Home network security – Part 4: Turris Omnia as an ad blocker

Home network security – Part 4: Turris Omnia as an ad blocker

There seems to be an unspoken agreement when it comes to advertisements in the web browser: You can access web content for free and must see advertisements in return. This makes sense, however, advertisements are sometimes used for malicious purposes (malvertising). Furthermore, some companies use advertisements not only for making money, but for tracking. Using the Turris Omnia as an network-level ad blocker is one of many possible solutions to block all these ads. We will show you a really easy way to configure Omnia’s ad blocking capabilities.

Contents

  1. Requirements
  2. Step by step to your network-level ad blocker
  3. Summary
  4. Sources

Always stay in the loop!
Subscribe to our RSS/Atom feeds.

Requirements

For this part, we need:

  • our Turris Omnia which is connected with our computer and the internet
  • an SSH client on our computer

Step by step to your network-level ad blocker

This time, we install packages and configure them directly with LuCI. This makes things a lot easier since there is nearly no terminal involved.

We use Adblock here. It simply tells the DNS resolver installed on the Omnia to not resolve certain domain names. If one of your devices in the network queries a blocked domain name, the Omnia will answer “NXDOMAIN” which basically means that this domain name doesn’t exist. The result is that your device won’t be able to connect to this domain name.

Step 1: Download the packages

First of all, connect to your Omnia using your web browser. Go to https://192.168.1.1/cgi-bin/luci (change the IP address accordingly) and log in using the password for “advanced administration” like configured in the first part of this series.

Go to System / Software and search for “adblock” as shown in the picture below. Install “adblock” (the essential package) and “luci-app-adblock” to be able to use LuCI to configure Adblock later.

Get the Adblock packages using LuCI
Get the Adblock packages using LuCI (🔍 Zoom in)

Step 2: Configure Adblock

After installing, you have to enable and start Adblock. Go to System / Startup in LuCI and search for “adblock”. Enable and start it by clicking the buttons.

Finally, we have to configure which block lists we want to use. There should be a new menu item “Services / Adblock” now. Select it and you will see the configuration screen as shown in the picture below.

Configure Adblock using LuCI
Configure Adblock using LuCI (🔍 Zoom in)

We don’t have to change the defaults. Instead, scroll down and select block lists you want to use. Then, click “Save & Apply”.

Important: One list is named “blacklist”. This is actually your local custom blacklist. If you want to use your own rules, don’t disable it.

Step 3: Add custom rules

Maybe, you want to block more domains. This is possible by selecting the index “Advanced”. There you can define your own lists:

  • Blacklist: Define additional domains (one domain per line) which the Omnia must block. No wildcards are allowed. As an advanced user, you can directly edit the file /etc/adblock/adblock.blacklist. All subdomains containing this domain will be also blocked.
  • Whitelist: Define domains or subdomains which the Omnia must not block. For instance, you can allow a single subdomain here while you block all other subdomains. As an advanced user, you can directly edit the file /etc/adblock/adblock.whitelist.

Follow us on Mastodon:
@infosechandbook

Step 4: Restart Adblock and test it

After enabling certain block lists and adding your custom rules, you have to restart Adblock. You can do so by restarting your Omnia, restarting the service using LuCI (System / Startup) or simply by using SSH: # /etc/init.d/adblock restart.

Go to Services / Adblock and back to “Advanced”. There you can also query domain names. Enter a domain name which should be blocked. Blocked domain names appear below the text field.

Alternatively, you can enter a domain name on a device in this network. Simply enter: $ nslookup [domain name]. Successful blocking results in ** server can't find [domain name]: NXDOMAIN.

This article is part of the "Home network security" series.
Read other articles of this series.

Summary

Using Adblock on your Turris Omnia (or router running OpenWrt) is very useful since all of these domain names will be blocked at network level. You don’t have to configure and regularly update each and every device in this network. Keep in mind that some devices like smart TVs and IoT devices don’t allow you to configure any host-based ad blocking.

Adblock also affects the guest network, of course, since this VLAN also uses your Omnia as a DNS resolver. Adblock enhances privacy and security in your network due to less tracking, malvertising and blocking of potential harmful domains.

However, as with all blacklist-based filtering you must update your blacklist from time to time and add new domain names.

Sources

See also