From 4f12007431f2bf8064282170e7e84a6d3397ef9b Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Wed, 22 Jan 2025 10:54:04 +0100 Subject: [PATCH] Services: Unbound DNS: Blocklist - cleanup available blocklists and add https://github.com/hagezi/dns-blocklists closes https://github.com/opnsense/core/issues/8224 Deprecated (but can still be downloaded for compatibility reasons): * NoCoin List * All Porn List * PornTop1M List * Simple Ad List * Simple Tracker List * WindowsSpyBlocker (*) --- .../app/models/OPNsense/Unbound/Unbound.xml | 35 +++++++++++++------ .../OPNsense/Unbound/core/blocklists.conf | 34 ++++++++++++++---- 2 files changed, 52 insertions(+), 17 deletions(-) diff --git a/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml b/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml index 9f15e2d1a..78172923e 100644 --- a/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml +++ b/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml @@ -182,9 +182,6 @@ Y Abuse.ch - ThreatFox IOC database - OISD - Domain Blocklist Ads - OISD - Domain Blocklist Big - OISD - Domain Blocklist NSFW AdAway List AdGuard List Blocklist.site Abuse @@ -207,15 +204,31 @@ Blocklist.site Youtube EasyList EasyPrivacy - NoCoin List - All Porn List - PornTop1M List - Simple Ad List - Simple Tracker List + [hagezi] Multi LIGHT - Basic protection + [hagezi] Multi NORMAL - All-round protection + [hagezi] Multi PRO - Extended protection + [hagezi] Multi PRO mini + [hagezi] Multi PRO++ - Maximum protection + [hagezi] Multi PRO++ mini + [hagezi] Multi ULTIMATE - Aggressive protection + [hagezi] Multi ULTIMATE mini + [hagezi] Fake - scams / fakes + [hagezi] Pop-Up Ads + [hagezi] Threat Intelligence Feeds + [hagezi] Threat Intelligence Feeds - Medium + [hagezi] Threat Intelligence Feeds - Mini + [hagezi] DoH/VPN/TOR/Proxy Bypass + [hagezi] Safesearch not supported + [hagezi] Dynamic DNS blocking + [hagezi] Badware Hoster blocking + [hagezi] Anti Piracy + [hagezi] Gambling + [hagezi] Gambling - Medium + [hagezi] Gambling - Mini + OISD - Domain Blocklist Ads + OISD - Domain Blocklist Big + OISD - Domain Blocklist NSFW Steven Black List - WindowsSpyBlocker (spy) - WindowsSpyBlocker (update) - WindowsSpyBlocker (extra) YoYo List diff --git a/src/opnsense/service/templates/OPNsense/Unbound/core/blocklists.conf b/src/opnsense/service/templates/OPNsense/Unbound/core/blocklists.conf index 0c1efe3ad..73167280a 100644 --- a/src/opnsense/service/templates/OPNsense/Unbound/core/blocklists.conf +++ b/src/opnsense/service/templates/OPNsense/Unbound/core/blocklists.conf @@ -25,17 +25,39 @@ "bly": "https://blocklistproject.github.io/Lists/alt-version/youtube-nl.txt", "el": "https://v.firebog.net/hosts/Easylist.txt", "ep": "https://v.firebog.net/hosts/Easyprivacy.txt", - "nc": "https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt", - "pa": "https://raw.githubusercontent.com/chadmayfield/my-pihole-blocklists/master/lists/pi_blocklist_porn_all.list", - "pt": "https://raw.githubusercontent.com/chadmayfield/pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list", - "sa": "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt", "sb": "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts", + "yy": "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&mimetype=plaintext", + "atf": "https://threatfox.abuse.ch/downloads/hostfile", + "hgz001": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/light.txt", + "hgz002": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/multi.txt", + "hgz003": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.txt", + "hgz004": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.mini.txt", + "hgz005": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.plus.txt", + "hgz006": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.plus.mini.txt", + "hgz007": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/ultimate.txt", + "hgz008": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/ultimate.mini.txt", + "hgz009": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/fake.txt", + "hgz010": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/popupads.txt", + "hgz011": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/tif.txt", + "hgz012": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/tif.medium.txt", + "hgz013": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/tif.mini.txt", + "hgz014": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/doh-vpn-proxy-bypass.txt", + "hgz015": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/nosafesearch.txt", + "hgz016": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/dyndns.txt", + "hgz017": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/hoster.txt", + "hgz018": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/anti.piracy.txt", + "hgz019": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/gambling.txt", + "hgz020": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/gambling.medium.txt", + "hgz021": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/gambling.mini.txt", + "*** below fields are deprecated, but still exist. Not selectable anymore ***":"", + "sa": "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt", "st": "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt", + "nc": "https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt", "ws": "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt", "wsu": "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/update.txt", "wse": "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/extra.txt", - "yy": "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&mimetype=plaintext", - "atf": "https://threatfox.abuse.ch/downloads/hostfile" + "pa": "https://raw.githubusercontent.com/chadmayfield/my-pihole-blocklists/master/lists/pi_blocklist_porn_all.list", + "pt": "https://raw.githubusercontent.com/chadmayfield/pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list" } %} {% if not helpers.empty('OPNsense.unboundplus.dnsbl.enabled') %}