 29, 2019 11:51 pm


Yeah I've been using them for several days now, with no obvious issues.

Will probably use them as secure upstream dns servers from a pihole too, seeing as they reckon they don't log queries...

"AdGuard DNS takes several measures to ensure your privacy safety. We support DNSCrypt, DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) protocols."

Sent from my Mi 9T using Tapatalk



 
zibadun
just joined
Posts: 5
Joined: Fri Dec 27, 2019 12:10 am

Re: Recommend way to block Ads with Mikrotik

Mon Dec 30, 2019 7:03 pm


I have actually switched to using a Raspberry Pi 3 b+ for Pi-hole. I wanted to do DNS over HTTPS, and I used the cloudflare proxy for this. Cloudflare has dropped support for old Raspberry Pis, so the Zero W was only able to run an older version of cloudflared. I ran into some problems with that older version, and I had a 3 b+ sitting around, so I just switched to that and am now using the current version of cloudflared.
there are still some unofficial cloudflared builds for pi. But I've configured 'unbound' DNS resolver on pi zero w with forwarders to cloudflare and quad9 over DoT (dns over TLS). Config posted in the same reddit thread. this works better than cloudflared daemon. My new lookups are 0.2 seconds , which is a bit slow imo, but not too bad. also Unbound refreshes cache on its own for the repeating queries to reduce the lookup time (ie the longer it runs the more it "learns" how to pre-populate the cache).
 
zibadun
just joined
Posts: 5
Joined: Fri Dec 27, 2019 12:10 am

Re: Recommend way to block Ads with Mikrotik

Tue Dec 31, 2019 5:12 pm

there seems to be an initiative by chrome and Firefox to enable a DoH resolver built in to the browsers. this would bypass pihole. I would stay away from this setting if you are using dns based ad blocking. sorry if this is obvious but wanted to mention anyway..:)
 
i4jordan
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Mon Sep 02, 2013 1:42 am

Re: Recommend way to block Ads with Mikrotik

Tue Dec 31, 2019 5:34 pm

I am using 3 ways to block unwanted content (ads are a part of the unwanted content)

1) uBlock on any browser on our computers I use Vivaldi (Chromium based) and push uBlock with an GPO on Windows
2) Pi-Hole running on a virtual linux computer
3) IP blocking in Mikrotik
With uBlock you are also blocking unwanted scripts in the pages.

For the IP's to block I'd like to refer to:
1) http://www.squidblacklist.org/downloads.html which serves various IP list you can autmaticaly import with a script into your MKT device.
2) https://mikrotikconfig.com/firewall/, with this site you can create a IP block list for a lot of countries
 
scob
just joined
Posts: 5
Joined: Thu Oct 26, 2017 6:48 pm

Re: Recommend way to block Ads with Mikrotik

Mon Mar 09, 2020 1:44 am

Hey.
Squidblacklist.org is dead (as it's owner), sorry.
Some time ago i was showing ads-blocker made on squidblacklist blacklists... (https://www.youtube.com/watch?v=DhheFeUPo2g)

However squidblacklist is dead, the pi-hole project is so vital now...
Now presenting: the pi-hole to mikrotik converter.
Check it out:
The converter: https://pastebin.com/rQVYcdi3
##############
#/bin/sh
mtuser=admin
sshpass="$(cat mtpass)"
mtip=192.168.2.1
# echo $sshpass
#expand aliases
shopt -s expand_aliases
source ~/.bashrc
listy=("https://raw.githubusercontent.com/Majki ... stfile.txt")
listy+=("https://raw.githubusercontent.com/Majki ... d_host.txt")
listy+=("https://raw.githubusercontent.com/Majki ... onnect.txt")
listy+=("https://raw.githubusercontent.com/Majki ... e_host.txt")
listy+=("https://raw.githubusercontent.com/Majki ... tended.txt")
listy+=("https://raw.githubusercontent.com/Majki ... ervers.txt")
listy+=("https://raw.githubusercontent.com/Majki ... pihole.txt")

