blocky
Siehe auch
AdGuard
Pi-hole
- Ansible-Rolle blocky:
blocky ist ein einzelnes, minimalistisches, in Go geschriebenes Binary ohne Abhängigkeiten, welches ohne Web-GUI daherkommt, und rein auf der Kommandozeile bedient wird. Es eignet sich daher hervorragend für die Automatisierung. Die Konfiguration erfolgt über eine YAML-Datei, in der unter anderem Upstream-DNS-Server angegeben und Deny-Listen definiert werden, die es beziehen soll. Es hat den gleichen Funktionsumfang wie Pi-hole, und bietet unter anderem die modernen verschlüsselnden DNS-Protokolle (DoH und DoT), eine REST-Schnittstelle oder Metriken für Prometheus.
- Links:
Source Code: https://github.com/0xERR0R/blocky
Konfiguration
Eine umfangreichere Konfigurationsdatei:
# See https://0xerr0r.github.io/blocky/latest/configuration for details
# basic configuration
minTlsServeVersion: '1.2'
connectIPVersion: 'dual'
# ports configuration
ports:
dns: 53
http: 4000
# logging configuration
log:
level: 'info'
format: 'text'
timestamp: false
privacy: true
# upstreams configuration
upstreams:
# init strategy
init:
strategy: 'fast'
# upstream groups
groups:
default:
- 'tcp+udp:1.0.0.1' # cloudflare
- 'tcp+udp:1.1.1.1' # cloudflare
- 'tcp+udp:8.8.4.4' # google
- 'tcp+udp:8.8.8.8' # google
- 'tcp-tls:fdns1.dismail.de:853' # DNS-over-TLS server (DoT)
- 'https://dns.digitale-gesellschaft.ch/dns-query' # DNS-over-HTTPS (DoH)
# upstream connection timeout
timeout: '5s'
# upstream strategy
strategy: 'parallel_best'
# custom dns
customDNS:
customTTL: '8h'
filterUnmappedTypes: true
mapping:
# server network
host01.example.com: '192.0.2.22'
host02.example.com: '192.0.2.15'
host03.example.com: '192.0.2.13'
host04.example.com: '192.0.2.23'
host05.example.com: '192.0.2.24'
# blocking and allowlisting - also see https://firebog.net/
blocking:
# allowlists take precedence
allowlists:
allow_urls:
- |
*.bit.ly # Link Shortener
*.digitec.ch
*.galaxus.ch
*.google.ch
*.nzz.ch
analytics.google.com
www.google.com
denylists:
deny_ads:
- 'https://adaway.org/hosts.txt'
- 'https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext'
- 'https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt'
- 'https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts'
- 'https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts'
- 'https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts'
- 'https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt'
- 'https://v.firebog.net/hosts/AdguardDNS.txt'
- 'https://v.firebog.net/hosts/Admiral.txt'
- 'https://v.firebog.net/hosts/Easylist.txt'
deny_malicious:
- 'https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt'
- 'https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt'
- 'https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt'
- 'https://phishing.army/download/phishing_army_blocklist_extended.txt'
- 'https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts'
- 'https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts'
- 'https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt'
- 'https://urlhaus.abuse.ch/downloads/hostfile/'
- 'https://v.firebog.net/hosts/Prigent-Crypto.txt'
deny_maximum: # a very strict list
- 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn-social/hosts'
deny_suspicious:
- 'https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt'
- 'https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts'
- 'https://v.firebog.net/hosts/static/w3kbl.txt'
deny_tracking:
- 'https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt'
- 'https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt'
- 'https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts'
- 'https://v.firebog.net/hosts/Easyprivacy.txt'
- 'https://v.firebog.net/hosts/Prigent-Ads.txt'
deny_other:
- 'https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser'
clientGroupsBlock:
default:
- 'deny_ads'
192.0.2.0/24: # Server
- 'deny_malicious'
- 'deny_suspicious'
- 'deny_other'
Built on 2024-09-30