Pi Hole - network-wide ad blocking
-
Currently, what is holding back pi-hole is a couple of Cloudron limitations:
-
Cloudron reserves port 53 (dns) on the server. Have to fix unbound to listen only on internal interfaces (we listen on 0.0.0.0 and rely on firewall and access control policies to block requests).
-
Some IP based firewall as @savity has been requesting in another thread. This is required to block requests to pi-hole to just your machines/network.
-
-
@imc67 indeed. If we bundle them together, it's not a problem. Is this the "preferred" way to package pi-hole?
-
yeah i mean it would be for me i would never create pihole acessable for others its for private reasons vpn+pihole. So pihole would be listening, lets say on 10.9.0.0
Maybe in the future the idea could to configure other apps only availaie in the same VPN Network
-
@savity couldn’t agree more. For me it would be a killer feature. And would make for a nice campaign on Twitter, Reddit et. all. Just look how many people google this and try to establish it manually....this is a mainstream feature, that would be appreciated by the entire user base, much more than specific applications that appeal only to certain users.... my opinion
-
Haha, Pie Hole / Cake Hole is British for your mouth, as in; shut your pie hole
-
@marcusquinn
Pi-hole, not Pie hole -
@Hillside502 3.14159265359... hole
-
Last I checked it was quite tricky to deploy pi-hole with docker. Does anyone have experience with this style of deployment? It was really made like a "distribution"/"OS" instead of a separate app.
-
@girish It's pretty straightforward as far as I can tell. I've got two instances hosted via Docker on Raspberry Pis at my home.
I agree with folks above suggesting though that it'd be best to expose only to internal services and likely inside a VPN. There is probably a decent way to do this in a single app, but I wonder if there is value in creating a new way to expose particular Apps to other apps via a shared network.
This would allow exposing a Pi-Hole app that has no "public" ports to any VPN app (OpenVPN, Wireguard, etc) with an internal hostname (app name?).
-
@iamthefij So, let's say the VPN app had a way to set a custom name server and one could just edit some file and set it to the pi-hole app, would this be good enough already? Given that the OpenVPN app is custom anyway, we can even add a simple UI that allows a user to set the DNS server IP (as you say, this might be the internal host name since IP might be dynamic actually).
This seems quite doable.
-
I've got one up and running on a public endpoint, no sweat. I just set the server to only allow queries from my IP range, deny all by default.
-
@girish yea, that's pretty much all that should be required. As long as the two containers can communicate via their internal host names, it should be sufficient.
The other advantage here is that it enables you to use the DNS from a mobile phone. Otherwise whenever you switch to a new network you receive the networks DNS via DHCP.
-
@doodlemania2 I'm not sure exactly what you've configured, but many folks do not have static IP addresses to do this with. Not only does my home network frequently change IP addresses, but my mobile network does as well.
-
@Mallewax said in AdGuard - Network-wide ads & trackers blocking DNS server:
Pihole plus Wireguard
Let's vote more here: https://forum.cloudron.io/topic/1355/pi-hole-network-wide-ad-blocking
In short why:
WireGuard is a very fast, safe and stateless VPN, great with mobile apps to be ALWAYS CONNECTED via your own VPN & covered by the Pi-hole adfilter & security platform. Faster (mobile) connections (no more ads and bulky stuff) to your own safe VPN (no more sniffing by mobile providers or obscure VPN providers).
Need to say more