luci-app-dnsfilter: add package from garypang13

2025-04-17 21:03:30 +00:00 · 2021-07-01 15:51:22 +08:00 · 2021-07-01 15:51:22 +08:00 · dd7d3d8cb6
commit dd7d3d8cb6
parent a9b30b2b2d
19 changed files with 995 additions and 0 deletions
--- a/package/lean/luci-app-dnsfilter/Makefile
+++ b/package/lean/luci-app-dnsfilter/Makefile
@ -0,0 +1,15 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=luci-app-dnsfilter
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=LuCI support for DNSFilter
+LUCI_DEPENDS:=+uclient-fetch +ipset +dnsmasq-full
+LUCI_PKGARCH:=all
+PKG_NAME:=luci-app-dnsfilter
+PKG_VERSION:=1
+PKG_RELEASE:=2
+
+include $(TOPDIR)/feeds/luci/luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature
--- a/package/lean/luci-app-dnsfilter/luasrc/controller/dnsfilter.lua
+++ b/package/lean/luci-app-dnsfilter/luasrc/controller/dnsfilter.lua
@ -0,0 +1,48 @@
+module("luci.controller.dnsfilter",package.seeall)
+function index()
+	if not nixio.fs.access("/etc/config/dnsfilter") then
+		return
+	end
+	local page = entry({"admin","services","dnsfilter"},alias("admin","services","dnsfilter","base"),_("DNSFilter"),9)
+	page.dependent = true
+	page.acl_depends = { "luci-app-dnsfilter" }
+	entry({"admin","services","dnsfilter","base"},cbi("dnsfilter/base"),_("Base Setting"),10).leaf=true
+	entry({"admin","services","dnsfilter","white"},form("dnsfilter/white"),_("White Domain List"),20).leaf=true
+	entry({"admin","services","dnsfilter","black"},form("dnsfilter/black"),_("Block Domain List"),30).leaf=true
+	entry({"admin","services","dnsfilter","ip"},form("dnsfilter/ip"),_("Block IP List"),40).leaf=true
+	entry({"admin","services","dnsfilter","log"},form("dnsfilter/log"),_("Update Log"),50).leaf=true
+	entry({"admin","services","dnsfilter","run"},call("act_status")).leaf = true
+	entry({"admin","services","dnsfilter","refresh"},call("refresh_data"))
+end
+
+function act_status()
+	local e={}
+	e.running=luci.sys.call("[ -s /tmp/dnsmasq.dnsfilter/rules.conf ]")==0
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(e)
+end
+
+function refresh_data()
+local set=luci.http.formvalue("set")
+local icount=0
+
+	luci.sys.exec("/usr/share/dnsfilter/dnsfilter down")
+	icount=luci.sys.exec("find /tmp/ad_tmp -type f -name rules.conf -exec cat {} \\; 2>/dev/null | wc -l")
+	if tonumber(icount)>0 then
+		oldcount=luci.sys.exec("find /tmp/dnsfilter -type f -name rules.conf -exec cat {} \\; 2>/dev/null | wc -l")
+		if tonumber(icount) ~= tonumber(oldcount) then
+			luci.sys.exec("[ -h /tmp/dnsfilter/url ] && (rm -f /etc/dnsfilter/rules/*;cp -a /tmp/ad_tmp/* /etc/dnsfilter/rules) || (rm -f /tmp/dnsfilter/*;cp -a /tmp/ad_tmp/* /tmp/dnsfilter)")
+			luci.sys.exec("/etc/init.d/dnsfilter restart &")
+			retstring=tostring(math.ceil(tonumber(icount)))
+		else
+			retstring=0
+		end
+		luci.sys.call("echo `date +'%Y-%m-%d %H:%M:%S'` > /tmp/dnsfilter/dnsfilter.updated")
+	else
+		retstring="-1"
+	end
+	luci.sys.exec("rm -rf /tmp/ad_tmp")
+
+	luci.http.prepare_content("application/json")
+	luci.http.write_json({ret=retstring,retcount=icount})
+end
--- a/package/lean/luci-app-dnsfilter/luasrc/model/cbi/dnsfilter/base.lua
+++ b/package/lean/luci-app-dnsfilter/luasrc/model/cbi/dnsfilter/base.lua
@ -0,0 +1,81 @@
+local SYS=require "luci.sys"
+
+m=Map("dnsfilter")
+m.title=translate("DNSFilter")
+m.description=translate("Support AdGuardHome/Host/DNSMASQ/Domain Rules")
+m:section(SimpleSection).template="dnsfilter/dnsfilter_status"
+
+s=m:section(TypedSection,"dnsfilter")
+s.anonymous=true
+
+o=s:option(Flag,"enable")
+o.title=translate("Enable")
+o.rmempty=false
+
+o=s:option(Flag,"block_ios")
+o.title=translate("Block Apple iOS OTA update")
+
+o=s:option(Flag,"block_cnshort")
+o.title=translate("Block CNshort APP and Website")
+
+o=s:option(Flag,"safe_search")
+o.title=translate("Safe Search")
+o.description=translate("Enforcing SafeSearch for google, bing, duckduckgo, yandex and youtube.")
+
+o=s:option(Flag,"cron_mode")
+o.title=translate("Enable automatic update rules")
+
+o=s:option(ListValue,"time_update")
+o.title=translate("Update time")
+for s=0,23 do
+o:value(s)
+end
+o.default=6
+o:depends("cron_mode",1)
+
+tmp_rule=0
+if nixio.fs.access("/tmp/dnsfilter/rules.conf") then
+tmp_rule=1
+UD=SYS.exec("cat /tmp/dnsfilter/dnsfilter.updated 2>/dev/null")
+rule_count=tonumber(SYS.exec("find /tmp/dnsfilter -exec cat {} \\; 2>/dev/null | wc -l"))
+o=s:option(DummyValue,"1",translate("Subscribe Rules Data"))
+o.rawhtml=true
+o.template="dnsfilter/refresh"
+o.value=rule_count.." "..translate("Records")
+o.description=string.format(translate("AdGuardHome / Host / DNSMASQ / Domain rules auto-convert").."<br/><strong>"..translate("Last Update Checked")..":</strong> %s<br/>",UD)
+end
+
+o=s:option(Flag,"flash")
+o.title=translate("Save rules to flash")
+o.description=translate("Should be enabled when rules addresses are slow to download")
+o.rmempty=false
+
+if tmp_rule==1 then
+o=s:option(Button,"delete",translate("Delete All Subscribe Rules"))
+o.inputstyle="reset"
+o.description=translate("Delete rules files and delete the subscription link<br/>There is no need to click for modify the subscription link,The script will automatically replace the old rule file")
+o.write=function()
+	SYS.exec("[ -d /etc/dnsfilter/rules ] && rm -rf /etc/dnsfilter/rules")
+	SYS.exec("grep -wq 'list url' /etc/config/dnsfilter && sed -i '/list url/d' /etc/config/dnsfilter && /etc/init.d/dnsfilter restart 2>&1 &")
+	luci.http.redirect(luci.dispatcher.build_url("admin","services","dnsfilter","base"))
+end
+end
+
+if luci.sys.call("[ -h /tmp/dnsfilter/url ] || exit 9")==9 then
+	if nixio.fs.access("/etc/dnsfilter/rules") then
+		o=s:option(Button,"delete_1",translate("Delete Subscribe Rules On The Flash"))
+		o.inputstyle="reset"
+		o.write=function()
+			SYS.exec("rm -rf /etc/dnsfilter/rules")
+			luci.http.redirect(luci.dispatcher.build_url("admin","services","dnsfilter","base"))
+		end
+	end
+end
+
+o=s:option(DynamicList,"url",translate("Anti-AD Rules Subscribe"))
+o:value("https://cdn.jsdelivr.net/gh/privacy-protection-tools/anti-AD@master/adblock-for-dnsmasq.conf","anti-AD")
+o:value("https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt","AdGuard")
+o:value("https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt","Easylistchina+Easylist")
+o:value("https://block.energized.pro/extensions/porn-lite/formats/domains.txt","Anti-Porn")
+
+return m
--- a/package/lean/luci-app-dnsfilter/luasrc/model/cbi/dnsfilter/black.lua
+++ b/package/lean/luci-app-dnsfilter/luasrc/model/cbi/dnsfilter/black.lua
@ -0,0 +1,25 @@
+local fs=require "nixio.fs"
+local conffile="/etc/dnsfilter/black.list"
+
+f=SimpleForm("custom")
+t=f:field(TextValue,"conf")
+t.rmempty=true
+t.rows=13
+t.description=translate("Will Always block these Domain")
+function t.cfgvalue()
+	return fs.readfile(conffile) or ""
+end
+
+function f.handle(self,state,data)
+	if state == FORM_VALID then
+		if data.conf then
+			fs.writefile(conffile,data.conf:gsub("\r\n","\n"))
+		else
+			luci.sys.call("> /etc/dnsfilter/black.list")
+		end
+		luci.sys.exec("[ \"$(uci -q get dnsfilter.@dnsfilter[0].enable)\" = 1 ] && /etc/init.d/dnsfilter restart")
+	end
+	return true
+end
+
+return f
--- a/package/lean/luci-app-dnsfilter/luasrc/model/cbi/dnsfilter/ip.lua
+++ b/package/lean/luci-app-dnsfilter/luasrc/model/cbi/dnsfilter/ip.lua
@ -0,0 +1,25 @@
+local fs=require "nixio.fs"
+local conffile="/etc/dnsfilter/ip.list"
+
+f=SimpleForm("custom")
+t=f:field(TextValue,"conf")
+t.rmempty=true
+t.rows=13
+t.description=translate("Will Always block these IP")
+function t.cfgvalue()
+	return fs.readfile(conffile) or ""
+end
+
+function f.handle(self,state,data)
+	if state == FORM_VALID then
+		if data.conf then
+			fs.writefile(conffile,data.conf:gsub("\r\n","\n"))
+		else
+			luci.sys.call("> /etc/dnsfilter/ip.list")
+		end
+		luci.sys.exec("ipset -F blockip 2>/dev/null && for i in $(cat /etc/dnsfilter/ip.list);do ipset add blockip $i 2>/dev/null;done")
+	end
+	return true
+end
+
+return f
--- a/package/lean/luci-app-dnsfilter/luasrc/model/cbi/dnsfilter/log.lua
+++ b/package/lean/luci-app-dnsfilter/luasrc/model/cbi/dnsfilter/log.lua
@ -0,0 +1,15 @@
