Blacklist (aka Denylist) everything?

jakesterpdx · December 4, 2020, 9:34pm

Pi-hole v5.2
FTL v5.3.1

Hello! I'm new to Pi-hole and loving it on my home network - my internet is faster and safer and it couldn't have been easier to get working. I'm using both DNS and DHCP and only IPv4 (IPv6 is disabled on my network). I have a simple setup of a modem in bridge mode to a pretty dumb router and the Pi-hole is running on an RPi 3 Model B behind the router.

I'm curious about using Pi-hole to block internet access from 9pm-7am for some devices in the house. Specifically, my kids have some Chromebooks that are managed by the school, so I can't do any management on those devices. I fully appreciate that Pi-hole can be bypassed by updating the DNS server on the device, but I have tested it some and I think it will help out greatly at least until I get a router that can do this more robustly. What I've done so far to test this out is:

Created a group called Internet Disabled
Added the kids' Chromebooks Clients to that group
Created a blacklist (and I do hope we eventually rename this to "denylist") with a wildcard of *.com and added that blacklist to the Internet Disabled group

After waiting a bit, I could see that the Chromebooks could not get to any .com sites - success! Now I can set a cron job to enable that Internet Disabled group at 9pm and disable it at 7am.

So, this (finally) brings me to my question: can I create a Blacklist to deny access to every domain, or do I need to go through every TLD out there? Or maybe there's a better way altogether that I missed?

Thanks!!

Daxtorim · December 4, 2020, 10:14pm

A simple regex filter of . (literally just a dot) will match anything and thus block everything. You don't need to actually match the entire domain to block it. Matching just part of the domain will cause it to be blocked, even a single character would suffice.

jakesterpdx · December 4, 2020, 11:43pm

Thank you so much! Just in case any other newbies are looking for this, a few notes:

In my original post, I left out a step: after I made the Blacklist entry, I then had to set that Blacklist to only apply to my Internet Disabled Group from the Domains menu under Group Management.

In my first attempt to follow along with your RegEx of just a . I typed a . in Domain and checked the "Add domain as wildcard, which doesn't work - you have to go to the RegEx filter tab and add it there.

My cron job disables internet at 8pm and re-enables it at 7am. To do that I ran:

sudo nano /etc/crontab

Then I scrolled to the bottom and added:

0 7 * * 0-6 sudo sqlite3 /etc/pihole/gravity.db "update 'group' set 'enabled'=1 where name='Internet Disabled';" ; /usr/local/bin/pihole restartdns reload-lists >/dev/null
0 20 * * 0-6 sudo sqlite3 /etc/pihole/gravity.db "update 'group' set 'enabled'=0 where name='Internet Disabled';" ; /usr/local/bin/pihole restartdns reload-lists >/dev/null

Then Ctrl+X>Yes to save

system · December 25, 2020, 11:43pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.