Diversion Diversion 5.1.2 - the Router Ad-Blocker, April 21, 2024

[^Tripper^]

Nice update!

@thelonelycoder Probably a dumb question but I seem to remember you once advised to update entware only from diversion and that’s how I’ve always been doing it. Now that you’ve dropped support for pxlserv, I suppose we update entware from amtm? Apologies if I’m remembering this incorrectly.

 

[thelonelycoder]

Nice update!

@thelonelycoder Probably a dumb question but I seem to remember you once advised to update entware only from diversion and that’s how I’ve always been doing it. Now that you’ve dropped support for pxlserv, I suppose we update entware from amtm? Apologies if I’m remembering this incorrectly.

I moved all non-ad-blocking features over to amtm where they make more sense.
Since pixelserv-tls (RIP you brilliant piece of software) is no longer part of Diversion my then plea to use the Diversion Entware updater is obsolete.
Diversion checked that necessary files are restored after a pixelserv-tls update.

I still recommend to use amtm instead of the manual command to update Entware as amtm stops the services while updating packages.

 

[thelonelycoder]

I just didn't want you feeling too lonely while you're coding!

Still keeping me busy. Got other pressing work to do

 

[thelonelycoder]

It would be great if similar logic can be applied to stats.div to detect if a blocked subdomain is from the blockinglist.conf. (I like the use of recursion in find_listadd_loop()!)

Sure, this could be part of the overhaul for an improved stats function. But first more pressing matters.
And I kind of sat back and liked what I saw with the finished find_listadd_loop() too!
Some things only coders will understand.

 

[^Tripper^]

I moved all non-ad-blocking features over to amtm where they make more sense.
Since pixelserv-tls (RIP you brilliant piece of software) is no longer part of Diversion my then plea to use the Diversion Entware updater is obsolete.
Diversion checked that necessary files are restored after a pixelserv-tls update.

I still recommend to use amtm instead of the manual command to update Entware as amtm stops the services while updating packages.

noted and thank you for clarifying.

May you always be blessed with northern lights and food delivery reindeer!

 

[langesgnu]

Now with the new update (and a new router) I wanted to give Diversion another try, but somehow the blocking of Diversion seems limited for my setup. On most of my computers I use Firefox with uBlock Origin installed and I noticed, that Diversion only blocks in case uBlock is switched off, otherwise it seems that uBlock intercepts the adds prior to Diversion. If I use other browsers without uBlock Origin or other devices, then Diversion is doing it's job.

Shouldn't Diversion intercept adds prior to my browser seeing them?

 

[thelonelycoder]

noted and thank you for clarifying.

May you always be blessed with northern lights and food delivery reindeer!

Also noted. But I live and - most of the time - work in the heart of Switzerland of which I’m a citizen of. While I did work in Sweden for about half a year and like their language and other things, I’m more the reserved and quietly proud inhabitant of my country.
Both the Swedes and the Swiss are used to the confusion of our similar sounding names.

 

[zer0bitz]

Updated and everything working as expected.

 

[dave14305]

Shouldn't Diversion intercept adds prior to my browser seeing them?

With browser extensions, the ad URL is blocked by the extension before any connection attempt is made.

 

[Mutzli]

The change of detecting the format of block lists (formerly known as hosts lists in Diversion) may have caused that. Care to post the lists you use?
Oh, I believe that often mentioned @dave14305 has something to do with all that as well

https://big.oisd.nl/dnsmasq2
https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists/CountryCodesLists/Switzerland.txt
https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://raw.githubusercontent.com/austinheap/sophos-xg-block-lists/master/easylist.txt
https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists/CountryCodesLists/Germany.txt
https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists/CountryCodesLists/UnitedStatesofAmerica.txt

 

[thelonelycoder]

https://big.oisd.nl/dnsmasq2
https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists/CountryCodesLists/Switzerland.txt
https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://raw.githubusercontent.com/austinheap/sophos-xg-block-lists/master/easylist.txt
https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists/CountryCodesLists/Germany.txt
https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists/CountryCodesLists/UnitedStatesofAmerica.txt

Thanks for the list, I can confirm the blocked domain number is now as accurate as it can get.
The reason it took so long to release this 5.1 update is that I was aware of a few more bugs that needed addressing. Sorting them out took some time and careful testing. It was worth the time I should think.

 

[Zakalwe]

I installed freshtomato on my now old AC68U and i'm back on Merlin on my RT-AX86U, on FT it had an adblocker and you could also add a list of your own hostnames to block, is there an easy way to do this? On FT you can just paste the list into a text box on the web-ui.

 

[HorseCalledHorse]

I installed freshtomato on my now old AC68U and i'm back on Merlin on my RT-AX86U, on FT it had an adblocker and you could also add a list of your own hostnames to block, is there an easy way to do this? On FT you can just paste the list into a text box on the web-ui.

If you have Diversion installed, go to the router's web UI and look at the LAN/Diversion tab.

 

[archiel]

I am having difficulty setting up and using an alternative blocking list. Ideally I would like a single blocking list and device specific whitelists, but that's a different question.

I (think I) have followed the instructions on https://diversion.ch/diversion/manual/alternate-blocking-list.html

Spoiler: Diversion main page

Diversion 5.1                    by thelonelycoder

 RT-AX88U (aarch64) FW-3004.388.6_1-g7c.. @ 10.50.60.1

 Primary ad-blocking
 64,230  blocked domains by  1  file
 15.339M t  433,545 w  36,687 n ads since Feb 18 17:20
 Alternate ad-blocking
 10,298  blocked domains by  3  files
 0 t  0 w  0 n
 Combined ad-blocking totals
 15.339M t  433,545 w  36,687 n

 Diversion - the Router Ad-Blocker

 d   Diversion            enabled
 c   communication        stats backup BL

 a   ad-blocking          Dnsmasq NXDOMAIN
 l   logging              dnsmasq.log 10.1M
     alternate logfile    dnsmasq.log3

 b   blocking list  fs    Medium Thu @ 2:00
     alternate BL         Minimal Thu @ 2:00
 el  edit lists            4 allowed  0 denied

 f   follow Dnsmasq log

 e   exit  u  update  t  theme       o  more options

and under b

 1. Change composition Medium / Minimal  fs
 2. Change update day(s) and time, drop caches
 3. Update both blocking lists now  bu
 4. Find domain in file(s)
 5. Alternate blocking list, enabled on 10.50.60.2
 6. Exclude devices from ad-blocking
 7. Restricted access for devices (Kids mode)

and 5

1. Disable alternate blocking list
 2. Remove alternate blocking list feature
 3. Change alternate Dnsmasq IP 10.50.60.2
 4. Use alternate upstream name server(s) off
 5. Include dnsmasq.conf.add off

- I have tried using the cloudflare IPv4 and IPV6 DNS servers in 4 - it made no difference.

In DNS Director I set

User defined DNS 2    IPv4: 10.50.60.2  IPv6:

and then added 10.50.60.118 to User Defined DNS 2

The result is that I have no working DNS on 10.50.60.118 and if I try to follow

  i  This follows the Dnsmasq log file (tail -F)

 1. Unfiltered log
 2. Unfiltered log extra highlighted
 3. Blocked domains only
 4. Blocked domains, by device IP
 5. Term or IP

 Enter selection [1-5 e=Exit] 5
____________________________________________________

  i  To invert the filter, precede term by a dash (-)
     e.g. -domain.com

 Enter term to filter by  [q=Quit] 10.50.60.118

  !  Alternate blocking list is active.

 1. Follow standard blocking list
 2. Follow alternate blocking list

 Enter your selection [1-2 e=Exit] 2

 Following /opt/var/log/dnsmasq.log3

  i  Press Ctrl+C to exit

tail: can't open '/opt/var/log/dnsmasq.log3': No such file or directory

A quick check of '/opt/var/log/' in WinSCP shows dnsmasq.log, dnsmasq.log1, dnsmasq.log2, dnsmasq.log4, dnsmasq.log5 (the last two are empty). but no .log3.

I am sure I am missing something obvious, but have no idea what it is. In case they are relevant, my other scripts are in signature.

 

[thelonelycoder]

I am sure I am missing something obvious, but have no idea what it is. In case they are relevant, my other scripts are in signature.

1. In DNS Director, set "User defined DNS 2" back to the reserved IP of 10.50.60.2.
2. In Diversion use b, 5, 4. Use alternate upstream name server(s) and set it to the cloudfare DNS IPv4, you'll have set up an account with them first.
If it still does not work, test with googles 8.8.8.8, this works all the time.

If you still cannot follow the Dnsmasq log file for the alternate blocking list, disable and re-enable logging with l.

Edit: For point 1: Set it back to what my website tells you and add the device *.118 to use the reserved IP.

 

[johndoe85]

@thelonelycoder are you thinking about adding service block to division as adguard has?

 

[thelonelycoder]

@thelonelycoder are you thinking about adding service block to division as adguard has?

What is it and what does it do?

 

[johndoe85]

What is it and what does it do?

It blocks services such as reddit, YouTube, Netflix and what not. In adguard you can choose to toggle all and then unblock the services you actually want access to.

EDIT:

 

[thelonelycoder]

It blocks services such as reddit, YouTube, Netflix and what not. In adguard you can choose to toggle all and then unblock the services you actually want access to.

I wonder how they do it. Just block reddit.com and that's it? That would be simple, just add it to the denylist.
My guess is they also block the respective IP which I do not do in Diversion.

 

[johndoe85]

I wonder how they do it. Just block reddit.com and that's it? That would be simple, just add it to the denylist.
My guess is they also block the respective IP which I do not do in Diversion.

I don't know how they do it, i tried to upload a picture of all the services, but the print screen gets downscaled too much for some odd reason