Community discussions

 
amt779
just joined
Topic Author
Posts: 3
Joined: Tue Feb 25, 2014 8:35 am

Mikrotik + AdBlock Plus

Tue Feb 25, 2014 9:18 pm

There's a fancy dream of all web users to make it safer and faster. One of a relly good tools for that is AdBlockPlus Service. This service supplys regex filter rules of a harmfull content, as such https://easylist-downloads.adblockplus. ... s_full.txt

Is it possible to apply AdBlockPlus regex filter rules as a basic traffic filter in RouterOS?

If such feature would get available it would make dream come true about routers of all home users ever. I'd even pay for it. I use at home MikroTik RB951G-2HnD with RouterOS 5.26
 
jandafields
Forum Guru
Forum Guru
Posts: 1514
Joined: Mon Sep 19, 2005 6:12 pm

Re: Mikrotik + AdBlock Plus

Wed Feb 26, 2014 6:59 pm

There's a fancy dream of all web users to make it safer and faster. One of a relly good tools for that is AdBlockPlus Service. This service supplys regex filter rules of a harmfull content, as such https://easylist-downloads.adblockplus. ... s_full.txt

Is it possible to apply AdBlockPlus regex filter rules as a basic traffic filter in RouterOS?

If such feature would get available it would make dream come true about routers of all home users ever. I'd even pay for it. I use at home MikroTik RB951G-2HnD with RouterOS 5.26
Look at L7 rules in Mikrotik.
 
TonyJr
Member Candidate
Member Candidate
Posts: 201
Joined: Sat Nov 12, 2011 1:30 am
Location: UK
Contact:

Re: Mikrotik + AdBlock Plus

Thu Feb 27, 2014 12:31 am

There's a fancy dream of all web users to make it safer and faster. One of a relly good tools for that is AdBlockPlus Service. This service supplys regex filter rules of a harmfull content, as such https://easylist-downloads.adblockplus. ... s_full.txt

Is it possible to apply AdBlockPlus regex filter rules as a basic traffic filter in RouterOS?

If such feature would get available it would make dream come true about routers of all home users ever. I'd even pay for it. I use at home MikroTik RB951G-2HnD with RouterOS 5.26

This looks good - I am going to import these into a metarouter and see how it runs as a web proxy, redirecting any of those matched l7 regex's to a simple 'possible malware' static html file. I am not good with scripting, but I am sure it would be quite easy to schedule downloading, parsing and updating the L7 protocol list. I will post back with results, when I have had time to try this.
 
dixieip
just joined
Posts: 1
Joined: Sun Mar 02, 2014 2:20 am

Re: Mikrotik + AdBlock Plus

Sun Mar 02, 2014 2:24 am

Did you ever get that entire list imported into the Mikrotik OS? If so can you send me the script?
 
Buzz
just joined
Posts: 13
Joined: Sat Aug 09, 2014 11:44 am

Re: Mikrotik + AdBlock Plus

Thu Jan 01, 2015 2:07 am

is there anyway to block adblock list from mikrotik using layer 7 or something else ???
 
jjoelc
just joined
Posts: 1
Joined: Mon Oct 05, 2015 9:14 pm

Re: Mikrotik + AdBlock Plus

Mon Oct 05, 2015 9:16 pm

https://github.com/aziraphale/routeros-dns-adblock

Just in case anyone else runs across this in a google search like I did. Be sure to read the "ReadMe" as always, but it works out great for me on my RB450G.
 
SyCo
just joined
Posts: 2
Joined: Mon Feb 10, 2014 8:41 pm

Re: Mikrotik + AdBlock Plus

Tue Oct 06, 2015 2:42 pm

https://github.com/aziraphale/routeros-dns-adblock

Just in case anyone else runs across this in a google search like I did. Be sure to read the "ReadMe" as always, but it works out great for me on my RB450G.
Thanks for the link and update ;-)
 
blackdiamond
just joined
Posts: 1
Joined: Tue Mar 29, 2016 2:10 pm

Re: Mikrotik + AdBlock Plus

Thu Mar 31, 2016 12:09 pm

Has anyone implemented this: https://github.com/aziraphale/routeros-dns-adblock

my skills are lacking in the php i am lost at step 5.
 