+local fs=require "nixio.fs"
+local conffile="/tmp/adupdate.log"
+
+f=SimpleForm("logview")
+f.reset=false
+f.submit=false
+t=f:field(TextValue,"conf")
+t.rmempty=true
+t.rows=20
+function t.cfgvalue()
+	return fs.readfile(conffile) or ""
+end
+t.readonly="readonly"
+
+return f
--- a/package/lean/luci-app-dnsfilter/luasrc/model/cbi/dnsfilter/white.lua
+++ b/package/lean/luci-app-dnsfilter/luasrc/model/cbi/dnsfilter/white.lua
@ -0,0 +1,27 @@
+local fs=require "nixio.fs"
+local conffile="/etc/dnsfilter/white.list"
+
+f=SimpleForm("custom")
+t=f:field(TextValue,"conf")
+t.rmempty=true
+t.rows=13
+t.description=translate("Will Never filter these Domain")
+function t.cfgvalue()
+	return fs.readfile(conffile) or ""
+end
+
+function f.handle(self,state,data)
+	if state == FORM_VALID then
+		if data.conf then
+			fs.writefile(conffile,data.conf:gsub("\r\n","\n"))
+		else
+			luci.sys.call("> /etc/dnsfilter/white.list")
+		end
+		luci.sys.exec("for i in $(cat /etc/dnsfilter/white.list);do sed -i -e \"/\\/$i\\//d\" -e \"/\\.$i\\//d\" /tmp/dnsfilter/rules.conf 2>/dev/null;\\\
+		[ -s /etc/dnsfilter/rules/rules.conf ] && sed -i -e \"/\\/$i\\//d\" -e \"/\\.$i\\//d\" /etc/dnsfilter/rules/rules.conf;done;\\\
+		[ -s /tmp/dnsfilter/rules.conf ] && rm -f /tmp/dnsmasq.dnsfilter/rules.conf && /etc/init.d/dnsfilter start")
+	end
+	return true
+end
+
+return f
--- a/package/lean/luci-app-dnsfilter/luasrc/view/dnsfilter/dnsfilter_status.htm
+++ b/package/lean/luci-app-dnsfilter/luasrc/view/dnsfilter/dnsfilter_status.htm
@ -0,0 +1,21 @@
+<script type="text/javascript">//<![CDATA[
+XHR.poll(3,'<%=url([[admin]],[[services]],[[dnsfilter]],[[run]])%>',null,
+	function(x,data){
+		var tb=document.getElementById('dnsfilter_status');
+		if (data&&tb){
+			if (data.running){
+				tb.innerHTML='<em><b><font color=green>DNSFilter <%:RUNNING%></font></b></em>';
+			}else{
+				tb.innerHTML='<em><b><font color=red>DNSFilter <%:NOT RUNNING%></font></b></em>';
+			}
+		}
+	}
+);
+//]]>
+</script>
+<style>.mar-10{margin-left:50px;margin-right:10px;}</style>
+<fieldset class="cbi-section">
+	<p id="dnsfilter_status">
+		<em><%:Collecting data...%></em>
+	</p>
+</fieldset>
--- a/package/lean/luci-app-dnsfilter/luasrc/view/dnsfilter/refresh.htm
+++ b/package/lean/luci-app-dnsfilter/luasrc/view/dnsfilter/refresh.htm
@ -0,0 +1,34 @@
+<%+cbi/valueheader%>
+<script type="text/javascript">//<![CDATA[
+	function refresh_data(btn,dataname)
+	{
+		btn.disabled=true;
+		btn.value='<%:Refresh...%>';
+		murl=dataname;
+		XHR.get('<%=luci.dispatcher.build_url("admin","services","dnsfilter","refresh")%>',
+			{set:murl},
+			function(x,rv)
+			{
+			var s=document.getElementById(dataname+'-status');
+			if (s)
+			{
+				if (rv.ret=="0")
+				s.innerHTML="<font color='green'>"+"<%:No new data!%> "+"</font>";
+				else if(rv.ret=="-1")
+				{
+					s.innerHTML="<font color='red'>"+"<%:Refresh Error!%> "+"</font>";
+				}
+				else{
+					s.innerHTML="<font color='green'>"+"<%:Refresh OK!%> "+"<%:Total Records:%>"+rv.ret+"</font>";
+			}
+			}
+				btn.disabled=false;
+				btn.value='<%:Refresh Data%>';
+			}
+		);
+		return false;
+	}
+//]]></script>
+<input type="button" class="cbi-button cbi-input-reload" value="<%:Refresh Data%>" onclick="return refresh_data(this,'<%=self.option%>')"/>
+<span id="<%=self.option%>-status"><em><%=self.value%></em></span>
+<%+cbi/valuefooter%>
--- a/package/lean/luci-app-dnsfilter/po/zh-cn/dnsfilter.zh-cn.po
+++ b/package/lean/luci-app-dnsfilter/po/zh-cn/dnsfilter.zh-cn.po
@ -0,0 +1,104 @@
+msgid "Base Setting"
+msgstr "基本设置"
+
+msgid "Support AdGuardHome/Host/DNSMASQ/Domain Rules"
+msgstr "支持 AdGuardHome/Host/DNSMASQ/Domain 规则"
+
+msgid "RUNNING"
+msgstr "运行中"
+
+msgid "NOT RUNNING"
+msgstr "未运行"
+
+msgid "Enable"
+msgstr "启用"
+
+msgid "Block Apple iOS OTA update"
+msgstr "拦截 Apple iOS 的OTA更新"
+
+msgid "Block CNshort APP and Website"
+msgstr "拦截 短视频 APP 和网站"
+
+msgid "Enable automatic update rules"
+msgstr "启用规则自动更新"
+
+msgid "Update time"
+msgstr "更新时间"
+
+msgid "DNSFilter Data"
+msgstr "DNSFilter 规则数据库"
+
+msgid "Records"
+msgstr "条记录"
+
+msgid "Refresh..."
+msgstr "正在更新，请稍候.."
+
+msgid "No new data!"
+msgstr "你已经是最新数据，无需更新！"
+
+msgid "Refresh Error!"
+msgstr "更新失败！"
+
+msgid "Refresh OK!"
