I created a test version of a RPZ add-on and I am looking for feedback

Let’s try the install again from the beginning.

Copy the rpz-beta-0.1.17-17.ipfire.tar file to the /opt/pakfire/tmp/ directory. Please speak up if you need assistance with this!

Then:

# 1 - go to this directory:
cd /opt/pakfire/tmp/

# 2 - list the file
ls -l /opt/pakfire/tmp

# 3 - uncompress the file:
tar xvf rpz-beta-0.1.17-17.ipfire.tar

# 4 - check to make sure there are files there:
ls -l /opt/pakfire/tmp

# 5 - copy this one file to a new location
cp -v ROOTFILES /opt/pakfire/db/rootfiles/rpz

# 6 - install RPZ
NAME=rpz ./install.sh

You do not need to use sudo or add a -X or rename anything. So if a step above does not work, please copy and paste the command and its results.


EDIT:
FYI - when you enter ls -l /opt/pakfire/tmp you will see this:

[root@ipfire tmp] # ls -l /opt/pakfire/tmp
total 72
-rw-r--r-- 1 root root 14496 Dec  9 21:32 files.tar.xz
-rwxr--r-- 1 root root  1873 Dec  9 21:32 install.sh
-rw-r--r-- 1 root root   555 Dec  9 21:32 ROOTFILES
-rw-r--r-- 1 root root 40960 Dec 19 11:42 rpz-beta-0.1.17-17.ipfire.tar
-rwxr--r-- 1 root root  2024 Dec  9 21:32 uninstall.sh
-rwxr--r-- 1 root root  2268 Dec  9 21:32 update.sh
[root@ipfire tmp] # 
2 Likes

Thank you!
It was almost in line with what I did, but I probably messed up something, this worked.

Maybe the above post should be on that wiki page.

1 Like

done!

Please add feedback about RPZ.

2 Likes

Testing it now.
AdBlock Tester: test your AdBlock extensions
96/100
Works here: Test your ad blocker (in a few simple steps) - Ads-blocker.com

Yotube adblock doesn’t work as good as uBlock Origin. Not with the lists I found.

Which lists do you use?
My Adblock Tester score is 100/100.

Right now I am just testing different lists.
I think I will grab most of the ones from inside of this:
uBlock/assets/assets.json at 16a0ebbfb05c4582ecc68454ba3b45b403164dde · gorhill/uBlock · GitHub

@sonic , these lists are not in unbound RPZ syntax!

I recommend the collection of hagezi. Links can be found on the IPFire wiki page on RPZ by @jon.

1 Like

I was using the TXT lists from inside of json.
But thanks for suggestion, I’ll try it.

How would one use CLI to determine what version of RPZ is running?

Thank You!

Currently there is not an easy way. Once RPZ is approved by the Core Developers than it will be much easier.

Try running this and posting the results:

grep version= /usr/sbin/rpz*

I am running rpz-beta-0.1.17-17 and I see this for the individual scripts:

[root@ipfire ~] # grep version= /usr/sbin/rpz*
/usr/sbin/rpz-config:version="2024-10-29 - v41"
/usr/sbin/rpz-functions:#	version="2024-09-01   v01"
/usr/sbin/rpz-make:version="2024-12-02 - v11"
/usr/sbin/rpz-metrics:version="2024-11-04 - v24"
/usr/sbin/rpz-sleep:version="2024-08-16"        # v05
[root@ipfire ~] # 
2 Likes

Thanks!~ Mine prints out the same…
:
[root@ipfire ~]# grep version= /usr/sbin/rpz*
/usr/sbin/rpz-config:version=“2024-10-29 - v41”
/usr/sbin/rpz-functions:# version=“2024-09-01 v01”
/usr/sbin/rpz-make:version=“2024-12-02 - v11”
/usr/sbin/rpz-metrics:version=“2024-11-04 - v24”
/usr/sbin/rpz-sleep:version=“2024-08-16” # v05

1 Like

It worked so great that… my wife got upset.
“Where are my ads!?” “Why are you changing things without asking me?!”

5 Likes

Glad to hear it work really well!

You could add her favorite ads to the custom allowlist.

5 Likes

I know @jon has something in the works for something better than this down the road but for anyone that feels capable of editing the rpz.cgi you can add this.

&Header::openbox('100%', 'left',"Rpz-Metrics");

print '<br><textarea style="width:100%" rows=11 name="text" readonly="readonly">';
if ( -e "/usr/sbin/rpz-metrics" ) {
	my @metrics = `rpz-metrics`;
	print "@metrics";

}
print '</textarea>';
&Header::closebox();

to line 184 after &_print_customlists();

so it looks like:

&_print_customlists();
&Header::openbox('100%', 'left',"Rpz-Metrics");

print '<br><textarea style="width:100%" rows=11 name="text" readonly="readonly">';
if ( -e "/usr/sbin/rpz-metrics" ) {
	my @metrics = `rpz-metrics`;
	print "@metrics";

}
print '</textarea>';
&Header::closebox();
&Header::closebigbox();
&Header::closepage();

###--- End of GUI ---###

and it will give you the metrics so you don’t have to open the console to see them.

6 Likes

Thanks @jon and others for this addon.

Greatly appreciated.

I have been running pihole on a Raspberry Pi alongside ipFire for several years - this has now been replaced with your addon… less moving parts and no loss of function / defense.

Looking forward to seeing this addon included in the Pakfire stable.

Cheers,

4 Likes

Can the wife’s PC bypass the filter?
By adding her IP?

1 Like

:thinking: It seems that it may be possible using:

RPZ Policies → Trigger → Client IP Address

https://unbound.docs.nlnetlabs.nl/en/latest/topics/filtering/rpz.html#rpz-policies

RPZ Actions → PASSTHRU

https://unbound.docs.nlnetlabs.nl/en/latest/topics/filtering/rpz.html#rpz-actions

Perhaps that can be in version 2.0
:slight_smile:

:thinking: I wonder if this workaround is correct

obraz

for client 192.168.0.11

This passthru works for persons only, who have access to IPFire.
And ‘untrusted’ users should not be able to do that. :wink: