MikroTik

Posted: **Tue Feb 25, 2014 9:18 pm**

There's a fancy dream of all web users to make it safer and faster. One of a relly good tools for that is AdBlockPlus Service. This service supplys regex filter rules of a harmfull content, as such https://easylist-downloads.adblockplus. ... s_full.txt

Is it possible to apply AdBlockPlus regex filter rules as a basic traffic filter in RouterOS?

If such feature would get available it would make dream come true about routers of all home users ever. I'd even pay for it. I use at home MikroTik RB951G-2HnD with RouterOS 5.26

Posted: **Wed Feb 26, 2014 6:59 pm**

There's a fancy dream of all web users to make it safer and faster. One of a relly good tools for that is AdBlockPlus Service. This service supplys regex filter rules of a harmfull content, as such https://easylist-downloads.adblockplus. ... s_full.txt

Is it possible to apply AdBlockPlus regex filter rules as a basic traffic filter in RouterOS?

If such feature would get available it would make dream come true about routers of all home users ever. I'd even pay for it. I use at home MikroTik RB951G-2HnD with RouterOS 5.26

Look at L7 rules in Mikrotik.

Posted: **Thu Feb 27, 2014 12:31 am**

There's a fancy dream of all web users to make it safer and faster. One of a relly good tools for that is AdBlockPlus Service. This service supplys regex filter rules of a harmfull content, as such https://easylist-downloads.adblockplus. ... s_full.txt

Is it possible to apply AdBlockPlus regex filter rules as a basic traffic filter in RouterOS?

If such feature would get available it would make dream come true about routers of all home users ever. I'd even pay for it. I use at home MikroTik RB951G-2HnD with RouterOS 5.26

This looks good - I am going to import these into a metarouter and see how it runs as a web proxy, redirecting any of those matched l7 regex's to a simple 'possible malware' static html file. I am not good with scripting, but I am sure it would be quite easy to schedule downloading, parsing and updating the L7 protocol list. I will post back with results, when I have had time to try this.

Posted: **Sun Mar 02, 2014 2:24 am**

Did you ever get that entire list imported into the Mikrotik OS? If so can you send me the script?

Posted: **Thu Jan 01, 2015 2:07 am**

is there anyway to block adblock list from mikrotik using layer 7 or something else ???

Posted: **Mon Oct 05, 2015 9:16 pm**

https://github.com/aziraphale/routeros-dns-adblock

Just in case anyone else runs across this in a google search like I did. Be sure to read the "ReadMe" as always, but it works out great for me on my RB450G.

Posted: **Tue Oct 06, 2015 2:42 pm**

https://github.com/aziraphale/routeros-dns-adblock

Just in case anyone else runs across this in a google search like I did. Be sure to read the "ReadMe" as always, but it works out great for me on my RB450G.

Thanks for the link and update

Posted: **Thu Mar 31, 2016 12:09 pm**

Has anyone implemented this: https://github.com/aziraphale/routeros-dns-adblock

my skills are lacking in the php i am lost at step 5.

Posted: **Thu Apr 21, 2016 9:49 am**

Yeah,I can't figure out or understand the instructions for the routeros-dns-adblock.

Posted: **Wed Sep 28, 2016 6:43 pm**

Has anyone implemented this: https://github.com/aziraphale/routeros-dns-adblock

yes i have. i used this repo to create a list with almost 52k entries. it does it's job well.

but be aware, that the implementation as DNS static entries takes shitload of RAM (cca 200 MB), so it cannot be used on mtiks with low RAM amount. also, it takes about 10 minutes to load after reboot, and during that time, DNS service is not responding.

because of this, i also implemented it as a firewall address list. it uses much less memory (cca 50MB, works on 128MB RAM mtiks) and reboot loading is non-blocking.

adblock-dns.rsc
adblock-addrlist.rsc

Posted: **Fri Sep 30, 2016 5:02 pm**

also created an updatable lightweight version of it (13.5k entries ATM). it uses the http://winhelp2002.mvps.org/hosts.txt file.

Posted: **Fri Sep 30, 2016 8:27 pm**

adblock-dns.rsc
adblock-addrlist.rsc[/quote]

Is this lists updated Daily or how often.?

Skickat från min Nexus 6P via Tapatalk

Posted: **Mon Oct 03, 2016 5:58 pm**

adblock-dns.rsc
adblock-addrlist.rsc

Is this lists updated Daily or how often.?

this list is not updated at all, the author refers to it as a "list of immortal malware/ad sites".

if you want updated list with currently active malwares/ads, use this:

also created an updatable lightweight version of it (13.5k entries ATM). it uses the http://winhelp2002.mvps.org/hosts.txt file.

Posted: **Wed Nov 23, 2016 11:35 pm**

I have been implemented whole stuff like is described in GitHub https://github.com/aziraphale/routeros-dns-adblock
I'm using RB3011 and I have 140 k records of static DNS.

/ip dns print
                servers: 8.8.8.8
        dynamic-servers: 
  allow-remote-requests: yes
    max-udp-packet-size: 4096
   query-server-timeout: 2s
    query-total-timeout: 10s
             cache-size: 2048KiB
          cache-max-ttl: 1w
             cache-used: 2048KiB

Static records are like that one (just example).
Below also firewall rule.

add address=240.0.0.2 name=001soft.cn comment=adblock.prime
... (140k records)


/ip firewall filter add chain=forward action=reject reject-with=tcp-reset connection-state=new protocol=tcp 
dst-address=240.0.0.0/4 in-interface=ether1-gateway log=yes log-prefix="adblock.prime"/

Unfortunately this is not working ;-(

I'm trying to found out why I still have adds ?
I wondering why I don't see also any traffic on this firewall rule.

Please help me where I did it wrong?