+msgstr "更新成功！"
+
+msgid "Total Records:"
+msgstr "新的总纪录数："
+
+msgid "Refresh Data"
+msgstr "更新数据库"
+
+msgid "Last Update Checked"
+msgstr "上一次检查规则更新"
+
+msgid "Subscribe Rules Data"
+msgstr "去广告规则"
+
+msgid "AdGuardHome / Host / DNSMASQ / Domain rules auto-convert"
+msgstr "AdGuardHome / Host / DNSMASQ /Domain 规则自动识别, 自动去重"
+
+msgid "Save rules to flash"
+msgstr "保存规则到闪存"
+
+msgid "Should be enabled when rules addresses are slow to download"
+msgstr "规则地址下载速度慢时应该打开"
+
+msgid "Delete All Subscribe Rules"
+msgstr "清空所有订阅的规则库"
+
+msgid "Delete rules files and delete the subscription link<br/>There is no need to click for modify the subscription link,The script will automatically replace the old rule file"
+msgstr "清空规则文件，并且删除所有的订阅链接<br/>如果只是修改订阅链接不需要清空，脚本会自动覆盖旧的规则文件"
+
+msgid "Delete Subscribe Rules On The Flash"
+msgstr "清空闪存上的订阅规则库"
+
+msgid "Anti-AD Rules Subscribe"
+msgstr "广告过滤规则订阅URL"
+
+msgid "White Domain List"
+msgstr "域名白名单"
+
+msgid "Will Never filter these Domain"
+msgstr "永不过滤白名单内的域名"
+
+msgid "Block Domain List"
+msgstr "域名黑名单"
+
+msgid "Will Always block these Domain"
+msgstr "拦截黑名单内的域名"
+
+msgid "Block IP List"
+msgstr "IP黑名单"
+
+msgid "Will Always block these IP"
+msgstr "拦截黑名单内的IP地址"
+
+msgid "Safe Search"
+msgstr "安全搜索"
+
+msgid "Enforcing SafeSearch for google, bing, duckduckgo, yandex and youtube."
+msgstr "强制为google,bing,duckduckgo,yandex,youtube开启安全搜索,过滤不健康内容"
+
+msgid "Update Log"
+msgstr "更新日志"
--- a/package/lean/luci-app-dnsfilter/root/etc/config/dnsfilter
+++ b/package/lean/luci-app-dnsfilter/root/etc/config/dnsfilter
@ -0,0 +1,8 @@
+
+config dnsfilter
+	option cron_mode '1'
+	option time_update '6'
+	option flash '0'
+	option enable '0'
+	list url 'https://cdn.jsdelivr.net/gh/privacy-protection-tools/anti-AD@master/adblock-for-dnsmasq.conf'
+
--- a/package/lean/luci-app-dnsfilter/root/etc/dnsfilter/black.list
+++ b/package/lean/luci-app-dnsfilter/root/etc/dnsfilter/black.list
--- a/package/lean/luci-app-dnsfilter/root/etc/dnsfilter/ip.list
+++ b/package/lean/luci-app-dnsfilter/root/etc/dnsfilter/ip.list
--- a/package/lean/luci-app-dnsfilter/root/etc/dnsfilter/white.list
+++ b/package/lean/luci-app-dnsfilter/root/etc/dnsfilter/white.list
@ -0,0 +1 @@
+boxer.baidu.com
--- a/package/lean/luci-app-dnsfilter/root/etc/init.d/dnsfilter
+++ b/package/lean/luci-app-dnsfilter/root/etc/init.d/dnsfilter
@ -0,0 +1,440 @@
+#!/bin/sh /etc/rc.common
+START=99
+STOP=10
+B=0
+CRON_FILE=/etc/crontabs/root
+D=/tmp/dnsmasq.dnsfilter
+E="date +'%Y-%m-%d %H:%M:%S'"
+L=/etc/dnsfilter
+P=/usr/share/dnsfilter
+T=/tmp/dnsfilter
+STATUS=Y
+TAG="_DNSFILTER_RULE_"
+FWI=$(uci -q get firewall.dnsfilter.path)
+enable=$(uci -q get dnsfilter.@dnsfilter[0].enable)
+flash=$(uci -q get dnsfilter.@dnsfilter[0].flash)
+url=$(uci -q get dnsfilter.@dnsfilter[0].url)
+
+get_config(){
+	config_get_bool cron_mode $1 cron_mode 1
+	config_get_bool block_ios $1 block_ios 0
+	config_get_bool block_cnshort $1 block_cnshort 0
+	config_get_bool safe_search $1 safe_search 0
+	config_get time_update $1 time_update 6
+}
+
+add_dns(){
+	mkdir -p /tmp/dnsmasq.d $D
+	echo conf-dir=$D > /tmp/dnsmasq.d/dnsfilter.conf
+	if [ -n "$url" -a ! -s /tmp/dnsfilter/failed ];then
+		mkdir -p $T
+		if [ $flash = 1 ];then
+			ln -sf $L/rules/rules.conf $T/rules.conf
+			ln -sf $L/rules/url $T/url
+		fi
+		ln -sf $T/rules.conf $D/rules.conf
+	fi
+	[ $block_ios = 1 ] && echo 'mesu.apple.com' > $D/black.conf
+	if [ $block_cnshort = 1 ];then
+		cat <<-EOF >> $D/black.conf
+amemv.com
+tiktokv.com
+snssdk.com
+douyin.com
+ixigua.com
+pstatp.com
+ixiguavideo.com
+v.kandian.qq.com
+yximgs.com
+gifshow.com
+ksapisrv.com
+kuaishoupay.com
+ksyun.com
+live.xycdn.com
+danuoyi.alicdn.com
+v.weishi.qq.com
+pearvideo.com
+miaopai.com
+kuaishou.com
+qupai.me
+meipai.com
+huoshan.com
+ergengtv.com
+baijiahao.baidu.com
+xiongzhang.baidu.com
+EOF
+	fi
+	cat $L/black.list >> $D/black.conf
+	if [ -s $D/black.conf ];then
+		sed -i -e 's:^:address=/:' -e 's:$:/:' $D/black.conf
+		echo "`sort -u $D/black.conf`" > $D/black.conf
+		for i in $(cat $D/black.conf);do
+			if grep -wq $i $D/rules.conf 2>/dev/null;then
+				sed -i -e "s#$i##" -e '/^$/d' $D/black.conf
+			fi
+		done
+		for i in $(cat $L/white.list);do sed -i -e "/\/$i\//d" -e "/\.$i\//d" $D/black.conf;done
+	else
+		rm -f $D/black.conf
+	fi
+
+	if [ $safe_search = 1 ];then
+		cat <<-EOF >> $D/safesearch.conf
+address=/www.bing.com/204.79.197.220
+address=/www.google.com/216.239.38.120
+address=/google.com/216.239.38.120
+address=/www.google.ad/216.239.38.120
+address=/google.ad/216.239.38.120
+address=/www.google.ae/216.239.38.120
+address=/google.ae/216.239.38.120
+address=/www.google.al/216.239.38.120
+address=/google.al/216.239.38.120
+address=/www.google.am/216.239.38.120
+address=/google.am/216.239.38.120
+address=/www.google.as/216.239.38.120
+address=/google.as/216.239.38.120
+address=/www.google.at/216.239.38.120
+address=/google.at/216.239.38.120
+address=/www.google.az/216.239.38.120
+address=/google.az/216.239.38.120
+address=/www.google.ba/216.239.38.120
+address=/google.ba/216.239.38.120
+address=/www.google.be/216.239.38.120
+address=/google.be/216.239.38.120
+address=/www.google.bf/216.239.38.120
+address=/google.bf/216.239.38.120
+address=/www.google.bg/216.239.38.120
+address=/google.bg/216.239.38.120
+address=/www.google.bi/216.239.38.120
+address=/google.bi/216.239.38.120
+address=/www.google.bj/216.239.38.120
+address=/google.bj/216.239.38.120
+address=/www.google.bs/216.239.38.120
+address=/google.bs/216.239.38.120
+address=/www.google.bt/216.239.38.120
+address=/google.bt/216.239.38.120
+address=/www.google.by/216.239.38.120
+address=/google.by/216.239.38.120
+address=/www.google.ca/216.239.38.120
+address=/google.ca/216.239.38.120
+address=/www.google.cd/216.239.38.120
+address=/google.cd/216.239.38.120
+address=/www.google.cf/216.239.38.120
+address=/google.cf/216.239.38.120
+address=/www.google.cg/216.239.38.120
+address=/google.cg/216.239.38.120
+address=/www.google.ch/216.239.38.120
+address=/google.ch/216.239.38.120
+address=/www.google.ci/216.239.38.120
+address=/google.ci/216.239.38.120
+address=/www.google.cl/216.239.38.120
+address=/google.cl/216.239.38.120
+address=/www.google.cm/216.239.38.120
+address=/google.cm/216.239.38.120
+address=/www.google.cn/216.239.38.120
+address=/google.cn/216.239.38.120
+address=/www.google.cv/216.239.38.120
+address=/google.cv/216.239.38.120
+address=/www.google.cz/216.239.38.120
+address=/google.cz/216.239.38.120
+address=/www.google.de/216.239.38.120
+address=/google.de/216.239.38.120
+address=/www.google.dj/216.239.38.120
+address=/google.dj/216.239.38.120
+address=/www.google.dk/216.239.38.120
+address=/google.dk/216.239.38.120
+address=/www.google.dm/216.239.38.120
+address=/google.dm/216.239.38.120
+address=/www.google.dz/216.239.38.120
+address=/google.dz/216.239.38.120
+address=/www.google.ee/216.239.38.120
+address=/google.ee/216.239.38.120
+address=/www.google.es/216.239.38.120
+address=/google.es/216.239.38.120
+address=/www.google.fi/216.239.38.120
+address=/google.fi/216.239.38.120
+address=/www.google.fm/216.239.38.120
+address=/google.fm/216.239.38.120
+address=/www.google.fr/216.239.38.120
+address=/google.fr/216.239.38.120
+address=/www.google.ga/216.239.38.120
+address=/google.ga/216.239.38.120
+address=/www.google.ge/216.239.38.120
+address=/google.ge/216.239.38.120
+address=/www.google.gg/216.239.38.120
+address=/google.gg/216.239.38.120
+address=/www.google.gl/216.239.38.120
+address=/google.gl/216.239.38.120
+address=/www.google.gm/216.239.38.120
+address=/google.gm/216.239.38.120
+address=/www.google.gr/216.239.38.120
+address=/google.gr/216.239.38.120
+address=/www.google.gy/216.239.38.120
+address=/google.gy/216.239.38.120
+address=/www.google.hn/216.239.38.120
+address=/google.hn/216.239.38.120
+address=/www.google.hr/216.239.38.120
+address=/google.hr/216.239.38.120
+address=/www.google.ht/216.239.38.120
+address=/google.ht/216.239.38.120
+address=/www.google.hu/216.239.38.120
+address=/google.hu/216.239.38.120
+address=/www.google.ie/216.239.38.120
+address=/google.ie/216.239.38.120
+address=/www.google.im/216.239.38.120
+address=/google.im/216.239.38.120
+address=/www.google.iq/216.239.38.120
+address=/google.iq/216.239.38.120
+address=/www.google.is/216.239.38.120
+address=/google.is/216.239.38.120
+address=/www.google.it/216.239.38.120
+address=/google.it/216.239.38.120
+address=/www.google.je/216.239.38.120
+address=/google.je/216.239.38.120
+address=/www.google.jo/216.239.38.120
+address=/google.jo/216.239.38.120
+address=/www.google.ki/216.239.38.120
+address=/google.ki/216.239.38.120
+address=/www.google.kg/216.239.38.120
+address=/google.kg/216.239.38.120
+address=/www.google.kz/216.239.38.120
+address=/google.kz/216.239.38.120
+address=/www.google.la/216.239.38.120
+address=/google.la/216.239.38.120
+address=/www.google.li/216.239.38.120
+address=/google.li/216.239.38.120
+address=/www.google.lk/216.239.38.120
+address=/google.lk/216.239.38.120
+address=/www.google.lt/216.239.38.120
+address=/google.lt/216.239.38.120
+address=/www.google.lu/216.239.38.120
+address=/google.lu/216.239.38.120
+address=/www.google.lv/216.239.38.120
+address=/google.lv/216.239.38.120
+address=/www.google.md/216.239.38.120
+address=/google.md/216.239.38.120
+address=/www.google.me/216.239.38.120
+address=/google.me/216.239.38.120
+address=/www.google.mg/216.239.38.120
+address=/google.mg/216.239.38.120
+address=/www.google.mk/216.239.38.120
+address=/google.mk/216.239.38.120
+address=/www.google.ml/216.239.38.120
+address=/google.ml/216.239.38.120
+address=/www.google.mn/216.239.38.120
+address=/google.mn/216.239.38.120
+address=/www.google.ms/216.239.38.120
+address=/google.ms/216.239.38.120
+address=/www.google.mu/216.239.38.120
+address=/google.mu/216.239.38.120
+address=/www.google.mv/216.239.38.120
+address=/google.mv/216.239.38.120
+address=/www.google.mw/216.239.38.120
+address=/google.mw/216.239.38.120
+address=/www.google.ne/216.239.38.120