# echo ${listy[@]}

#nazwa pliku wynikowego
_script_file=blacklista.rsc
rm -f $_script_file 2>/dev/null 1>/dev/null
rm -f "${_script_file}.tmp" 2>/dev/null 1>/dev/null
rm -f "${_script_file}.tmp.tmp" 2>/dev/null 1>/dev/null


for i in "${listy[*]}"
do
curl -sL $i >> ${_script_file}.tmp
done;

# Convert to unix format - wymaga doinstalowania
dos2unix ${_script_file}.tmp 2>/dev/null 1>/dev/null

LC_ALL=C


######################
# Help aliases

alias incl_ipaddr="egrep -e '([0-9]|[0-9][0-9]|[0-9][0-9][0-9])\.([0-9]|[0-9][0-9]|[0-9][0-9][0-9])\.([0-9]|[0-9][0-9]|[0-9][0-9][0-9])\.([0-9]|[0-9][0-9]|[0-9][0-9][0-9]).*'"

alias strip_comment="sed 's/#.*//'"
alias remove_empty_lines="sed -r '/^\s*$/d'"

alias excl_regex_rules="grep -v '\\$'"
alias incl_regex_rules="grep '\\$'"

# real cmd rule: sed -e 's/\\/\\\\/g' -e 's/\$//g'
alias conv_expr_2_rsc_fmt="sed -e 's/\\\/\\\\\\\/g' -e 's/\\$//g'"

alias conv_2_alphanumeric="tr -cd '[:alnum:]._\-\n-'"
alias conv_2_alphanumexpr="tr -cd '[:alnum:].+*[]_\-\\\(|^$)\n-'"


# Help func
prnt_col_2()
{
awk '{print $2}'
}

# Convert plain name rules
cat ${_script_file}.tmp | remove_empty_lines | incl_ipaddr | prnt_col_2 | strip_comment | excl_regex_rules | conv_2_alphanumeric | sed -e 's/^/\/ip dns static add address=127.0.0.1 name=/i' | sed -e 's/$/ ttl=600w/i' >> "${_script_file}.tmp.tmp"

# Convert regexp name rules
cat ${_script_file}.tmp | remove_empty_lines | incl_ipaddr | prnt_col_2 | strip_comment | incl_regex_rules | conv_2_alphanumexpr | conv_expr_2_rsc_fmt | sed -e 's/^/\/ip dns static add address=127.0.0.1 regexp="/i' | sed -e 's/$/" ttl=600w/i' >> "${_script_file}.tmp.tmp"

#####################

sync

# Sort and remove doubles - keep unique lines
sort -u "${_script_file}.tmp.tmp" > "${_script_file}"

rm -f ${_script_file}.tmp.tmp 2>/dev/null 1>/dev/null
rm -f ${_script_file}.tmp 2>/dev/null 1>/dev/null

#wymaga doinstalowania sshpass
sshpass -p $sshpass scp "${_script_file}" $mtuser@$mtip:/
##############
It's mostly based on someone else's idea; (https://forum.qnap.net.pl/threads/pi-ho ... iku.27017/)

Now - just put the converter to cron (on pc or eg. home NAS) and add simple script oo mikrotik to refresh dns blacklist list
/ip dns static remove [find where ttl=600w]
:delay 50
/import file-name=blacklista.rsc;:log warning "import regulek PiHole";
:delay 5
:log warning "Removed old AdsBlockList records and imported new list";
May it serve you well!
 
User avatar
floaty
Member
Member
Posts: 314
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: Recommend way to block Ads with Mikrotik

Fri Mar 13, 2020 3:25 am

.
If the Force might be with us :shock:
.
 
