AdGuard - Network-wide ads & trackers blocking DNS server

rmdes

Interesting !

Mallewax

@imc67 @girish Yep, couldn't agree more and am repeating myself. Pihole plus Wireguard would be a killer combination and I bet, so many more users, who don't even know what they are missing would start using it.

imc67

@Mallewax said in AdGuard - Network-wide ads & trackers blocking DNS server:

Pihole plus Wireguard

Let's vote more here: https://forum.cloudron.io/topic/1355/pi-hole-network-wide-ad-blocking

In short why:

WireGuard is a very fast, safe and stateless VPN, great with mobile apps to be ALWAYS CONNECTED via your own VPN & covered by the Pi-hole adfilter & security platform. Faster (mobile) connections (no more ads and bulky stuff) to your own safe VPN (no more sniffing by mobile providers or obscure VPN providers).

Need to say more

girish

Just leaving a note here: I did give pi-hole a try but it was really hard to package from source easily. I managed to package AdGuard easily instead. Some reviews here https://home-assistant-guide.com/2020/09/26/adguard-home-vs-pi-hole-2020-two-ad-and-internet-tracker-blockers-compared/ and https://mariushosting.com/synology-adguard-vs-pi-hole/ .

It requires some support from the platform so there is no unstable package published, depending on time we might add it to Cloudron 6 (or the release after).

girish

AdGuard Home is ready https://git.cloudron.io/cloudron/adguard-home-app

This requires features in Cloudron 6, so I will wait until I make the announcement.

mehdi

@girish How do you handle the port exposure ? Like, if you install this on a publicly accessible IP, not behind a LAN, anybody could access the DNS server ?

girish

@mehdi Yes, currently anyone can access it. I think we have to add some sort of firewall feature in the future to limit access to apps by IP in a future release.

mehdi

@girish I strongly second this firewall proposal

girish

@mehdi I wasn't sure if it's worth the effort because most VPS providers these days have a firewall in their control panel (which is better than iptables since packets won't even hit the VM now and will get stopped at the cloud provider's edge).

fbartels

@girish adguard itself actually also has a whitelist feature for ips it will reply to. But that would even be one level further down from the effectiveness of iptables.

girish

@fbartels you are right! It's under DNS setings.

fbartels

@girish afaik all settings are stored in an ini file. Maybe it could be auto setup only for the internal network towards the app containers?

marcusquinn

@fbartels 2nd this!

necrevistonnezr

@girish said in AdGuard - Network-wide ads & trackers blocking DNS server:

@mehdi I wasn't sure if it's worth the effort because most VPS providers these days have a firewall in their control panel (which is better than iptables since packets won't even hit the VM now and will get stopped at the cloud provider's edge).

Don't forget us bedroom server adminstrators...

mehdi

Nor us bare-metal people!

jimcavoli

I'm a big fan of the "belt-and-suspenders" approach to firewalls locally and out in the magical ingress/networking land. Never a bad thing to have more controls or choices over where to manage/place certain controls. Portability is a big thing too, and a lot of the cloud provider firewalls are rather bespoke, with a wide range (or lack) of features.

marcusquinn

@necrevistonnezr @mehdi Haha, innuendo bingo! Only a matter of time before Only Fans stars start using Cloudron to avoid de-platforming issues and cut-out the middle-men.