+address=/google.ne/216.239.38.120
+address=/www.google.nl/216.239.38.120
+address=/google.nl/216.239.38.120
+address=/www.google.no/216.239.38.120
+address=/google.no/216.239.38.120
+address=/www.google.nr/216.239.38.120
+address=/google.nr/216.239.38.120
+address=/www.google.nu/216.239.38.120
+address=/google.nu/216.239.38.120
+address=/www.google.pl/216.239.38.120
+address=/google.pl/216.239.38.120
+address=/www.google.pn/216.239.38.120
+address=/google.pn/216.239.38.120
+address=/www.google.ps/216.239.38.120
+address=/google.ps/216.239.38.120
+address=/www.google.pt/216.239.38.120
+address=/google.pt/216.239.38.120
+address=/www.google.ro/216.239.38.120
+address=/google.ro/216.239.38.120
+address=/www.google.ru/216.239.38.120
+address=/google.ru/216.239.38.120
+address=/www.google.rw/216.239.38.120
+address=/google.rw/216.239.38.120
+address=/www.google.sc/216.239.38.120
+address=/google.sc/216.239.38.120
+address=/www.google.se/216.239.38.120
+address=/google.se/216.239.38.120
+address=/www.google.sh/216.239.38.120
+address=/google.sh/216.239.38.120
+address=/www.google.si/216.239.38.120
+address=/google.si/216.239.38.120
+address=/www.google.sk/216.239.38.120
+address=/google.sk/216.239.38.120
+address=/www.google.sn/216.239.38.120
+address=/google.sn/216.239.38.120
+address=/www.google.so/216.239.38.120
+address=/google.so/216.239.38.120
+address=/www.google.sm/216.239.38.120
+address=/google.sm/216.239.38.120
+address=/www.google.sr/216.239.38.120
+address=/google.sr/216.239.38.120
+address=/www.google.st/216.239.38.120
+address=/google.st/216.239.38.120
+address=/www.google.td/216.239.38.120
+address=/google.td/216.239.38.120
+address=/www.google.tg/216.239.38.120
+address=/google.tg/216.239.38.120
+address=/www.google.tl/216.239.38.120
+address=/google.tl/216.239.38.120
+address=/www.google.tm/216.239.38.120
+address=/google.tm/216.239.38.120
+address=/www.google.tn/216.239.38.120
+address=/google.tn/216.239.38.120
+address=/www.google.to/216.239.38.120
+address=/google.to/216.239.38.120
+address=/www.google.tt/216.239.38.120
+address=/google.tt/216.239.38.120
+address=/www.google.vg/216.239.38.120
+address=/google.vg/216.239.38.120
+address=/www.google.vu/216.239.38.120
+address=/google.vu/216.239.38.120
+address=/www.google.ws/216.239.38.120
+address=/google.ws/216.239.38.120
+address=/www.google.rs/216.239.38.120
+address=/google.rs/216.239.38.120
+address=/www.google.cat/216.239.38.120
+address=/google.cat/216.239.38.120
+address=/ya.ru/213.180.193.56
+address=/yandex.ru/213.180.193.56
+address=/yandex.com/213.180.193.56
+address=/yandex.com.tr/213.180.193.56
+address=/yandex.ua/213.180.193.56
+address=/yandex.by/213.180.193.56
+address=/yandex.ee/213.180.193.56
+address=/yandex.lt/213.180.193.56
+address=/yandex.lv/213.180.193.56
+address=/yandex.md/213.180.193.56
+address=/yandex.uz/213.180.193.56
+address=/yandex.tm/213.180.193.56
+address=/yandex.tj/213.180.193.56
+address=/yandex.az/213.180.193.56
+address=/www.youtube.com/216.239.38.119
+address=/m.youtube.com/216.239.38.119
+address=/youtubei.googleapis.com/216.239.38.119
+address=/youtube.googleapis.com/216.239.38.119
+address=/www.youtube-nocookie.com/216.239.38.119
+EOF
+	fi
+}
+
+gen(){
+	echo '#!/bin/sh' > $FWI
+}
+
+add_rule(){
+	ipset -N blockip hash:net 2>/dev/null
+	for i in $(cat $L/ip.list);do ipset -! add blockip $i;done
+	iptables -I FORWARD -m set --match-set blockip dst -m comment --comment "$TAG" -j DROP
+	iptables -I OUTPUT -m set --match-set blockip dst -m comment --comment "$TAG" -j DROP
+	gen
+	extract_rules(){
+		echo "*$1"
+		iptables-save -t $1 | grep DNSFILTER |\
+			sed -e "s/^-A \(OUTPUT\|FORWARD\)/-I \1 1/"
+		echo 'COMMIT'
+	}
+	cat <<-EOF >> $FWI
+	iptables-save -c | grep -v DNSFILTER | iptables-restore -c
+	iptables-restore -n <<-EOT
+	$(extract_rules filter)
+	EOT
+EOF
+}
+
+add_cron(){
+	if [ $cron_mode = 1 ];then
+		if ! grep -wq "$time_update \* \* \* .*dnsfilter" $CRON_FILE;then
+			grep -q dnsfilter $CRON_FILE && sed -i '/dnsfilter/d' $CRON_FILE
+			echo "0 $time_update * * * $P/dnsfilter > /tmp/adupdate.log 2>&1" >> $CRON_FILE
+			/etc/init.d/cron restart
+		fi
+	else
+		del_cron
+	fi
+}
+
+del_cron(){
+	if grep -q dnsfilter $CRON_FILE;then
+		sed -i '/dnsfilter/d' $CRON_FILE
+		/etc/init.d/cron restart
+	fi
+}
+
+del_rule(){
+	iptables -D FORWARD -m set --match-set blockip dst -m comment --comment "$TAG" -j DROP 2>/dev/null
+	iptables -D OUTPUT -m set --match-set blockip dst -m comment --comment "$TAG" -j DROP 2>/dev/null
+	ipset -X blockip 2>/dev/null
+	gen
+}
+
+start(){
+	config_load dnsfilter
+	config_foreach get_config dnsfilter
+	if [ $enable = 0 ];then
+		echo "`eval $E` [DNSFilter is disabled]"
+		exit 1
+	fi
+	if [ -s $D/rules.conf ];then
+		echo "`eval $E` [DNSFilter is running]"
+		exit 1
+	fi
+	if [ -n "$url" ];then
+		[ $flash = 0 -a ! -s $T/rules.conf ] && B=1
+		[ $flash = 1 -a ! -s $L/rules/rules.conf ] && B=1
+	fi
+	if [ $B = 1 ];then
+		echo "`eval $E` [Download Subscribe Rules...]"
