Networkwide Adblocking - possible package?

josh4trunks

Here's what I'm doing for adblocking

*Changed pfsense to https only (freeing up port 80 on 192.168.1.1)

*made a startup script

touch /usr/local/bin/hosts.sh
chmod +x /usr/local/bin/hosts.sh

*Pasted in the the below

#!/bin/sh
fetch -o /usr/local/etc/hosts1 http://www.mvps.org/winhelp2002/hosts.txt;
fetch -o /usr/local/etc/hosts2 'http://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext';
cat /usr/local/etc/hosts1 /usr/local/etc/hosts2 > /usr/local/etc/hosts3;
awk '{gsub(/127.0.0.1/,"192.168.1.1");print}' /usr/local/etc/hosts3 > /usr/local/etc/dlhosts;

*Grab pixelserv binary I compiled for freebsd 8.2 (Source below)

fetch -o /usr/local/bin/pixelserv http://eto.homeip.net/pixelserv
chmod +x /usr/local/bin/pixelserv

*Install Shellcmd package

*Add commands to shellcmd

/usr/local/bin/dns.sh

and..

/usr/local/bin/pixelserv

*Add below to 'DNS Forwarder' > 'Advanced'

addn-hosts=/usr/local/etc/dlhosts

This method works perfectly for me and I get network wide adblocking including youtube adds. To make this into a package we'd need to..

*freeup port 80 (or somehow run pixelserv on different ip, I tested this on a ddwrt router and it didn't work but never tried it on freebsd)
*periodically update the host file (I do it on startup, but some people may have very long periods without rebooting)
*add the hosts file to dnsmasq

eto.homeip.net/pixserve22dd.zip - source for pixelserv written for ddwrt routers
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=71036 - Thanks goes to mstombs from ddwrt forums
To compile I just commented out the 3 lines that caused compilation errors on freebsd 8.2 and it worked perfectly, someone may want to look at it make sure I didn't comment out something important.

marcelloc

Did you tried to use pfBlocker and ipblocklist ads blacklist?

josh4trunks

haven't tried them, I like my method alot because it is a very light binary being executed that creates a transparent pixel. I wasn't looking for other methods, but thank you for the suggestion and maybe i'll look into it and compare the two.

mdima

@josh4trunks:

haven't tried them, I like my method alot because it is a very light binary being executed that creates a transparent pixel. I wasn't looking for other methods, but thank you for the suggestion and maybe i'll look into it and compare the two.

Hi,
  if I understand well, this method looks to work only if your dns is the pfSense box, if you use a different dns in your network it doesn't work, isn't it?

Michele

taryezveb

@josh4trunks:

*Add below to 'DNS Forwarder' > 'Advanced'

addn-hosts=/usr/local/etc/dlhosts

@mdima:

Hi,
   if I understand well, this method looks to work only if your dns is the pfSense box, if you use a different dns in your network it doesn't work, isn't it?

Michele

From what josh4trunks posted it would seem that you would need to be using the built DNS. I used to do a similar thing, but now I prefer pfBlocker.

eri--

What is proposed here can be done by putting the transparent pixel in the root webServer of pfSense and using an alias with all those dns names by redirecting to pfsense webgui and serving that by default.

josh4trunks

dns can be anywhere but you want that dns server to use the host file downloaded and to redirect ads to pfsense ip. basically i didn't do anything special but decide to compile the pixelserv program for freebsd