Skip to content

Commit b1a1555

Browse files
rtzrartzra
committed
Initial commit
0 parents  commit b1a1555

17 files changed

+2107
-0
lines changed

blocky/blocky.conf

+95
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,95 @@
1+
# Configuration file blocky.conf for Blocky # https://0xerr0r.github.io/blocky/
2+
3+
upstream:
4+
# List of public DNS servers: https://0xerr0r.github.io/blocky/additional_information/#list-of-public-dns-servers
5+
default:
6+
# - tcp-tls:172.16.1.2 # You own secure upstream DNS server
7+
- tcp-tls:1.1.1.1 # one.one.one.one
8+
- tcp-tls:1.0.0.1 # one.one.one.one
9+
- tcp-tls:8.8.8.8 # Google
10+
- tcp-tls:8.8.4.4 # Google
11+
- tcp-tls:9.9.9.9 # quad9.net
12+
#- 149.112.112.112 # quad9.net
13+
# Restrict DNS for some network
14+
#192.168.100.0/24:
15+
# - 1.1.1.1
16+
# - 9.9.9.9
17+
conditional:
18+
rewrite:
19+
example.com: YOU-OWN-DOMAIN.COM
20+
mapping:
21+
YOU-OWN-DOMAIN.COM: udp:10.10.20.1,udp:10.10.21.1
22+
# for reverse DNS lookups of local devices
23+
20.10.10.in-addr.arpa: udp:10.10.20.1
24+
21.10.10.in-addr.arpa: udp:10.10.21.1
25+
blocking:
26+
refreshPeriod: 30 # Reload blocklist Every 30 minutes, default 60
27+
blockType: zeroIp
28+
blackLists:
29+
default:
30+
- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
31+
suspicious:
32+
- https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt
33+
- https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts
34+
- https://v.firebog.net/hosts/static/w3kbl.txt
35+
advertising:
36+
- https://easylist.to/easylist/easylist.txt
37+
- https://secure.fanboy.co.nz/fanboy-cookiemonster.txt
38+
- https://adaway.org/hosts.txt
39+
- https://v.firebog.net/hosts/AdguardDNS.txt
40+
- https://v.firebog.net/hosts/Admiral.txt
41+
- https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
42+
- https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
43+
- https://v.firebog.net/hosts/Easylist.txt
44+
- https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext
45+
- https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts
46+
- https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts
47+
tracking-telemetry:
48+
- https://easylist.to/easylist/easyprivacy.txt
49+
- https://v.firebog.net/hosts/Easyprivacy.txt
50+
- https://v.firebog.net/hosts/Prigent-Ads.txt
51+
- https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts
52+
- https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
53+
- https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt
54+
malicious:
55+
- https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt
56+
- https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt
57+
- https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
58+
- https://v.firebog.net/hosts/Prigent-Crypto.txt
59+
- https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt
60+
- https://phishing.army/download/phishing_army_blocklist_extended.txt
61+
- https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt
62+
- https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt
63+
- https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts
64+
- https://urlhaus.abuse.ch/downloads/hostfile/
65+
other:
66+
- https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser
67+
clientGroupsBlock:
68+
default:
69+
- default
70+
- suspicious
71+
- advertising
72+
- tracking-telemetry
73+
- malicious
74+
- other
75+
# optional: use this DNS server to resolve blacklist urls and upstream DNS servers (DOH). Useful if no DNS resolver is configured an
76+
bootstrapDns: tcp:1.1.1.1
77+
# Define ports
78+
port: 53
79+
httpPort: 4000
80+
# Prometheus Statistic
81+
prometheus:
82+
enable: true
83+
path: /metrics
84+
# optional: Drop all AAAA query if set to true. Default: false
85+
disableIPv6: true
86+
# Log Settings
87+
logLevel: info
88+
logFormat: text
89+
logTimestamp: true
90+
# Log Query
91+
queryLog:
92+
dir: /logs
93+
perClient: true
94+
logRetentionDays: 7
95+

blocky/blocky.sh

+25
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
#!/bin/sh
2+
3+
# see https://github.com/0xERR0R/blocky
4+
# https://0xerr0r.github.io/blocky/
5+
6+
listen_ip="10.20.30.1" # Interface IP for Blocky
7+
8+
docker ps -a --no-trunc | grep "blocky" | awk '{print $1}' | xargs docker container stop
9+
10+
docker pull spx01/blocky
11+
12+
echo y | docker system prune --volumes
13+
14+
sudo cp blocky.yml /opt/blocky.yml
15+
16+
sudo docker volume create blocky_logs
17+
sudo docker volume create block_blacklist
18+
19+
docker run -d --restart unless-stopped \
20+
-v blocky_blacklist:/app/blacklists/ \
21+
-v blocky_logs:/logs \
22+
--name blocky -v /opt/blocky.yml:/app/config.yml \
23+
-p $listen_ip:4000:4000 \
24+
-p $listen_ip:53:53/udp \
25+
spx01/blocky

0 commit comments

Comments
 (0)