User avatar
rooted
Member Candidate
Member Candidate
Posts: 129
Joined: Tue Feb 04, 2020 5:58 pm

Re: Recommend way to block Ads with Mikrotik

Fri Mar 13, 2020 7:11 am

@scob What device are you running this on? I get several errors running it from a couple of Debian based devices. Maybe it's due to them being ARM based?
 
stuartkoh
newbie
Posts: 30
Joined: Tue Apr 09, 2019 2:16 pm
Location: USA

Re: Recommend way to block Ads with Mikrotik

Fri Mar 13, 2020 1:04 pm


I have actually switched to using a Raspberry Pi 3 b+ for Pi-hole. I wanted to do DNS over HTTPS, and I used the cloudflare proxy for this. Cloudflare has dropped support for old Raspberry Pis, so the Zero W was only able to run an older version of cloudflared. I ran into some problems with that older version, and I had a 3 b+ sitting around, so I just switched to that and am now using the current version of cloudflared.
there are still some unofficial cloudflared builds for pi. But I've configured 'unbound' DNS resolver on pi zero w with forwarders to cloudflare and quad9 over DoT (dns over TLS). Config posted in the same reddit thread. this works better than cloudflared daemon. My new lookups are 0.2 seconds , which is a bit slow imo, but not too bad. also Unbound refreshes cache on its own for the repeating queries to reduce the lookup time (ie the longer it runs the more it "learns" how to pre-populate the cache).

I wanted to add an update to my original post about exactly this.

I found that the cloudflared daemon just wasn't very reliable, no matter what version I used. I had used unbound in the past at various workplaces, so I installed it and set it up to do DoT and removed cloudflared. I'm happy with the results. Like you I do see some initial queries are a bit slow, but not bad. A lot of queries are then answered out of cache, so overall there's no performance problem.

A friend of mine uses Plume devices for his home network (he said that their Superpod uses the same IPQ-4019 and QCA9984 that the Mikrotik Audience uses, but the Wave2 features work) and he's not happy with their ad-blocking functionality. He's planning to add a Pi Hole device too. He isn't concerned about DoH or DoT, so I told him a Raspberry Pi Zero W should be fine.

(I've been wondering whether it's really worth doing DoH or DoT myself. I might be better off just having unbound do queries to the authoritative nameservers rather than forwarding to another, outside server like Quad9 or Cloudflare.)
 
kxrist
just joined
Posts: 6
Joined: Thu May 03, 2018 12:40 pm

Re: Recommend way to block Ads with Mikrotik

Fri Oct 02, 2020 11:45 am

it works. Excellent !@#$%
 
purplecloud
just joined
Posts: 9
Joined: Tue Jan 30, 2018 3:29 pm

Re: Recommend way to block Ads with Mikrotik

Sun Oct 04, 2020 6:35 pm

I think pi hole is the best way to block ads. best $10 i ever spent. Check out this thread on reddit:
https://www.reddit.com/r/pihole/comment ... d_via_usb/
Thanks for linking to this. I'm trying to find the ideal pi-hole setup and this post & subreddit will definitely be helpful!
 
User avatar
saaremaa
Member Candidate
Member Candidate
Posts: 162
Joined: Tue Feb 02, 2010 7:48 pm
Location: Baltijos šalių miestas

Re: Recommend way to block Ads with Mikrotik

Sun Oct 04, 2020 7:01 pm

Convert Pihole address lists to static Mikrotik DNS records and enjoy. Manual update.
 
stuartkoh
newbie
Posts: 30
Joined: Tue Apr 09, 2019 2:16 pm
Location: USA

Re: Recommend way to block Ads with Mikrotik

Thu Jun 10, 2021 3:19 pm

You can block ads by mikrotik in several way. You can be use static dns, create firewall rules or ad block dns doh.
In this link you can find some appropriate methods

https://karimzi.blogspot.com/search/label/mikrotik?m=1

Follow this blog for advanced level of mikrotik security.

I'm currently using NextDNS via DoH from my Mikrotik router. It's working really well and I'm pleased with the results. I was never completely happy with pihole and had periodic issues with it, plus it was another thing and another system that I had to maintain. NextDNS is as easy to use as Quad9 was (which is what I was using with pihole). Performance is really good too.
 
volkirik
Member Candidate
Member Candidate
Posts: 208
Joined: Sat Jul 23, 2016 2:03 pm

Re: Recommend way to block Ads with Mikrotik

Sun Aug 08, 2021 12:47 pm

download the file to desktop;
https://raw.githubusercontent.com/Steve ... ster/hosts

open notepad++ replace with regex;

find: ^#[^\n]*
replace: "" (empty)

find: ^![^\n]*
replace: "" (empty)

find: ^[^0]
replace: "" (empty)

find: #[^\n]*
replace: "" (empty)

find: ^(0\.[^ ]*) ([^\n]*)
replace: add address=$1 name=$2

set mode to normal (not regex)
find: "=0.0.0.0 "
replace: "=127.0.0.1 "

upload the file to routerOS;

/ip dns
/import StevenBlack_hosts_20210808.rsc

##### TURKISH #####

download the file to desktop;
https://raw.githubusercontent.com/Steve ... ster/hosts

open notepad++ replace with regex;

find: ^(127\.0\.0\.1) ([^\n]*)
replace: add address=$1 name=$2

remove res.cloudinary.com entry as it breaks www.dev.to

paste on terminal. because many lines conflict with generic list.

note: uses lots of memory and takes about 10 minutes on RB4011.

note: static entries are always in the cache. so I needed to set cache size to 307200 (300 mb)

note: I update static list monthly and when I receive complaint.
Last edited by volkirik on Sun Aug 08, 2021 2:02 pm, edited 1 time in total.
 
volkirik
Member Candidate
Member Candidate
Posts: 208
Joined: Sat Jul 23, 2016 2:03 pm

Re: Recommend way to block Ads with Mikrotik

Sun Aug 08, 2021 1:04 pm

It would be easier if MikroTik officially supported importing hosts file.

for example: IP->DNS->Filter Subscriptions

you enter URL(s] to download hosts files... and interval (for example: daily, weekly, monthly)

after that, they could add whitelisting feature.

but whatever. it is just a dream unless they want to gain market-share from Pi-Hole ;)

I temporarily use it on mikrotik. Because I plan to buy a Raspberry Pi 400.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Recommend way to block Ads with Mikrotik

Sun Aug 08, 2021 5:14 pm

This script adds a big list of IP to block ads in a MikroTik router:
viewtopic.php?t=172942
 
volkirik
Member Candidate
Member Candidate
Posts: 208
Joined: Sat Jul 23, 2016 2:03 pm

Re: Recommend way to block Ads with Mikrotik

Sun Aug 08, 2021 6:14 pm

Works OK but resource intensive.
Last edited by volkirik on Sun Aug 08, 2021 6:51 pm, edited 3 times in total.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Recommend way to block Ads with Mikrotik

Sun Aug 08, 2021 6:32 pm

You are wrong at some points.

Memory used 25% to 48% used, still have lots of memory free.
CPU does not see any difference. Lookup a name on an internal tabell may be faster and use less CPU compare to lookup at external DNS server.
Disk use: if you have space, it does not mater if its 80% or 90% full. OK at my RB750G r3

You should use a tool to monitor your ruter to see if anything run full.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Recommend way to block Ads with Mikrotik

Mon Aug 09, 2021 3:21 am

This script adds a big list of IP to block ads in a MikroTik router:
viewtopic.php?t=172942
I consider a true security breach import any file downloaded from 3rd party site with /import file-name=$scriptName command.

