Content Blocking

Content Blocking with PiHole

Understanding what you’re actually blocking

PiHole is a DNS proxy. It blocks traffic DNS level, which is the easy-to-remember name sakes for IP addresses on the Internet. There is quite a long list of things you should block for different reasons. E.g. Adult content for people under 18, distracting content during school hours if going to school online, or during homework, blocking ads to remove annoyances and to decrease network traffic, infected sites, etc.

Choosing a device

If you have a computer you aren’t using, just install Debian on it. If you require a guide on how to write a Linux ISO to a USB or SD card, my email is under the Socials link at the top.

If you do not have an extra computer that you are not using, purchase a Raspberry Pi model B of whatever the current one is. At the time of writing this guide, it’s currently the Raspberry Pi 4, as well as a microSD card which you can get from practicaly anywhere. You may even have one. Install Raspbian on it.

Finding the IP of your device, and remoting in to the Shell.

First off, I advise using an Ethernet cable to connect this device to your network. It’s going to provide the best speeds and stability in comparison to WiFi.

Go to your router when done, if that address doesn’t work, you’ll have to figure out what your gateway is. If you haven’t changed the default login to the router, you can find the login typically on your router. Under DHCP addresses, you should be able to find the new device.

If you used an old computer, do:

ssh -l <username> <ipOfDevice>

If on a Pi, do:

ssh -l pi <ipOfDevice>

It will ask for a password, when you go to type in a password, it’s going to act like you’re not typing. That’s normal, and it’s for a security reason so no one would know the length of your password. Just type in as normal and press enter. If you’re on Windows, you can just do this from Powershell. If you’re on Mac, you can do it from Terminal.

Installing PiHole

When logged in, run the following:

curl -sSL | bash

I don’t think you need to sudo up for that, but if you do, just put sudo in front of curl. Follow the guide.

Creating a content blocking group and users

Once you login to the PiHole and you moved your DNS server on your Router to the PiHole’s address, let’s get this blocking stuff.

On the left hand side, there is a panel that will say Group Management. Under that is Groups. Keep the default group for default blocking of ads. Create a new group for blocking adult content, if you want to. Name it something that would make sense, such as “AdultContentBlock”. Create another group for blocking stuff for distractions such as “DistractionBlock”. You can create both in one line with a space, so for example, it would be “AdultContentBlock DistractionBlock”.

Once done, move on to Users. Click on Clients under Group Management and add the MAC addresses of the clients. To make it easy, it lists the current IP address that they are pulling. This allows you to quickly manage the content that you want to block on certain devices.

Finally, let’s move on to actually blocking the domains. Under Group Management, click on Domains. Here, you can type in the domain of the content you want to block, (E.g. I typically add it as a wildcard which is a check box, so it will block all subdomains under Add that as a blacklist, Comment what you want so it’s more understandable why it’s being blocked. Change the group that it needs to be blocking (Change it from default, and on to the correct group).

You’re good to go, should be now blocking that content!

Once again, if you have any questions or comments, my contact information is under the Socials link at the top menu bar.

Taking it steps further

If you have multiple vlans on your network, such as for an Internet of Things (IoT), Printer, Voice, Guests, Clients, or Server specific vlans- you’re going to need to have vlan interfaces on your raspberry pi with an untagged switch port trunking the encapsulated traffic to the Raspberry Pi’s or Computer’s network interface card. Here is what I did for mine:

sudo touch /etc/network/interfaces.d/vlan

Followed up by:

sudo nano /etc/network/interfaces.d/vlan

(Using nano since it’s preinstalled, though I used NeoVim for my text editor).

Here is the config I put in for that file:

auto eth0
iface eth0 inet static

auto eth0.1
iface eth0.1 inet manual
    vlan-raw-device eth0

auto eth0.11
iface eth0.11 inet manual
    vlan-raw-device eth0

auto eth0.10
iface eth0.10 inet manual
    vlan-raw-device eth0

auto eth0.107
iface eth0.107 inet manual
    vlan-raw-device eth0

auto eth0.20
iface eth0.20 inet manual
    vlan-raw-device eth0

auto eth0.255
iface eth0.255 inet manual
    vlan-raw-device eth0

So to make this make more sense, each number after “eth0.” stands for the tagged vlan number. I also keep the vlan number the same as the third octet in a class C private network, so vlan 1 would be “”, vlan 10 would be “”, vlan 107 would be “”, etc. This should be more than sufficient knowledge if you already have vlans setup on your network. If you don’t, don’t worry this is definitely more of an advanced configuration.