Posted: **Thu Nov 24, 2016 12:44 am**

You might want to look at the size of your DNS cache. I have not done napkin math to tell you the exact cache size required for almost 150k entries, but I guess you could increase it to 200MB for starters, and if it's still full try increasing it even more. There is enough memory available on the board you are using. On a side note, I think loading MIkroTik's simple DNS service with hundreds of thousands of static entries is a horrible idea, but I support your experiment and would love to hear the results you get from this. People use dedicated appliances like PiHole for this purpose - which often proves to be unreliable solution.

Regarding firewall rule, your in-interface is wrong - it should be your local network interface (or master port if you use hardware switch feature, or bridge interface if you use software switching), not gateway one.

Posted: **Thu Nov 24, 2016 10:24 am**

Can anyone explain me how to use this?
I want to use the version that is auto updated.
I see a PHP file but howto implement this in mikrotik router?

Posted: **Thu Nov 24, 2016 1:40 pm**

You might want to look at the size of your DNS cache. I have not done napkin math to tell you the exact cache size required for almost 150k entries, but I guess you could increase it to 200MB for starters, and if it's still full try increasing it even more. There is enough memory available on the board you are using. On a side note, I think loading MIkroTik's simple DNS service with hundreds of thousands of static entries is a horrible idea, but I support your experiment and would love to hear the results you get from this. People use dedicated appliances like PiHole for this purpose - which often proves to be unreliable solution.

Regarding firewall rule, your in-interface is wrong - it should be your local network interface (or master port if you use hardware switch feature, or bridge interface if you use software switching), not gateway one.

I made a change and now I have bridge-local interface and I still do not see any blocked traffic by this reject rule and I still see ads.

/ip firewall filter add chain=forward action=reject reject-with=tcp-reset connection-state=new protocol=tcp 
dst-address=240.0.0.0/4 in-interface=bridge-local log=yes log-prefix="adblock.prime"

Please support me what may cause this problem and how to fix this ?

Posted: **Thu Nov 24, 2016 9:02 pm**

Did you increase size of DNS cache? Default 2MB is nowhere near enough for what you want to achieve. If you did not do that, most probably you see no hits because your DNS cache is not working at all. If you did increase the cache size, another firewall rule is interfering with your rule - in this case export firewall rules and paste them here in

 tags.

Posted: **Sat Nov 26, 2016 11:08 am**

Did you increase size of DNS cache? Default 2MB is nowhere near enough for what you want to achieve. If you did not do that, most probably you see no hits because your DNS cache is not working at all. If you did increase the cache size, another firewall rule is interfering with your rule - in this case export firewall rules and paste them here in
Code: Select all
 tags.[/quote]


Hob bit this should be ?

/ip dns print
                servers: 8.8.8.8
        dynamic-servers: 
  allow-remote-requests: yes
    max-udp-packet-size: 4096
   query-server-timeout: 2s
    query-total-timeout: 10s
             [b]cache-size: 2048KiB[/b]
          cache-max-ttl: 1w
             cache-used: 2048KiB
             
             
 [b]cache-size: ? [/b]

Posted: **Sat Nov 26, 2016 11:41 am**

Yes, that is the value you need to alter.

The thing that indicates problem is this value: cache-used: 2048KiB - it means your cache is full and not working for additional queries. You can add two zeros and make this value something like this: cache-size: 204800KiB (making it ~200MiB). Monitor "cache-used" value after you alter the cache size, if it stays the same or increases just slightly you will most likely need to reboot the router.

Posted: **Sun Aug 13, 2017 11:21 pm**

You might want to look at the size of your DNS cache. I have not done napkin math to tell you the exact cache size required for almost 150k entries, but I guess you could increase it to 200MB for starters, and if it's still full try increasing it even more. There is enough memory available on the board you are using. On a side note, I think loading MIkroTik's simple DNS service with hundreds of thousands of static entries is a horrible idea, but I support your experiment and would love to hear the results you get from this. People use dedicated appliances like PiHole for this purpose - which often proves to be unreliable solution.

Regarding firewall rule, your in-interface is wrong - it should be your local network interface (or master port if you use hardware switch feature, or bridge interface if you use software switching), not gateway one.
I made a change and now I have bridge-local interface and I still do not see any blocked traffic by this reject rule and I still see ads.
Code: Select all
/ip firewall filter add chain=forward action=reject reject-with=tcp-reset connection-state=new protocol=tcp 
dst-address=240.0.0.0/4 in-interface=bridge-local log=yes log-prefix="adblock.prime"
Please support me what may cause this problem and how to fix this ?

You should also have used src-address=240.0.0.0/4 instead of dst-address=240.0.0.0/4

MikroTik

Mikrotik + AdBlock Plus

Mikrotik + AdBlock Plus

Re: Mikrotik + AdBlock Plus

Re: Mikrotik + AdBlock Plus

Re: Mikrotik + AdBlock Plus

Re: Mikrotik + AdBlock Plus

Re: Mikrotik + AdBlock Plus

Re: Mikrotik + AdBlock Plus

Re: Mikrotik + AdBlock Plus

Re: Mikrotik + AdBlock Plus

Re: Mikrotik + AdBlock Plus

Re: Mikrotik + AdBlock Plus

Re: RE: Re: Mikrotik + AdBlock Plus

Re: RE: Re: Mikrotik + AdBlock Plus

Re: Mikrotik + AdBlock Plus

Re: Mikrotik + AdBlock Plus

Re: Mikrotik + AdBlock Plus

Re: Mikrotik + AdBlock Plus

Re: Mikrotik + AdBlock Plus

Re: Mikrotik + AdBlock Plus

Re: Mikrotik + AdBlock Plus

Re: Mikrotik + AdBlock Plus