upstream/opnsense-core
1
0
Fork 0
mirror of https://github.com/opnsense/core.git synced 2026-05-28 04:34:51 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

unbound: blocklist improvements (#10149)

Browse source 
* Organizes DNSBLs by provider/category.
* Adds the Social Network blocklist by hegizi.
* The tester now gives you the DNSBL name and category instead of its shortcode.
This commit is contained in:
Konstantinos Spartalis 2026-05-21 12:13:21 +03:00 committed by GitHub
parent 8ae0a6c158
commit d7f455bdfb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 81 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/opnsense/mvc/app/controllers/OPNsense/Unbound/Api/DiagnosticsController.php
View file

@ -123,6 +123,20 @@ class DiagnosticsController extends ApiControllerBase
]), true);
if (!empty($response)) {
$mdl = new \OPNsense\Unbound\Unbound();
$policies = $mdl->dnsbl->blocklist->getNodeContent();
$types = $mdl->dnsbl->blocklist->getTemplateNode()->type->getNodeData();
foreach ($response as $key => $value) {
if (isset($value['bl'])) {
if (isset($types[$value['bl']]['optgroup'])) {
$response[$key]['category'] = $types[$value['bl']]['optgroup'];
}
$response[$key]['bl'] = $types[$value['bl']]['value'] ?? $value['bl'];
}
if (isset($value['uuid'])) {
$response[$key]['policy'] = $policies[$value['uuid']]['description'] ?? '';
}
}
return $response;
}
}

9
src/opnsense/mvc/app/controllers/OPNsense/Unbound/Api/OverviewController.php
View file

@ -72,8 +72,12 @@ class OverviewController extends ApiControllerBase
return [];
}
$types = $this->mdl->dnsbl->blocklist->getTemplateNode()->type->getNodeData();
foreach ($parsed['top_blocked'] as $domain => $props) {
$parsed['top_blocked'][$domain]['blocklist'] ??= $this->getBlocklistDescription($props['blocklist']);
if (isset($types[$props['blocklist']]['optgroup'])) {
$parsed['top_blocked'][$domain]['category'] = $types[$props['blocklist']]['optgroup'];
}
$parsed['top_blocked'][$domain]['blocklist'] = $types[$props['blocklist']]['value'] ?? $props['blocklist'];
}
return $parsed;
@ -100,6 +104,9 @@ class OverviewController extends ApiControllerBase
$types = $this->mdl->dnsbl->blocklist->getTemplateNode()->type->getNodeData();
foreach ($parsed as $idx => $query) {
if (isset($types[$query['blocklist']]['optgroup'])) {
$parsed[$idx]['category'] = $types[$query['blocklist']]['optgroup'];
}
$parsed[$idx]['blocklist'] = $types[$query['blocklist']]['value'] ?? $query['blocklist'];
$parsed[$idx]['policy'] = $policies[$query['uuid']]['description'] ?? '';
/* Handle front-end color status mapping, start off with OK */