MikroDik69
just joined
Posts: 6
Joined: Tue Nov 19, 2013 5:49 am

Re: Mikrotik + AdBlock Plus

Thu Apr 21, 2016 9:49 am

Yeah,I can't figure out or understand the instructions for the routeros-dns-adblock.
 
kor3k
just joined
Posts: 9
Joined: Mon Dec 21, 2015 7:11 pm

Re: Mikrotik + AdBlock Plus

Wed Sep 28, 2016 6:43 pm

yes i have. i used this repo to create a list with almost 52k entries. it does it's job well.

but be aware, that the implementation as DNS static entries takes shitload of RAM (cca 200 MB), so it cannot be used on mtiks with low RAM amount. also, it takes about 10 minutes to load after reboot, and during that time, DNS service is not responding.

because of this, i also implemented it as a firewall address list. it uses much less memory (cca 50MB, works on 128MB RAM mtiks) and reboot loading is non-blocking.

adblock-dns.rsc
adblock-addrlist.rsc
 
kor3k
just joined
Posts: 9
Joined: Mon Dec 21, 2015 7:11 pm

Re: Mikrotik + AdBlock Plus

Fri Sep 30, 2016 5:02 pm

also created an updatable lightweight version of it (13.5k entries ATM). it uses the http://winhelp2002.mvps.org/hosts.txt file.
 
kivimart
newbie
Posts: 40
Joined: Thu Oct 10, 2013 3:06 pm

Re: RE: Re: Mikrotik + AdBlock Plus

Fri Sep 30, 2016 8:27 pm

adblock-dns.rsc
adblock-addrlist.rsc[/quote]

Is this lists updated Daily or how often.?

Skickat från min Nexus 6P via Tapatalk
 
kor3k
just joined
Posts: 9
Joined: Mon Dec 21, 2015 7:11 pm

Re: RE: Re: Mikrotik + AdBlock Plus

Mon Oct 03, 2016 5:58 pm

adblock-dns.rsc
adblock-addrlist.rsc

Is this lists updated Daily or how often.?
this list is not updated at all, the author refers to it as a "list of immortal malware/ad sites".

if you want updated list with currently active malwares/ads, use this:
also created an updatable lightweight version of it (13.5k entries ATM). it uses the http://winhelp2002.mvps.org/hosts.txt file.
 
MikroTikFan
Member Candidate
Member Candidate
Posts: 196
Joined: Sat Aug 02, 2014 1:13 am

Re: Mikrotik + AdBlock Plus

Wed Nov 23, 2016 11:35 pm

I have been implemented whole stuff like is described in GitHub https://github.com/aziraphale/routeros-dns-adblock
I'm using RB3011 and I have 140 k records of static DNS.
/ip dns print
                servers: 8.8.8.8
        dynamic-servers: 
  allow-remote-requests: yes
    max-udp-packet-size: 4096
   query-server-timeout: 2s
    query-total-timeout: 10s
             cache-size: 2048KiB
          cache-max-ttl: 1w
             cache-used: 2048KiB
Static records are like that one (just example).
Below also firewall rule.
add address=240.0.0.2 name=001soft.cn comment=adblock.prime
... (140k records)


/ip firewall filter add chain=forward action=reject reject-with=tcp-reset connection-state=new protocol=tcp 
dst-address=240.0.0.0/4 in-interface=ether1-gateway log=yes log-prefix="adblock.prime"/
Unfortunately this is not working ;-(

I'm trying to found out why I still have adds ?
I wondering why I don't see also any traffic on this firewall rule.

Please help me where I did it wrong?
Last edited by MikroTikFan on Thu Nov 24, 2016 12:41 pm, edited 1 time in total.
 
User avatar
che
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Fri Oct 07, 2005 1:04 pm

Re: Mikrotik + AdBlock Plus

Thu Nov 24, 2016 12:44 am

You might want to look at the size of your DNS cache. I have not done napkin math to tell you the exact cache size required for almost 150k entries, but I guess you could increase it to 200MB for starters, and if it's still full try increasing it even more. There is enough memory available on the board you are using. On a side note, I think loading MIkroTik's simple DNS service with hundreds of thousands of static entries is a horrible idea, but I support your experiment and would love to hear the results you get from this. People use dedicated appliances like PiHole for this purpose - which often proves to be unreliable solution.

Regarding firewall rule, your in-interface is wrong - it should be your local network interface (or master port if you use hardware switch feature, or bridge interface if you use software switching), not gateway one.
 
49er
Member
Member
Posts: 401
Joined: Tue Sep 27, 2011 7:55 am

Re: Mikrotik + AdBlock Plus

Thu Nov 24, 2016 10:24 am

Can anyone explain me how to use this?
I want to use the version that is auto updated.
I see a PHP file but howto implement this in mikrotik router?
 
