3,250
edits
Changes
Jump to navigation
Jump to search
Line 53:
Line 53: − + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + − + Line 62:
Line 162: − + + + + + + + + + +
→Install pihole
{{Note box|TODO}}
{{Note box|TODO}}
=== Tweak pihole using interface ===
=== Tweak pihole using cli ===
As per the instruction of https://jpgpi250.github.io/piholemanual/doc/Block%20Ads%20Network-wide%20with%20A%20Raspberry%20Pi-hole.pdf, log as pi user to your pi and do<syntaxhighlight lang="bash">
#disable wifi and bluetooth on 3B, 3B+, 3A+, 4B and Zero W
echo "dtoverlay=disable-wifi" | sudo tee -a /boot/config.txt
echo "dtoverlay=disable-bt" | sudo tee -a /boot/config.txt
sudo systemctl disable hciuart
#utilities
sudo apt -y install crudini vim
# add few lists
cd ~
wget https://raw.githubusercontent.com/jpgpi250/piholemanual/master/NextDNS.sh
wget https://raw.githubusercontent.com/jpgpi250/piholemanual/master/AdguardTeam.sh
wget https://raw.githubusercontent.com/jpgpi250/piholemanual/master/firebog.sh
wget wget https://raw.githubusercontent.com/jpgpi250/piholemanual/master/quidsup.sh
#we do not use ipv6
#https://raw.githubusercontent.com/jpgpi250/piholemanual/master/IPv6check.sh
sudo chmod +x /home/pi/NextDNS.sh /home/pi/AdguardTeam.sh /home/pi/firebog.sh /home/pi/quidsup.sh
# insert other lists.
sudo pihole-FTL sqlite3 /etc/pihole/gravity.db
insert or ignore into adlist (address, enabled)
values ('http://someonewhocares.org/hosts/hosts', 1);
insert or ignore into adlist (address, enabled)
values ('http://v.firebog.net/hosts/Easyprivacy.txt', 1);
insert or ignore into adlist (address, enabled)
values ('https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt', 1);
insert or ignore into adlist (address, enabled)
values ('https://gitlab.com/ZeroDot1/CoinBlockerLists/raw/master/list.txt', 1);
insert or ignore into adlist (address, enabled)
values ('file:///home/pi/quidsup/notrack-blocklist.txt', 1);
insert or ignore into adlist (address, enabled)
values ('file:///home/pi/quidsup/notrack-malware.txt', 1);
.quit
# take into accoutn all the list we added
pihole -g
# flush local dns cache
ipconfig /flushdns
# watchdog
# Enable watchdog to send mails, whenever triggered:
sudo apt-get -y install watchdog
max-load-5 = 18
max-load-15 = 12
watchdog-device = /dev/watchdog
watchdog-timeout = 15
#use schedtools to optimize CPU for some process
sudo apt-get -y install schedtool
#install need restart
sudo apt-get -y install needrestart
sudo sed -i 's/#$nrconf{kernelhints} = .*/$nrconf{kernelhints} = 0;/' /etc/needrestart/needrestart.conf
sudo sed -i 's/#$nrconf{ucodehints} = 0;/$nrconf{ucodehints} = 0;/' /etc/needrestart/needrestart.conf
cd ~
wget https://raw.githubusercontent.com/jpgpi250/piholemanual/master/needrestart.sh
chown +x /home/pi/needrestart.sh
# random generator
# cron entries
echo "
30 23 * * 6 root PATH="$PATH:/home/pi/" /home/pi/NextDNS.sh >/dev/null 2>&1
30 5 * * * root PATH="$PATH:/home/pi/" /home/pi/needrestart.sh >/dev/null 2>&1" | sudo tee /etc/cron.d/pihole
#mail setup
sudo apt-get -y install msmtp
sudo ln -s /usr/bin/msmtp /usr/lib/sendmail
echo "
defaults
tls on
auth off
host YOURSMELANIP
port 25
aliases /etc/aliases
account default
from pi@pi.hole"| sudo tee /etc/msmtprc
sudo sed -i '/^default:/d' /etc/aliases || true
pi@pihole:~ $ echo "default:YOURADMINEMAIL" | sudo tee -a /etc/aliases
# protect your pi
# we assume you already changed the default password, and configured the pi to only accept your rsa key, no password for ssh
sudo sed -i 's/#net.ipv4.conf.default.rp_filter=1/net.ipv4.conf.default.rp_filter=1/' /etc/sysctl.conf
sudo sed -i 's/#net.ipv4.conf.all.rp_filter=1/net.ipv4.conf.all.rp_filter=1/' /etc/sysctl.conf
sudo sed -i 's/#net.ipv4.conf.all.accept_redirects = 0/net.ipv4.conf.all.accept_redirects = 0/' /etc/sysctl.conf
sudo sed -i 's/#net.ipv6.conf.all.accept_redirects = 0/net.ipv6.conf.all.accept_redirects = 0/' /etc/sysctl.conf
sudo sed -i 's/#net.ipv4.conf.all.send_redirects = 0/net.ipv4.conf.all.send_redirects = 0/' /etc/sysctl.conf
sudo sed -i 's/#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/' /etc/sysctl.conf
sudo sed -i 's/#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/' /etc/sysctl.conf
sudo reboot
</syntaxhighlight>
=== Tweak pihole using web interface ===
If you have windows machines that need updating , go to http://pi.hole and login.
If you have windows machines that need updating , go to http://pi.hole and login.
Set in domain the following whitelist<syntaxhighlight lang="ini">
Set in domain the following whitelist in "Domains"<syntaxhighlight lang="ini">
www.msftncsi.com
www.msftncsi.com
dns.msftncsi.com
dns.msftncsi.com
www.msftconnecttest.com
www.msftconnecttest.com
ipv6.msftconnecttest.com
ipv6.msftconnecttest.com
</syntaxhighlight>you might also read and apply some part of https://jpgpi250.github.io/piholemanual/doc/Block%20Ads%20Network-wide%20with%20A%20Raspberry%20Pi-hole.pdf
</syntaxhighlight>Go now to "Settings" and choose "DNS" tab". There you will scroll down to "Advanced DNS settings", and
* uncheck "'''Never forward non-FQDN <code>A</code> and <code>AAAA</code> queries'''"
* check "'''Use Conditional Forwarding"'''
* fill the 3 input field with your network informations
** your SME network should be noted as 192.168.1.0/24 if your SME IP is 192.168.1.1 and you have a netmask of 255.255.255.0
** your SME Server LAN IP
** you Primary domain.
you might also read and apply some part of https://jpgpi250.github.io/piholemanual/doc/Block%20Ads%20Network-wide%20with%20A%20Raspberry%20Pi-hole.pdf
=== Setup your SME to give pihole as DNS for your network, for machines using DHCP ===
=== Setup your SME to give pihole as DNS for your network, for machines using DHCP ===