+		$P/addown --down $B >/dev/null 2>&1 &
+		exit 9
+	fi
+	echo "`eval $E` [Load DNSFilter Rules]"
+	add_dns
+	add_rule
+	add_cron
+	if [ $STATUS = Y ];then
+		echo "`eval $E` [Dnsmasq Change]"
+		/etc/init.d/dnsmasq restart >/dev/null 2>&1
+	fi
+}
+
+stop(){
+	del_rule
+	kill -9 $(ps -w | grep grep $P/dnsfilter | grep -v grep | awk '{print$1}') 2>/dev/null
+	kill -9 $(ps -w | grep grep $P/addown | grep -v grep | awk '{print$1}') 2>/dev/null
+	kill -9 $(ps -w | grep ad_new.conf | grep -v grep | awk '{print$1}') 2>/dev/null
+	echo "`eval $E` [Stop DNSFilter]"
+	rm -rf /tmp/dnsmasq.d/dnsfilter.conf $D /var/lock/dnsfilter.lock
+	if [ "$(echo $url | sed 's/ /\n/g' | sort -u)" != "$(cat $T/url 2>/dev/null)" ];then
+		rm -rf $T
+		[ -d $L/rules ] && rm -rf $L/rules
+	fi
+	([ -h $T/url -a $flash = 0 ] || [ -z "$url" ]) && rm -rf $T
+	[ $enable = 0 ] && del_cron
+	if [ $STATUS = Y ];then
+		rm -rf $T
+		echo "`eval $E` [Revert Dnsmasq]"
+		/etc/init.d/dnsmasq restart >/dev/null 2>&1
+		rm -f /tmp/adupdate.log
+	fi
+}
+
+restart(){
+	if [ $enable = 1 ];then
+		STATUS=N
+		stop
+		start
+		echo "`eval $E` [Restart Dnsmasq]"
+		/etc/init.d/dnsmasq restart >/dev/null 2>&1
+	else
+		stop
+	fi
+}
+
+boot(){
+	gen;start
+}
--- a/package/lean/luci-app-dnsfilter/root/etc/uci-defaults/luci-dnsfilter
+++ b/package/lean/luci-app-dnsfilter/root/etc/uci-defaults/luci-dnsfilter
@ -0,0 +1,16 @@
+#!/bin/sh
+uci -q batch <<-EOF >/dev/null
+	delete ucitrack.@dnsfilter[-1]
+	add ucitrack dnsfilter
+	set ucitrack.@dnsfilter[-1].init=dnsfilter
+	commit ucitrack
+	delete firewall.dnsfilter
+	set firewall.dnsfilter=include
+	set firewall.dnsfilter.type=script
+	set firewall.dnsfilter.path=/var/etc/dnsfilter.include
+	set firewall.dnsfilter.reload=1
+	commit firewall
+EOF
+chmod 755 /etc/init.d/dnsfilter /usr/share/dnsfilter/* >/dev/null 2>&1
+rm -rf /tmp/luci-modulecache /tmp/luci-indexcache*
+exit 0
--- a/package/lean/luci-app-dnsfilter/root/rpcd/acl.d/luci-app-dnsfilter.json
+++ b/package/lean/luci-app-dnsfilter/root/rpcd/acl.d/luci-app-dnsfilter.json
@ -0,0 +1,11 @@
+{
+	"luci-app-dnsfilter": {
+		"description": "Grant UCI access for luci-app-dnsfilter",
+		"read": {
+			"uci": [ "dnsfilter" ]
+		},
+		"write": {
+			"uci": [ "dnsfilter" ]
+		}
+	}
+}
--- a/package/lean/luci-app-dnsfilter/root/usr/share/dnsfilter/addown
+++ b/package/lean/luci-app-dnsfilter/root/usr/share/dnsfilter/addown
@ -0,0 +1,21 @@
+#!/bin/sh
+[ "$1" = --down ] || exit 1
+# 防止重复启动
+LOCK=/var/lock/dnsfilter.lock
+[ -f $LOCK ] && exit 1
+touch $LOCK
+
+B=/tmp/dnsfilter
+C=/tmp/adupdate.log
+D="date +'%Y-%m-%d %H:%M:%S'"
+E="uclient-fetch --no-check-certificate --continue -O"
+G="Download Subscribe Rules"
+
+if [ "$2" = 1 ];then
+	echo "`eval $D` [$G]" >> $C
+	/usr/share/dnsfilter/dnsfilter addown >> $C
+fi
+
+echo "`eval $D` [Start DNSFilter]" >> $C;echo `eval $D` > $B/dnsfilter.updated
+rm -f $LOCK
+/etc/init.d/dnsfilter start &
--- a/package/lean/luci-app-dnsfilter/root/usr/share/dnsfilter/dnsfilter
+++ b/package/lean/luci-app-dnsfilter/root/usr/share/dnsfilter/dnsfilter
@ -0,0 +1,103 @@
+#!/bin/sh
+# 防止重复启动
+LOCK=/var/lock/dnsfilter.lock
+if [ -f $LOCK ];then
+	case $1 in
+		gen|addown)X=1;;
+		*)exit 1;;
+	esac
+fi
+touch $LOCK
+
+B="Download Subscribe Rules"
+C=0
+D=0
