Electrical-Forenics Home ray@RayFranco.com                       601.529.7473
   © Dr. Ray Franco, PhD, PE  -  208 Fairways Dr., Vicksburg, MS 39183

Pi-hole

Pi-hole can block most 3rd parity ads. It will not block ads that are served from the same server that holds the contents e.g. Google Services, YouTube, Facebook. It also will not block the popup that appears on every stackexchange.com page wanting you to enable cookie!

Pihole is resource stingy. It can easily run on a Raspberry Pi Zero 2W, which only has 512 MB of RAM.

Pi-Hole Installation [2]

You can install Pi-hole with the following command:

sudo curl -sSL https://install.pi-hole.net | bash

Alternatively, you can download the installer:

wget -O basic-install.sh https://install.pi-hole.net

and run the following command:

sudo bash basic-install.sh

At the end of installation, pihole will generate a random password for its web interface. However, there is no reason to write it down. You can set a new password with the command:

sudo pihole setpassword

Another useful command is the flush pihole collected data:

pihole -f

From Pi-hole's web interface, you can also change, the the default dns servers: System -> Settings -> DNS.

For computers that I do not run a VPN on, I set mine to Nordvpn's DNS servers: 

103.86.96.100
103.86.99.100

References:

  1. https://pi-hole.net
  2. Pi-hole Installation vi the Command Line
  3. Pi-hole Setup
  4. Configure my-devices to use Pi-hole.

From examing the crontab file for Pi-hole, /etc/cron.d/Pihole, Pi-hole updates the add source one week on Sunday at random in the early morning. It looks like it also runs an update checker and may be updating itself. Pi-hole also creates log files.

Testing Pi-hole

This site has ads galore, and pihole blocks all of them:
 
Linux Hints Find Tutorial

These sites also have numerious ads, and Pi-hole blocks most of them:
 
Linux itsfoos.com
 
Linuxuprising,com
 
Some of the worst sites that serve adds, are tutorials on Linux and those that answer Linux questions.

Recursive DNS Server - Unbound

Pi-hole can do more than filter adds. I added the recursive doman name server (dns) "unbound". Mostly, I followed the instructions at: https://docs.pi-hole.net/guides/dns/unbound, which was last updated on December 28, 2021. The following is a PDF version of the referenced page that details what I did: details . The instructions include two commands for validating that unbound is working correctly:
 
dig sigok.verteiltesysteme.net @127.0.0.0.1 -p 5335
 
dig sigfail.verteiltesysteme.net @127.0.0.0.1 -p 5335
 
It was not initially clear to me what the output of the instructions should look like. They should look like this.

The configuration file for unbound is given above documention. To check that this file is valid, run:
 
sudo /usr/sbin/unbound-checkconf

Contents Ad Blockers

Pi-hole blocks DNS request, but you often need more. Contents Ad Blockers, are extnesion to your web browser that block the contents of ads. For example, the popular, "Sign in with Google" popup comes from the same server as the website you are trying to visit [3]. To block it you need a Contents Ad Blocker such as uBlock Orgin [2].

Google Chrome has recently made it hard or impossible for uBlock Origin to work. It still works with Firebox, but Firefox makes it hard just to get the uBlock Icon on your their web browser, which you need to set it up.

To get the uBlock Origin icon on FireFox:

  1. Click on the Extension Icon that looks like a puzzle at the top left.
  2. Click on the Extension Icon that looks like a puzzle on the left.
  3. Click on the uBlock Orign meatblall (3 dots) icon.
  4. Under Run in Private Windows", select the "Allow" radio button.

Now. the uBlock Icon should be at the top left (next to the extension icon) on the main page of FireFox.

Click on the new uBlock Origin icon. Then, click on the gear icon.

Add the a custom filter:

||accounts.google.com/gsi/*$xhr,script,3p

and hit apply.

Also add the filter:

||smartlock.google.com

  1. How do you bleock sign in with Google via Pihole?
  2. uBlock Origin - Free, open-source ad content blocker
  3. How to Disable the “Sign-In with Google” Prompt on Websites
  4. Reddit - Sites asking me to log in using my Google account

Raspberry Pi Router

My goal is to turn the Raspberry Pi into a router with Pi-hole. The same goal as Reference 1.

From what I read on the Internet, OpenWRT is a software router that will run on the Raspberry Pi. However, its a custom embedded Linux distro. Therefore, I do not believe it will recieve the security updates that a distro based off of Debian would. In addition, it might not have the flexibility to add other components such as Pi-hole, unbound, and a Network Sniffer. It was released in 2004 so it should be very stable. The network engineer with a pony tail in Reference 4, uses OpenWRT. He also uses a USB wireless wifi antenna to a add a second wireless interface!

A Raspberry Pi router will face the big bad Internet and security is a major concern. In Reference 1, the guy uses iptables with rules that I do not know how to implement using firewalld, and I do not want to learn iptables. All the talk now is about the pfSense firewall, which one author said was not yet available for the Rpi. The best I can tell, it is an open source network security firewall that sells "Netgate" hardware with pfSense. Netgate is the copyright holder of pfSense. An alternative to pfSense is OPNsense, which is an open source firewall and routing software developed by Deciso. A company in the Netherland that makes hardware and sells suport packages for OPNsense. PfSense is a fork of m0n0wall, and OPNsense is a fork of pfSense. When m0n0wall closed down in 2015, its creator referred its developer community to OPNsene. Both pfSense and OPNsense were designed to run on x86-64 platforms and not arm processors.

© Copyright Dr. Ray Franco, PhD, PE | 2006-20255555. All rights reserved.

tracking cookies finger printing Valid HTML 4.01 Transitional Valid CSS!