Network level advertisement blocking

Its been a while thought I would throw this out there.  You hate ads, I hate ads, we don’t trust advertisers with our privacy or increasingly our security because of advertising campaigns.  So lets take a moment and block that network  wide.

So there’s this great project for the raspberry pi called PI-hole, https://pi-hole.net/  it lets you run a DNS server on your raspberry pi and block ads on your network, its pretty great whats even better is that you can install it on CentOS7 and use it as a DNS server with a web UI for a small business network,  Lets hammer this out

Your going to need a centos7 vm

Log in and run the below command as root (look at the code first on their website to make sure your comfy with this)

curl -L https://install.pi-hole.net | bash

Congratz you now have Pi-hole installed.

Now lets lock down those adlists, the Pi-holes defaults I have found are not so great but you can edit those, once again as root run this command to copy the defaults to the adlists.list file

cp /etc/pihole/adlists.default /etc/pihole/adlists.list

Now using your text editor of choice edit the adlists.list file (I used nano)

nano /etc/pihole/adlists.list

Uncomment any lists that you might want and save.

One final note on security….  Pi-hole was not really designed for a business network case and point of this is that you can go to the ip address of the Pi-hole server and add items to the blacklist or whitelist with no username or password required,  That said the web frontend seems to be the only vulnerable part of the Pi-hole install and since were on CentOS7 I don’t have any other reservations on security here.  So lets fix that one hole shall we.

Go setup ZeroTier one if you havent already and create a network.

Install zerotier on your centos vm and join your network making note of your new zerotier IP address.

Open /etc/lighttpd/lighttpd.conf with your favorite text editor and add a line right above server.document-root that reads…

server.bind  = “172.22.132.58” (use your zerotier ip)

But with your VMs ZeroTier ip address.

Then restart lighttpd.conf

service lighttpd restart

And you should be good to go, go to your original network IP to confirm the webui is no longer being broadcast over your lan and then go to the zerotier ip (make sure you have zerotier installed on your workstation and are on the same network as the Pi-hole) you can still use the LAN ip of your VM for DNS but the webui  should no longer be displayed or available to the local network.  This means only ZeroTier connected clients that are on your zerotier network can manage the Pi-hole server.  Now just point your router at your Pi-hole if you haven’t already and you should be good to go.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s