MikroTikFan
Member Candidate
Member Candidate
Posts: 196
Joined: Sat Aug 02, 2014 1:13 am

Re: Mikrotik + AdBlock Plus

Thu Nov 24, 2016 1:40 pm

You might want to look at the size of your DNS cache. I have not done napkin math to tell you the exact cache size required for almost 150k entries, but I guess you could increase it to 200MB for starters, and if it's still full try increasing it even more. There is enough memory available on the board you are using. On a side note, I think loading MIkroTik's simple DNS service with hundreds of thousands of static entries is a horrible idea, but I support your experiment and would love to hear the results you get from this. People use dedicated appliances like PiHole for this purpose - which often proves to be unreliable solution.

Regarding firewall rule, your in-interface is wrong - it should be your local network interface (or master port if you use hardware switch feature, or bridge interface if you use software switching), not gateway one.
I made a change and now I have bridge-local interface and I still do not see any blocked traffic by this reject rule and I still see ads.
/ip firewall filter add chain=forward action=reject reject-with=tcp-reset connection-state=new protocol=tcp 
dst-address=240.0.0.0/4 in-interface=bridge-local log=yes log-prefix="adblock.prime"
Please support me what may cause this problem and how to fix this ?
 
User avatar
che
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Fri Oct 07, 2005 1:04 pm

Re: Mikrotik + AdBlock Plus

Thu Nov 24, 2016 9:02 pm

Did you increase size of DNS cache? Default 2MB is nowhere near enough for what you want to achieve. If you did not do that, most probably you see no hits because your DNS cache is not working at all. If you did increase the cache size, another firewall rule is interfering with your rule - in this case export firewall rules and paste them here in
 tags.
 
MikroTikFan
Member Candidate
Member Candidate
Posts: 196
Joined: Sat Aug 02, 2014 1:13 am

Re: Mikrotik + AdBlock Plus

Sat Nov 26, 2016 11:08 am

Did you increase size of DNS cache? Default 2MB is nowhere near enough for what you want to achieve. If you did not do that, most probably you see no hits because your DNS cache is not working at all. If you did increase the cache size, another firewall rule is interfering with your rule - in this case export firewall rules and paste them here in
 tags.[/quote]


Hob bit this should be ?

/ip dns print
                servers: 8.8.8.8
        dynamic-servers: 
  allow-remote-requests: yes
    max-udp-packet-size: 4096
   query-server-timeout: 2s
    query-total-timeout: 10s
             [b]cache-size: 2048KiB[/b]
          cache-max-ttl: 1w
             cache-used: 2048KiB
             
             
 [b]cache-size: ? [/b]
 
User avatar
che
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Fri Oct 07, 2005 1:04 pm

Re: Mikrotik + AdBlock Plus

Sat Nov 26, 2016 11:41 am

Yes, that is the value you need to alter.

The thing that indicates problem is this value: cache-used: 2048KiB - it means your cache is full and not working for additional queries. You can add two zeros and make this value something like this: cache-size: 204800KiB (making it ~200MiB). Monitor "cache-used" value after you alter the cache size, if it stays the same or increases just slightly you will most likely need to reboot the router.
 
ColonelSaleem
just joined
Posts: 1
Joined: Sun Aug 13, 2017 11:14 pm
Location: Pakistan

Re: Mikrotik + AdBlock Plus

Sun Aug 13, 2017 11:21 pm

You might want to look at the size of your DNS cache. I have not done napkin math to tell you the exact cache size required for almost 150k entries, but I guess you could increase it to 200MB for starters, and if it's still full try increasing it even more. There is enough memory available on the board you are using. On a side note, I think loading MIkroTik's simple DNS service with hundreds of thousands of static entries is a horrible idea, but I support your experiment and would love to hear the results you get from this. People use dedicated appliances like PiHole for this purpose - which often proves to be unreliable solution.

Regarding firewall rule, your in-interface is wrong - it should be your local network interface (or master port if you use hardware switch feature, or bridge interface if you use software switching), not gateway one.
I made a change and now I have bridge-local interface and I still do not see any blocked traffic by this reject rule and I still see ads.
/ip firewall filter add chain=forward action=reject reject-with=tcp-reset connection-state=new protocol=tcp 
dst-address=240.0.0.0/4 in-interface=bridge-local log=yes log-prefix="adblock.prime"
Please support me what may cause this problem and how to fix this ?
You should also have used src-address=240.0.0.0/4 instead of dst-address=240.0.0.0/4

Who is online

Users browsing this forum: No registered users and 29 guests