10 May 2017
Mikrotik adblock script
I’ve been using a script to block ads directly form my Mikrotik router, but unfortunately the domain used by the script has expired, so I decided to generate the list myself.
I’m using the php code form here: https://github.com/tarampampam/mikrotik-hosts-parser/
First of all note that this script will use about 50 mb of ram.
Edit: This script works only for devices with at least 128 mb ram, for devices with 64 mb like RB751G-2HnD you can use the lite version with approximately 3000 entries from here.
To setup ad blocking follow these steps:
- Set the router as a DNS server:
- force the DNS request to be directed to the router:
/ip firewall nat add action=redirect chain=dstnat dst-port=53 in-interface=bridge protocol=udp
- Add the script to import the satic DNS list and the scheduler to update the list one a day:
/system script
add name=adblock policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
log warning \"starting adblock update\";\r\
\n\
\n\
\n:delay 20;\r\
\n\
\n\
\n:log warning \"downloading adblock\";\r\
\n\
\n\
\n\
\n\
\n:local hostScriptUrl \"https://micu.eu/adblock/adblock.php\";\
\n\
\n\
\n\
\n\r\
\n:local scriptName \"adblock\";\
\n\
\n\
\n\
\n\r\
\ndo {\
\n\
\n /tool fetch mode=http url=\$hostScriptUrl dst-path=(\"./\".\$scriptName\
);\
\n\
\n\r\
\n:delay 20;\
\n\
\n\r\
\n:if ([:len [/file find name=\$scriptName]] > 0) do={\r\
\n\
\n\
\n :log warning \"removing old adblock list\";\
\n\
\n\r\
\n /ip dns static remove [/ip dns static find address=127.0.0.1];\
\n\
\n\r\
\n :log warning \"importing new adblock list\";\r\
\n\
\n\
\n /import file-name=\$scriptName;\r\
\n\
\n\
\n /file remove \$scriptName;\r\
\n\
\n\
\n :log warning \"adblock list imported\";\r\
\n\
\n\
\n } else={\
\n\
\n \r\
\n:log warning \"adblock list not downloaded, script stopped\";\r\
\n\
\n\
\n }\r\
\n\
\n\
\n} on-error={\
\n\
\n \r\
\n:log warning \"adblock list download FAILED\";\
\n\
\n\r\
\n};"
/system scheduler
add interval=1d name=adblock on-event=adblock policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
add name=adblock_startup on-event=\
":delay 30;\r\
\n/system script run adblock" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
About Author
24 Comments
Thanks for the service of updating and making the lists public!
What do you think of the approach of routing to 240.0.0.1 instead of localhost? In theory, it seems to have advantages. From here: https://paul.is-a-geek.org/2018/02/dns-based-adblock-using-mikrotik-routeros/
I don’t know if it will make any difference, but if you would like to test it, i set a new script with the redirecting address to 240.0.0.1, you can find it here: https://micu.eu/adblock/adblock_240.php clear the current list form the router, modify the script to point the new address and edit the 127.0.0.1 from the mikrotik script so that it will be able to update the list.
Please tell us if you see any difference, maybe it will help other users.
Hi!
The 240 script is better, for example, in my notebook I run a web server to use http to upgrade cisco routers(faster than TFTP and simple to put than a FTP server) and to test tome codes. Then something weird happened with localhost, some pages opened frame with my page listing IOS binaries 🙂 using 224 nothing happens
Hi,
first of all thank you for this and sharing it with the world – I have been using it for the past 3 months more or less and it works flawlessly.
One question though – it is possible to add some hosts to the exclusion list by applying a list of parameters to teh PHP script? I know this could be done from the Mikrotik script but being a PHP developer myself I think this would be more useful and performance oriented done in PHP.
I ask this because lately I observed that in the list we can find cdnjs.cloudflare.com which is a widely used CDN provider for a lot of JS related libraries including Bootstrap and this breaks some sites.
BTW, I am Romanian but posted in English as I can see this is an English article and maybe some other users have this issue.
Thanks.
Hi,
I added cdnjs.cloudflare.com to white list, and if you want other host please tell me and I can put them for you in a different script, or I can provide you the script, do whatever changes you think necessary and I will post it to my server.
I not a developer 🙂 my training and job are in a totally different domain, so my PHP skills are close to 0, I have some little understanding but that is all.
Ionut.
Hi,
Thanks fo your share, it help lots.
can you add more list below?
http://winhelp2002.mvps.org/hosts.htm
https://easylist.to/easylist/easylist.txt
https://easylist.to/easylist/easyprivacy.txt
https://easylist-downloads.adblockplus.org/abpindo+easylist.txt
many thanks before
Unfortunately you will need al lot of ram to use those lists, so it won’t run on our routers with 256mb or 512.
Saludos desde Ecuador gracisa por compartir me funciona perfecto en un rb2011 este tiene 128mb de RAM ahora estoy con un CCR1016-12g lite tiene 2 Gb de ram, podrias agregar estas listas en script para mikoritk
https://easylist-downloads.adblockplus.org/easylist.txt
https://easylist-downloads.adblockplus.org/easyprivacy_nointernational.txt
https://easylist-downloads.adblockplus.org/easylist_noadult.txt
https://easylist-downloads.adblockplus.org/fanboy-social.txt
https://easylist-downloads.adblockplus.org/easyprivacy.txt
Greetings from Ecuador thanks for sharing it works perfect on a rb2011 this has 128mb of RAM now I am with a CCR1016-12g lite has 2 Gb of ram, you could add these lists in script for mikoritik
https://easylist-downloads.adblockplus.org/easylist.txt
https://easylist-downloads.adblockplus.org/easyprivacy_nointernational.txt
https://easylist-downloads.adblockplus.org/easylist_noadult.txt
https://easylist-downloads.adblockplus.org/fanboy-social.txt
https://easylist-downloads.adblockplus.org/easyprivacy.txt
Hi and greetings form Romania,
I will extend the list and share it with you as soon as I will manage to find a some spare time.
Thank you for this script!
Some exclusions list on device would be nice!
In the meantime I’ve added a few lines to the script to exclude clients1.google.com, as such:
:log warning “adblock list imported”;
ip dns static remove [/ip dns static find name=clients1.google.com];
Hola Wilson Gabriel, puedo contactarte, soy de Quito Ecuador, te dejo de mi WSP: 0990344191
Saludos
Sorry, but I don’t understand what are you saying.
Hello,
tried it but it seems not work for me.
IP of my mikrotik is 10.31.0.1 so:
IP – DHCP Server – Networks – DNS Servers (set to 10.31.0.1)
Then I run your script and I manually added some sites into static DNS like i.alza.cz, letemsvetemapplem.eu, i.alza.sk etc..
Then I added
/ip firewall nat
add action=redirect chain=dstnat dst-port=53 in-interface=bridge protocol=udp
At very top (first rule) in NAT. Above below masquerade. Tried above masquerade too.
I tried it on letemsvetemapplem.eu but banners are still there.
Can you help me please? Thank you.
I added the domain generating the ads to the list.
Please runt the script again and see if the ads are still there, make sure you flushed the DNS cache on your device.
The number of items in a list has increased from ~9k to ~21k. And this is too much for 128 mb. My hap ac2 started lagging badly. Switched to lite variant.
This script always has around 20.000 entries, and I also had a happy ac2, but mine has 256mb of ram.
If the lite list won’t be enough I can edit the generator and provide you with a custom link with the sources you want, just let me know what sources to include.
Oh.. Thanks for an answer!
Very strange, for me it was ~9k for a month or two, maybe some subscription was not responding and you didn’t notice 🙂 And now it’s back.
Anyways, no need to make another list just for me.
Thank you for sharing!
hi..im try to change dst-path to my usb drive (called disk1). Can you guide me?
Hi, do I need to change dns cache size in Mikrotik ?
Which is default value is 2048 kB
Dear Micu,
how to use with ipv6?
Awesome script but I am feeling a bit concerned about security. This script is downloading another script from https://micu.eu/adblock/adblock.php if for some reason someone hacks this website and change this file with malicious code, everyone can get infected.
The best option at my point of view is get all domains externally and then use the script to assign them one by one to 127.0.0.1
Is it possible to make the scrip replacing 127.0.0.1 with NXDOMAIN ?