If some hacker or the author itself put some commands inside the downloaded file, can do anything he want with the RouterBOARD...
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Recommend way to block Ads with Mikrotik

Mon Aug 09, 2021 8:24 am

You are 100% correct. So I do not schedule the script.
I do open the link in a web browser:
https://www.micu.eu/adblock/adblock.php
Have a look at it, and if there is only one command /ip dns static, then I do run the script.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Recommend way to block Ads with Mikrotik

Mon Aug 09, 2021 10:42 am

@Jotne, your is correct way to do that,

but for be little paranoid... or considering the real possibility,

the webserver can check user agent,
if it is "Mikrotik/6.x&Fetch" can provide different contents than
if it is, for example, "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0"...

Catch the point?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Recommend way to block Ads with Mikrotik

Mon Aug 09, 2021 11:00 am

Noting wrong with being paranoid.
Get your points :)

Maybe the script one can change the script to search for commands and stop/delete it if there are more than one command ...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Recommend way to block Ads with Mikrotik

Mon Aug 09, 2021 11:16 am

Maybe the script one can change the script to search for commands and stop/delete it if there are more than one command ...

Or search on import script on each line the DNS,
this permit also to set a comment="from the x list", instead of generic add...

:)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Recommend way to block Ads with Mikrotik

Mon Aug 09, 2021 2:15 pm

Cant wait for the improved script Jotne!!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Recommend way to block Ads with Mikrotik

Mon Aug 09, 2021 7:56 pm

Cant wait for the improved script Jotne!!
Probably someother finish the script, i do not know if Jotne is rewriting the script...:

viewtopic.php?f=9&t=166293&p=871962#p871962
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Recommend way to block Ads with Mikrotik

Mon Aug 09, 2021 7:58 pm

Cant wait for the improved script Jotne!!
Probably someother finish first the script (jvanhambelgium) , i do not know if Jotne is rewriting the script...:
viewtopic.php?f=9&t=166293&p=871962#p871962
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Recommend way to block Ads with Mikrotik

Mon Aug 09, 2021 9:18 pm

I dont think the world is ready for two rextendeds ;-) (duplicate post)
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Recommend way to block Ads with Mikrotik

Tue Aug 10, 2021 1:38 am

 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Recommend way to block Ads with Mikrotik

Tue Aug 10, 2021 1:40 am

Fetch bank account from browser cache, send all money to rextended ?? :-)
When I get time I will ask you about it, but busy building an enclosure.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Recommend way to block Ads with Mikrotik

Tue Aug 10, 2021 1:56 am

:-P
 
volkirik
Member Candidate
Member Candidate
Posts: 208
Joined: Sat Jul 23, 2016 2:03 pm

Re: Recommend way to block Ads with Mikrotik

Tue Aug 17, 2021 10:09 pm

You are wrong at some points.
oh yes? what about boot time?

10 minutes without firewall rules on RB4011 and CPU spike.
Last edited by volkirik on Tue Aug 17, 2021 10:32 pm, edited 2 times in total.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Recommend way to block Ads with Mikrotik

Tue Aug 17, 2021 10:12 pm

I do not reboot, so have not seen any of this. It also may be different from router to router.
 
volkirik
Member Candidate
Member Candidate
Posts: 208
Joined: Sat Jul 23, 2016 2:03 pm

Re: Recommend way to block Ads with Mikrotik

Tue Aug 17, 2021 10:32 pm

I do not reboot, so have not seen any of this. It also may be different from router to router.
LOL. ok. ;P
 
jult
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Sat Dec 26, 2020 1:16 am

Re: Recommend way to block Ads with Mikrotik

Mon Oct 18, 2021 12:58 pm

You don't understand me. I'm looking for similar solution like Pi-hole but for mikrotik. Some script.

Don' want use adblock, ublock etc in my computers and mobile devices.
But that would put pi-hole out of business, a very ruthless move on the part of MT.
PiHole is not a business, it is an open source free project. There are already many variants, most of them use dnsmasq in one way or the other, like diversion.ch and adguard.
PiHole community could not care less if mikrotik would have its own similar system.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Recommend way to block Ads with Mikrotik

Mon Mar 28, 2022 3:02 pm

It will not. This is the point of Pi-hole.

