Line 53: |
Line 53: |
| {{Note box|TODO}} | | {{Note box|TODO}} |
| | | |
− | === Tweak pihole using interface === | + | === Tweak pihole using cli === |
| + | As per the instruction of https://jpgpi250.github.io/piholemanual/doc/Block%20Ads%20Network-wide%20with%20A%20Raspberry%20Pi-hole.pdf, log as pi user to your pi and do<syntaxhighlight lang="bash"> |
| + | #disable wifi and bluetooth on 3B, 3B+, 3A+, 4B and Zero W |
| + | echo "dtoverlay=disable-wifi" | sudo tee -a /boot/config.txt |
| + | echo "dtoverlay=disable-bt" | sudo tee -a /boot/config.txt |
| + | sudo systemctl disable hciuart |
| + | |
| + | #utilities |
| + | sudo apt -y install crudini vim |
| + | |
| + | # add few lists |
| + | cd ~ |
| + | wget https://raw.githubusercontent.com/jpgpi250/piholemanual/master/NextDNS.sh |
| + | wget https://raw.githubusercontent.com/jpgpi250/piholemanual/master/AdguardTeam.sh |
| + | wget https://raw.githubusercontent.com/jpgpi250/piholemanual/master/firebog.sh |
| + | wget wget https://raw.githubusercontent.com/jpgpi250/piholemanual/master/quidsup.sh |
| + | #we do not use ipv6 |
| + | #https://raw.githubusercontent.com/jpgpi250/piholemanual/master/IPv6check.sh |
| + | sudo chmod +x /home/pi/NextDNS.sh /home/pi/AdguardTeam.sh /home/pi/firebog.sh /home/pi/quidsup.sh |
| + | |
| + | # insert other lists. |
| + | sudo pihole-FTL sqlite3 /etc/pihole/gravity.db |
| + | insert or ignore into adlist (address, enabled) |
| + | values ('http://someonewhocares.org/hosts/hosts', 1); |
| + | insert or ignore into adlist (address, enabled) |
| + | values ('http://v.firebog.net/hosts/Easyprivacy.txt', 1); |
| + | insert or ignore into adlist (address, enabled) |
| + | values ('https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt', 1); |
| + | insert or ignore into adlist (address, enabled) |
| + | values ('https://gitlab.com/ZeroDot1/CoinBlockerLists/raw/master/list.txt', 1); |
| + | insert or ignore into adlist (address, enabled) |
| + | values ('file:///home/pi/quidsup/notrack-blocklist.txt', 1); |
| + | insert or ignore into adlist (address, enabled) |
| + | values ('file:///home/pi/quidsup/notrack-malware.txt', 1); |
| + | .quit |
| + | |
| + | # take into accoutn all the list we added |
| + | pihole -g |
| + | # flush local dns cache |
| + | ipconfig /flushdns |
| + | |
| + | |
| + | |
| + | # watchdog |
| + | # Enable watchdog to send mails, whenever triggered: |
| + | sudo apt-get -y install watchdog |
| + | |
| + | max-load-5 = 18 |
| + | max-load-15 = 12 |
| + | watchdog-device = /dev/watchdog |
| + | watchdog-timeout = 15 |
| + | |
| + | #use schedtools to optimize CPU for some process |
| + | sudo apt-get -y install schedtool |
| + | |
| + | #install need restart |
| + | sudo apt-get -y install needrestart |
| + | sudo sed -i 's/#$nrconf{kernelhints} = .*/$nrconf{kernelhints} = 0;/' /etc/needrestart/needrestart.conf |
| + | sudo sed -i 's/#$nrconf{ucodehints} = 0;/$nrconf{ucodehints} = 0;/' /etc/needrestart/needrestart.conf |
| + | cd ~ |
| + | wget https://raw.githubusercontent.com/jpgpi250/piholemanual/master/needrestart.sh |
| + | chown +x /home/pi/needrestart.sh |
| + | |
| + | # random generator |
| + | |
| + | # cron entries |
| + | echo " |
| + | 30 23 * * 6 root PATH="$PATH:/home/pi/" /home/pi/NextDNS.sh >/dev/null 2>&1 |