+E="date +'%Y-%m-%d %H:%M:%S'"
+U=`uci -q get dnsfilter.@dnsfilter[0].url`
+P=/tmp/dnsfilter
+W=`cat /etc/dnsfilter/white.list`
+
+gen(){
+	cat /tmp/adnew.conf | grep ^\|\|[^\*]*\^$ | grep -Ev "^\|\|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}*" | sed -e 's:||:address=/:' -e 's:\^:/:' > /tmp/ad.conf
+	for i in $W;do sed -i -e "/\/$i\//d" -e "/\.$i\//d" /tmp/ad.conf;done
+	rm -f /tmp/adnew.conf
+}
+
+down(){
+	G=/tmp/ad_tmp
+	F=$G/ad_new.conf
+	rm -rf $G
+	mkdir -p $G $P
+	for i in $U;do
+		X=1
+		while ! uclient-fetch --no-check-certificate --timeout=5 --continue -O $F $i;do
+			[ $X -ge 20 ] && echo "`eval $E` [Download $i Failed]" && continue 2 || let X++
+			sleep 2
+		done
+		X=`md5sum $G/rules.conf 2>/dev/null | awk '{print$1}'`
+		Y=`md5sum $G/host 2>/dev/null | awk '{print$1}'`
+		sed -i -e '/127.0.0.1 #/d' -e '/127.0.0.1 !/d' -e 's:#.*::' -e 's:!.*::' -e 's/\$important//g' -e 's/[ \t]*$//g' -e 's/^[ \t]*//g' -e '/\*/d' -e '/^$/d' $F
+		sed -i "s/\r//g" $F
+		if grep -q "^address=" $F;then
+			cat $F >> $G/rules.conf
+		elif grep -q -e "^0.0.0.0 " -e "^127.0.0.1 " $F;then
+			cat $F >> $G/host
+		elif ! grep -q -e "|" -e "@" $F;then
+			cat $F | sed -e 's:^:address=/:' -e 's:$:/:' >> $G/rules.conf
+		else
+			cat $F | grep ^\|\|[^\*]*\^$ | grep -Ev "^\|\|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}*" | sed -e 's:||:address=/:' -e 's:\^.*:/:' >> $G/rules.conf
+		fi
+		[ "$X" = "`md5sum $G/rules.conf 2>/dev/null | awk '{print$1}'`" -a "$Y" = "`md5sum $G/host 2>/dev/null | awk '{print$1}'`" ] && echo "`eval $E` [Conversion $i Failed]"
+		echo $i >> $G/url
+	done
+	[ -s $G/host ] && sed -e '/:/d' -e '/ 0.0.0.0/d' -e '/255.255.255.255/d' -e '/ local/d' -e 's:127.0.0.1 :address=/:' -e 's:0.0.0.0 :address=/:' -e 's:$:/:' $G/host >> $G/rules.conf
+	[ -s $G/rules.conf ] && sed -i -e 's:/127.0.0.1$:/:' -e 's:/0.0.0.0$:/:' $G/rules.conf && echo "`sort -u $G/rules.conf`" > $G/rules.conf
+	[ -s $G/url ] && echo "`sort -u $G/url`" > $G/url
+	if [ -s $G/rules.conf ];then
+		echo "`eval $E` [$B Successful]"
+		rm -f $F $G/host $P/failed
+		for i in $W;do sed -i -e "/\/$i\//d" -e "/\.$i\//d" $G/rules.conf;done
+		[ "$1" = 2 ] && rm -f $LOCK && exit
+		X=`uci -q get dnsfilter.@dnsfilter[0].flash`
+		Y=`md5sum $G/* | awk '{print$1}'`
+		[ $X = 0 ] && Z=`md5sum $P/* 2>/dev/null | awk '{print$1}'` || Z=`md5sum /etc/dnsfilter/rules/* 2>/dev/null | awk '{print$1}'`
+		if [ "$Y" != "$Z" ];then
+			[ "$1" = 1 ] || echo "`eval $E` [Subscribe Rules Need Update]"
+			if [ "$X" = 0 ];then
+				rm -f $P/*
+				cp -a $G/* $P
+			else
+				[ ! -d "/etc/dnsfilter/rules" ] &&
+					mkdir /etc/dnsfilter/rules
+				rm -f /etc/dnsfilter/rules/*
+				cp -a $G/* /etc/dnsfilter/rules
+			fi
+			D=1
+		else
+			echo "`eval $E` [Subscribe Rules No Change]"
+		fi
+	else
+		echo "`eval $E` [$B Failed]"
+		echo failed > $P/failed
+		[ "$1" = 2 ] && rm -f $LOCK && exit
+	fi
+	rm -rf $G
+}
+
+case $1 in
+	addown)down 1;exit;;
+	down)down 2;;
+	gen)gen;[ "$X" = 1 ] || rm -f $LOCK;exit;;
+esac
+
+if [ `uci -q get dnsfilter.@dnsfilter[0].enable` = 1 ];then
+	[ -n "$U" ] && down
+	echo `eval $E` > $P/dnsfilter.updated
+fi
+
+if [ $D = 1 ];then
+	echo "`eval $E` [Reload DNSFilter Rules]"
+	/etc/init.d/dnsfilter restart
+fi
+
+rm -f $LOCK