Where you get DNS to your hosted webserver (on your lan), does not mater. If its DNS or DoH as long as its the public name for your server.
DoH in your browser will however bypass both your local DNS or local DoH server settings.
 
kevinds
Long time Member
Long time Member
Posts: 575
Joined: Wed Jan 14, 2015 8:41 am

Re: Recommend way to block Ads with Mikrotik

Fri Apr 15, 2022 1:39 am

I know there is i.e. Pi-hole but I'm afraid pages loading will work slower if there will be requests to raspberry.
Your fears are unfounded.. Pi-Hole only answers the DNS queries (they are tiny chunks of data), all your internet traffic doesn't go through the Pi board when using Pi-Hole.. You can also install Pi-Hole on a normal VM/PC/server.
 
reinerotto
Long time Member
Long time Member
Posts: 519
Joined: Thu Dec 04, 2008 2:35 am

Re: Recommend way to block Ads with Mikrotik

Fri Apr 22, 2022 12:57 pm

DoH in your browser will however bypass both your local DNS or local DoH server settings.
Not necessarily.
Because DoH server can be blocked, and then fallback to standard DNS.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10186
Joined: Mon Jun 08, 2015 12:09 pm

Re: Recommend way to block Ads with Mikrotik

Fri Apr 22, 2022 3:42 pm

DoH in your browser will however bypass both your local DNS or local DoH server settings.
Not necessarily.
Because DoH server can be blocked, and then fallback to standard DNS.
How can you ever block all DoH servers? You would at least have to know which DoH server(s) your browser uses...
DoT is of course easier to block.
 
reinerotto
Long time Member
Long time Member
Posts: 519
Joined: Thu Dec 04, 2008 2:35 am

Re: Recommend way to block Ads with Mikrotik

Fri Apr 22, 2022 4:51 pm

How can you ever block all DoH servers?
Not possible, of course. But possible to block the "well known" DoH servers.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Recommend way to block Ads with Mikrotik

Sat Apr 23, 2022 12:38 pm

Not necessarily.
Because DoH server can be blocked, and then fallback to standard DNS.
Since you can not see what's inside HTTPS packages, you can not know if its a web site or DoH traffic. And since any can setup a DoH or DoT server, there are no way you can block this.
 
reinerotto
Long time Member
Long time Member
Posts: 519
Joined: Thu Dec 04, 2008 2:35 am

Re: Recommend way to block Ads with Mikrotik

Sat Apr 23, 2022 1:13 pm

1) Since you can not see what's inside HTTPS packages, you can not know if its a web site or DoH traffic.
2) And since any can setup a DoH or DoT server, there are no way you can block this.
1) Since every "well-known DoH-server" has an IP, its possible to block. Or after interception of SNI.
Besides, assuming installation of special cert on clients (possible on corp devices, for example), your statement is wrong, too, because of transparent interception of https.
Although I doubt, it would be possible using RoS.
2) Corret. However, "... block this" does not belong to the group of "well-known DoH-servers".
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Recommend way to block Ads with Mikrotik

Sat Apr 23, 2022 1:30 pm

DoT uses a default port so for admin easier to control. DoT uses default a port that is encrypted.
However the domain used still can be extracted and this will be impossible with latest version in which also the domain will encrypted.

DoH is difficult to block when the IP address is not on your block-list. DoT can be be evasive as DoH but lacks encrypting of the domain.

Some reading about this: viewtopic.php?p=925442&hilit=doh#p925442 (PDF file)
 
reinerotto
Long time Member
Long time Member
Posts: 519
Joined: Thu Dec 04, 2008 2:35 am

Re: Recommend way to block Ads with Mikrotik

Sat Apr 23, 2022 10:28 pm

"Some reading ..." confirms my statement from above. Thank you.

Who is online

Users browsing this forum: Ahrefs [Bot], Ellaham and 50 guests