| + | 30 5 * * * root PATH="$PATH:/home/pi/" /home/pi/needrestart.sh >/dev/null 2>&1" | sudo tee /etc/cron.d/pihole |
| + | |
| + | #mail setup |
| + | sudo apt-get -y install msmtp |
| + | sudo ln -s /usr/bin/msmtp /usr/lib/sendmail |
| + | echo " |
| + | defaults |
| + | tls on |
| + | auth off |
| + | host YOURSMELANIP |
| + | port 25 |
| + | aliases /etc/aliases |
| + | account default |
| + | from pi@pi.hole"| sudo tee /etc/msmtprc |
| + | |
| + | sudo sed -i '/^default:/d' /etc/aliases || true |
| + | pi@pihole:~ $ echo "default:YOURADMINEMAIL" | sudo tee -a /etc/aliases |
| + | |
| + | |
| + | # protect your pi |
| + | # we assume you already changed the default password, and configured the pi to only accept your rsa key, no password for ssh |
| + | sudo sed -i 's/#net.ipv4.conf.default.rp_filter=1/net.ipv4.conf.default.rp_filter=1/' /etc/sysctl.conf |
| + | sudo sed -i 's/#net.ipv4.conf.all.rp_filter=1/net.ipv4.conf.all.rp_filter=1/' /etc/sysctl.conf |
| + | sudo sed -i 's/#net.ipv4.conf.all.accept_redirects = 0/net.ipv4.conf.all.accept_redirects = 0/' /etc/sysctl.conf |
| + | sudo sed -i 's/#net.ipv6.conf.all.accept_redirects = 0/net.ipv6.conf.all.accept_redirects = 0/' /etc/sysctl.conf |
| + | sudo sed -i 's/#net.ipv4.conf.all.send_redirects = 0/net.ipv4.conf.all.send_redirects = 0/' /etc/sysctl.conf |
| + | sudo sed -i 's/#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/' /etc/sysctl.conf |
| + | sudo sed -i 's/#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/' /etc/sysctl.conf |
| + | |
| + | sudo reboot |
| + | </syntaxhighlight> |
| + | |
| + | === Tweak pihole using web interface === |
| If you have windows machines that need updating , go to http://pi.hole and login. | | If you have windows machines that need updating , go to http://pi.hole and login. |
| | | |
− | Set in domain the following whitelist<syntaxhighlight lang="ini"> | + | Set in domain the following whitelist in "Domains"<syntaxhighlight lang="ini"> |
| www.msftncsi.com | | www.msftncsi.com |
| dns.msftncsi.com | | dns.msftncsi.com |
Line 62: |
Line 162: |
| www.msftconnecttest.com | | www.msftconnecttest.com |
| ipv6.msftconnecttest.com | | ipv6.msftconnecttest.com |
− | </syntaxhighlight>you might also read and apply some part of https://jpgpi250.github.io/piholemanual/doc/Block%20Ads%20Network-wide%20with%20A%20Raspberry%20Pi-hole.pdf | + | </syntaxhighlight>Go now to "Settings" and choose "DNS" tab". There you will scroll down to "Advanced DNS settings", and |
| + | |
| + | * uncheck "'''Never forward non-FQDN <code>A</code> and <code>AAAA</code> queries'''" |
| + | * check "'''Use Conditional Forwarding"''' |
| + | * fill the 3 input field with your network informations |
| + | ** your SME network should be noted as 192.168.1.0/24 if your SME IP is 192.168.1.1 and you have a netmask of 255.255.255.0 |
| + | ** your SME Server LAN IP |
| + | ** you Primary domain. |
| + | |
| + | you might also read and apply some part of https://jpgpi250.github.io/piholemanual/doc/Block%20Ads%20Network-wide%20with%20A%20Raspberry%20Pi-hole.pdf |
| | | |
| === Setup your SME to give pihole as DNS for your network, for machines using DHCP === | | === Setup your SME to give pihole as DNS for your network, for machines using DHCP === |