New features in 378.53 :)
- Thread starter VANT
- Start date
"NEW: OpenVPN selective routing. You can now select which client IPs
you want to route through your OpenVPN client connection.
You can optionally block WAN access to these as well when the
tunnel goes down."
that one interests me the most, I wonder if its back portable to john's fork.
you want to route through your OpenVPN client connection.
You can optionally block WAN access to these as well when the
tunnel goes down."
that one interests me the most, I wonder if its back portable to john's fork.
jtp10181
Senior Member
I was just thinking about trying to setup an ad blocking script I found in some Tomato forums...
Will love to see how this one works.
I almost hate to do it as I know thats how a lot of sites stay running and pay for themselves. But on the other hand, the sites where the ads are so sneaky even I click the wrong button sometimes are very frustrating.
Will love to see how this one works.
I almost hate to do it as I know thats how a lot of sites stay running and pay for themselves. But on the other hand, the sites where the ads are so sneaky even I click the wrong button sometimes are very frustrating.
Wow ... this feature feature seems to be awesome!
"NEW: OpenVPN selective routing. You can now select which client IPs
you want to route through your OpenVPN client connection.
You can optionally block WAN access to these as well when the
tunnel goes down."
Let's wait the next version but the last versions from the DPI inclusion are quite fabulous for me.
"NEW: OpenVPN selective routing. You can now select which client IPs
you want to route through your OpenVPN client connection.
You can optionally block WAN access to these as well when the
tunnel goes down."
Let's wait the next version but the last versions from the DPI inclusion are quite fabulous for me.
In changelog we can see
For me the greatest is AdBlocking feature
For me too but do you have a link? Is this a Merlin build?
NightOwl326
Senior Member
Just the change log. No firmware yet
Thx! Where can we find this log please?
thelonelycoder
Part of the Furniture
Let us know when you do, this sounds interesting. Do you have a link to that tomato script?
RMerlin
Asuswrt-Merlin dev
Technically it should be fairly easy to port as most of the code resides inside a shell script (and in the webui), however keep in mind John's fork is even less about adding new features than with mine.
mstombs
Very Senior Member
Likely Script: Clean, Lean and Mean Adblocking which is no longer lean - now has a web gui, basically same principle as your dnsmasq hosts blocks, optionally diverts to a local pixelserv daemon running on router which does some stats collection (and due to closeness of asuswrt to tomato, for mips at least the tomato binaries seem to work fine in asuswrt-merlin).
I'm sure the Asus feature will be via dnsfilter, blocking the worst ad hosts suppliers.
VANT
Very Senior Member
thelonelycoder
Part of the Furniture
Yeah, I have no interest in having an external dns controlling what ads get blocked locally. I am going to look into the tomato script since my scripts and the pixelserv variation work well. But there is room to improve.
jtp10181
Senior Member
Yes thats the one I was looking at at. I had to make a few minor modifications but it works. The only thing I didn't get working was the pixelserv because of the whole port 80 issue.
@thelonelycoder thanks for the other links, I think I had seen one of those posts and forgotten about it.
I just looked at the pixelserv thread. I did not want to disable the port 80 HTTP interface (breaks some other things in the Asus firmware like redirects for errors, et..)
I did get it running on port 82, and I figured out how to specify the port in the dnsmasq file. Was just late last night and too much freaking code in that other script to go through it more. I kept getting some "Aretmetic syntax error" and I cant figure out its problem. I think once that is solved it will work.
mstombs
Very Senior Member
dnsmasq won't have any effect on port used, it converts a host name to an IP address, your browser chooses how and what port to connect to. Tomato httpd is patched to allow use of port 80 on a secondary IP address, alternative is to use a different port and an iptables divert for either the web gui or pixelserv (a dd-wrt script used to do this).
It will be interesting to see what the Asus Trend Micro system diverts to - because in the early days adverts were simple images, and a single pixel null gif would allow a web page to collapse the advert panel. Now most adverts are served by script and increasingly by secure https connections (for these pixelserv in c just tries to close the connection quickly) . Don't forget much of the internet, including this site will be part funded by presenting you with adverts! I assume Trend Micro will still allow non-intrusive adverts from signed up 'ethical ad suppliers' - a bit like adblockplus do by default. Asuswrt-merlin users already have an option to use a router based web proxy using adblockplus filters see https://github.com/RMerl/asuswrt-me...to-provide-advertisement-filtering-to-devices
It will be interesting to see what the Asus Trend Micro system diverts to - because in the early days adverts were simple images, and a single pixel null gif would allow a web page to collapse the advert panel. Now most adverts are served by script and increasingly by secure https connections (for these pixelserv in c just tries to close the connection quickly) . Don't forget much of the internet, including this site will be part funded by presenting you with adverts! I assume Trend Micro will still allow non-intrusive adverts from signed up 'ethical ad suppliers' - a bit like adblockplus do by default. Asuswrt-merlin users already have an option to use a router based web proxy using adblockplus filters see https://github.com/RMerl/asuswrt-me...to-provide-advertisement-filtering-to-devices
Last edited:
jtp10181
Senior Member
@mstombs I thought I read someplace that a format like this allowed the port to be set: address=/ads.avusa.co.za/192.168.1.254#82 but maybe I misinterpreted it.
I do realize that a lost of sites use ads for funding, and many of them I don't mind the ads. Some sites it is out of control though and you cant even find the content you wanted. The worst for me is sites that have a download, and there are multiple ads with a "Download" button. Sometimes it is tricky just to find the right one to click. For a novice user it is next to impossible.
Thanks for that link, I think I am going to check that out also.
Guess it was more of a fun project trying to get it working than anything. Blocking the ads to 0.0.0.0 which is all I can get working right now seems to make some iOS aps crash out when the ads they want to service cant load. Not sure if the pixelserv fixes that issue or not.
I do realize that a lost of sites use ads for funding, and many of them I don't mind the ads. Some sites it is out of control though and you cant even find the content you wanted. The worst for me is sites that have a download, and there are multiple ads with a "Download" button. Sometimes it is tricky just to find the right one to click. For a novice user it is next to impossible.
Thanks for that link, I think I am going to check that out also.
Guess it was more of a fun project trying to get it working than anything. Blocking the ads to 0.0.0.0 which is all I can get working right now seems to make some iOS aps crash out when the ads they want to service cant load. Not sure if the pixelserv fixes that issue or not.
mstombs
Very Senior Member
You can tell dnsmasq to use an upstream server with non-standard port, but I don't see a use for a name to ip lookup? You should check that dnsmasq is running after any change, it doesn't like missing or invalid conf files! A crashing dnsmasq is not a good thing for users (both for lan dhcp and dns) - or the sysadmin who supports the system - hence I am very wary of scripts that auto-update blocklists!
No guarantees about improvements pixelserv, not all systems like 0.0.0.0 even 127.0.0.1 is usual default for 'localhost', for some sites it would be better to 'tcp reject' connections, but redirecting to a black-hole not good as that leads to timeouts and slow page loads. More intelligent websites now have default messages to nag about adblocking and funding, free apps that rely on ads shouldn't crash, but let you know you need to whitelist them or not use. When pixelserv.c always served a null gif you would see script errors in Internet explorer - IE was trying to execute the contents of the gif as though it was script ignoring the mime image header, current default is null text unless it is clear an image file expected.
No guarantees about improvements pixelserv, not all systems like 0.0.0.0 even 127.0.0.1 is usual default for 'localhost', for some sites it would be better to 'tcp reject' connections, but redirecting to a black-hole not good as that leads to timeouts and slow page loads. More intelligent websites now have default messages to nag about adblocking and funding, free apps that rely on ads shouldn't crash, but let you know you need to whitelist them or not use. When pixelserv.c always served a null gif you would see script errors in Internet explorer - IE was trying to execute the contents of the gif as though it was script ignoring the mime image header, current default is null text unless it is clear an image file expected.
RMerlin
Asuswrt-Merlin dev
It's not (DNSFilter is a feature of my firmware, not Asus's for starter).
If you check the changelog snippet posted in this thread you'll see on what it's based.
mstombs
Very Senior Member
Sorry so long since I looked at original Asus firmware! Even using OpenDNS could be regarded as a form of ad blocking I guess?
Above changelog or git browse doesn't tell me how it works - the code snippets just seem to set variables for use by the DPI binary blob to block popups or streams? WRS seems to be all about url filtering, so will just block whole sites with unacceptable ads? How does it work with https - all it can do is block hosts, not what is being requested? Snake Oil?
Above changelog or git browse doesn't tell me how it works - the code snippets just seem to set variables for use by the DPI binary blob to block popups or streams? WRS seems to be all about url filtering, so will just block whole sites with unacceptable ads? How does it work with https - all it can do is block hosts, not what is being requested? Snake Oil?
NightOwl326
Senior Member
Have you tried / tested the ad block feature and if so what do you think?
RMerlin
Asuswrt-Merlin dev
WRS = Web Reputation System. Keep in mind that an ad on a website comes from an external website, with its own URL totally different from the website itself. So blocking just those specific URLs based on Trend Micro's database would block those specific iframes/images/etc... from loading.
Similar threads
- Locked
Similar threads
| Thread starter | Title | Forum | Replies | Date |
|---|---|---|---|---|
| T | Security Features Merlin VS Official | Asuswrt-Merlin | 7 | |
| B | Netduma r3 gaming features? | Asuswrt-Merlin | 0 | |
| I | Merlin Features on 88U / 88U Pro | Asuswrt-Merlin | 12 |
Similar threads
Latest threads
-
Accidentally flashed XT12 latest merlin on a ET12 Asus Zenwifi Pro. Can't flash back stock FW.
- Started by zapahacks
- Replies: 0
-
-
-
-
ASUSwrt DNSMASQ service can't be restarted
- Started by pseu_asus
- Replies: 1
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!