71
src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml
View file

@ -184,36 +184,47 @@
<type type="OptionField">
<Multiple>Y</Multiple>
<OptionValues>
<atf>Abuse.ch - ThreatFox IOC database</atf>
<ag>AdGuard List</ag>
<el>EasyList</el>
<ep>EasyPrivacy</ep>
<hgz001>[hagezi] Multi LIGHT - Basic protection</hgz001>
<hgz002>[hagezi] Multi NORMAL - All-round protection</hgz002>
<hgz003>[hagezi] Multi PRO - Extended protection</hgz003>
<hgz004>[hagezi] Multi PRO mini </hgz004>
<hgz005>[hagezi] Multi PRO++ - Maximum protection</hgz005>
<hgz006>[hagezi] Multi PRO++ mini</hgz006>
<hgz007>[hagezi] Multi ULTIMATE - Aggressive protection</hgz007>
<hgz008>[hagezi] Multi ULTIMATE mini</hgz008>
<hgz009>[hagezi] Fake - scams / fakes</hgz009>
<hgz010>[hagezi] Pop-Up Ads</hgz010>
<hgz011>[hagezi] Threat Intelligence Feeds</hgz011>
<hgz012>[hagezi] Threat Intelligence Feeds - Medium</hgz012>
<hgz013>[hagezi] Threat Intelligence Feeds - Mini</hgz013>
<hgz014>[hagezi] DoH/VPN/TOR/Proxy Bypass</hgz014>
<hgz015>[hagezi] Safesearch not supported</hgz015>
<hgz016>[hagezi] Dynamic DNS blocking</hgz016>
<hgz017>[hagezi] Badware Hoster blocking</hgz017>
<hgz018>[hagezi] Anti Piracy</hgz018>
<hgz019>[hagezi] Gambling</hgz019>
<hgz020>[hagezi] Gambling - Medium</hgz020>
<hgz021>[hagezi] Gambling - Mini</hgz021>
<oisd0>OISD - Domain Blocklist Ads</oisd0>
<oisd1>OISD - Domain Blocklist Big</oisd1>
<oisd2>OISD - Domain Blocklist NSFW</oisd2>
<sb>Steven Black List</sb>
<yy>YoYo List</yy>
<opt1 value="General Blocklists">
<atf>Abuse.ch - ThreatFox IOC</atf>
<ag>AdGuard List</ag>
<el>EasyList</el>
<ep>EasyPrivacy</ep>
<sb>Steven Black List</sb>
<yy>YoYo List</yy>
</opt1>
<opt2 value="Hagezi Multi - Clean the Internet">
<hgz001>LIGHT - Relaxed Blocking</hgz001>
<hgz002>NORMAL - Relaxed/Balanced Blocking</hgz002>
<hgz003>PRO - Balanced Blocking</hgz003>
<hgz005>PRO++ - Balanced/Aggressive Blocking</hgz005>
<hgz007>ULTIMATE - Aggressive Blocking</hgz007>
</opt2>
<opt3 value="OISD Blocklists">
<oisd0>Ads Blocklist</oisd0>
<oisd1>Big Blocklist (incl. Ads)</oisd1>
<oisd2>NSFW Blocklist</oisd2>
</opt3>
<opt4 value="Hagezi Targeted Lists">
<hgz011>Threat Intelligence Feeds</hgz011>
<hgz009>Fake - scams / fakes</hgz009>
<hgz010>Pop-Up Ads</hgz010>
<hgz014>DoH/VPN/TOR/Proxy Bypass</hgz014>
<hgz015>Safesearch not supported</hgz015>
<hgz016>Dynamic DNS blocking</hgz016>
<hgz017>Badware Hoster blocking</hgz017>
<hgz018>Anti Piracy</hgz018>
<hgz019>Gambling</hgz019>
<hgz022>Social Networks</hgz022>
</opt4>
<opt5 value="Minimal Hardware Requirements">
<hgz004>Multi PRO - Mini </hgz004>
<hgz006>Multi PRO++ - Mini</hgz006>
<hgz008>Multi ULTIMATE - Mini</hgz008>
<hgz012>Threat Intelligence Feeds - Medium</hgz012>
<hgz013>Threat Intelligence Feeds - Mini</hgz013>
<hgz020>Gambling - Medium</hgz020>
<hgz021>Gambling - Mini</hgz021>
</opt5>
</OptionValues>
</type>
<lists type="CSVListField"/>

21
src/opnsense/mvc/app/views/OPNsense/Unbound/overview.volt
View file

@ -408,7 +408,7 @@
<i class="fa fa-cogs"></i>
</button>
`).on('click', function () {
openPoliciesDialog(domain, uuid, action, statObj?.blocklist ?? "");
openPoliciesDialog(domain, uuid, action, statObj);
});
let bl = (uuid && uuid in policies) ? `(${policies[uuid].description})` : '';
@ -562,6 +562,10 @@
function refreshPoliciesDialog(dialogRef, domain, uuid, appliedAction, blocklist) {
const cleanDomain = domain.replace(/\.$/, "");
const category = blocklist?.category ?? '';
const provider = category;
blocklist = blocklist?.blocklist ?? blocklist ?? '';
let bl_category = blocklist;
ajaxGet('/api/unbound/overview/get_policies', {}, function (data, status) {
let $container = $('<div>');
@ -628,9 +632,13 @@
}
if (blocklist != "") {
let display_text = blocklist;
if (provider) {
bl_category += ' - ' + category;
}
$container = $(`
<div>
{{ lang._('Blocklist match:')}} ${blocklist}
{{ lang._('Blocklist match:')}} ${bl_category}
</div>
`);
}
@ -691,10 +699,9 @@
const uuid = data.uuid;
const domain = data.domain;
const appliedAction = data.action;
const blocklist = data.blocklist;
$el.click(function() {
openPoliciesDialog(domain, uuid, appliedAction, blocklist);
openPoliciesDialog(domain, uuid, appliedAction, data);
});
}
}
@ -725,6 +732,12 @@
},
"domain": function (column, row) {
return row.domain;
},
"blocklist": function (column, row) {
if (row.category) {
return row.blocklist + ' - ' + row.category;
}
return row.blocklist;
}
},
statusMapping: {

1
src/opnsense/service/templates/OPNsense/Unbound/core/blocklists.conf
View file

@ -30,6 +30,7 @@
"hgz019": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/gambling.txt",
"hgz020": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/gambling.medium.txt",
"hgz021": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/gambling.mini.txt",
"hgz022": "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/social.txt",
"*** below fields are deprecated, but still exist. Not selectable anymore ***":"",
"bla0": "https://blocklistproject.github.io/Lists/alt-version/abuse-nl.txt",
"bla": "https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt",