PiHole for Friends and Family

Romo

@aaronstuder said in PiHole for Friends and Family:

What if I setup a dynamic DNS client on a computer, and have it update to my domain, say name.domain.com then have a script nslookup the domain name and update the firewall rules?

What OS are you going to be installing pi-hole in?

Liked the idea so just started working on the script, resolving the dynamic dns name and logging it and comparing it to the current ip is done. Just need to target your OS of choice to test the creation/destruction of the firewall rules.

https://github.com/rodrigo-hissam/dns_to_ip_firewall_rules/blob/master/dns-to-ip-firewall-rules.py

Example:

~/scripts/python$ python dns-to-ip-firewall-rules.py 

Adding to firewall - TODO
mangolassi.it - 104.25.47.32 

Adding to firewall - TODO
google.com - 172.217.1.238 

Adding to firewall - TODO
theverge.com - 151.101.65.52 

#Log files created per host to store the previous ip for the comparison.
~/scripts/python$ ls
dns-to-ip-firewall-rules.py  google.com  mangolassi.it  theverge.com

# Re running the script to compare with logged ip
~/scripts/python$ python dns-to-ip-firewall-rules.py 

Same ip address nothing to do
mangolassi.it - 104.25.47.32 

Same ip address nothing to do
google.com - 172.217.1.238 

Adding 151.101.193.52 to firewall
theverge.com - 151.101.193.52 

Kelly

I am not a scripter, nor do I play one on TV, but you can get your public IP using this:

curl ifconfig.co

scottalanmiller

@romo use Ubuntu

JaredBusch

@scottalanmiller said in PiHole for Friends and Family:

@romo use Ubuntu

I installed it on Fedora 26 with no problem.

marcinozga

https://github.com/pi-hole/pi-hole/wiki/OpenVPN-server:-Only-route-DNS-via-VPN

If your f&f have routers with OpenVPN client, VPN would work.

coliver

@jaredbusch said in PiHole for Friends and Family:

@scottalanmiller said in PiHole for Friends and Family:

@romo use Ubuntu

I installed it on Fedora 26 with no problem.

Mine is also installed on Fedora 26.

brandon220

Fedora 26 here too. No issues at all.

Romo

@scottalanmiller said in PiHole for Friends and Family:

@romo use Ubuntu

Script updated, automatic rule creation and deletion in Ubuntu working properly. Working on Fedora and firewalld next.

NashBrydges

@romo This is f'ing brilliant! The downside is that now I HAVE to try this on Vultr. Anyone have a script to add more hours in the day?

Btw, what's your frequency for running this in cron? Every 5 mins? 15mins?

Alex Sage

@romo thanks!

Alex Sage

@nashbrydges it is very nice indeed

Alex Sage

@romo I love your script! Thank you so much! Sorry I didn’t reply before somehow I missed your post

Can you make this so I can set whatever ports I want? In the example I gave before I just wanted to do DNS but now my mind is spinning with other ideas

NashBrydges

Now that I'll be testing Romo's script, I don't need to use VPN and I'd like to setup the admin page behind Nginx. Found a tutorial that allows admin page access using Nginx as a proxy but I can't get the HTTPS redirect to work right.

https://github.com/pi-hole/pi-hole/wiki/Nginx-Configuration

Anyone have a working Nginx config with HTTPS redirect for this?

Found this that shows how to setup Let's Encrypt with lighttpd but don't know enough to set it up for other proper security headers.

http://www.itzgeek.com/how-tos/linux/how-to-configure-lets-encrypt-ssl-in-lighttpd-server.html

Alex Sage

@nashbrydges said in PiHole for Friends and Family:

Now that I'll be testing Romo's script, I don't need to use VPN and I'd like to setup the admin page behind Nginx. Found a tutorial that allows admin page access using Nginx as a proxy but I can't get the HTTPS redirect to work right.

https://github.com/pi-hole/pi-hole/wiki/Nginx-Configuration

Anyone have a working Nginx config with HTTPS redirect for this?

Check out this

https://mangolassi.it/topic/6905/setting-up-nginx-on-centos-7-as-a-reverse-proxy

Alex Sage

@nashbrydges Also, take a look at this for SSL

https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy

Alex Sage

@nashbrydges this is a prefect case for containers. One container for PiHole, One container for NGINX, and one container for OpenVPN for Mobile Devices

NashBrydges

@aaronstuder Yeah, I've easily got Nginx running with standard sites on Apache for example but in this case, I think the complexity comes from the HTTPS redirect and the fact that lighttpd syntax is different and I've not used it.

Alex Sage

@nashbrydges Maybe I am confused? Why are you using lighttpd? Are you setting up NGINX as a reverse proxy?

NashBrydges

@aaronstuder That's the web server installed by default with the Pi-hole script for the admin page. Nginx would serve as the proxy.

Alex Sage

@nashbrydges Oh, are you trying to use NGINX on the same system as PiHole.