Blacklist ip in pihole-FTL.conf

teodorescu_radu · October 25, 2023, 1:24pm

Hello everyone,

I am trying to block some specific ip's to be resolved by the Pi-hole. Searching the web i found this link:

I configured it but it's not working...any idea what i am doing wrong?
For example i am trying to block the ip's for those domains and it's not working at all...

Best Regards

DanSchaper · October 25, 2023, 5:13pm

How did you configure it?

teodorescu_radu · October 26, 2023, 6:59am

Hi,

I followed this link :

I added "BLOCKINGMODE=IP" and then the entry's .

teodorescu_radu · October 26, 2023, 8:50am

https://discourse.pi-hole.net/uploads/default/original/3X/c/0/c0ae0c3c41442f78687108647073e1c1fe94eae5.png

this is how my pihole-FTL.conf looks like

Blockhead · October 26, 2023, 9:35am

It looks like your answering, for MSFT at least, with the actual IP of what you want to block. Put in "the local IP addresses of your Pi-hole."

teodorescu_radu · October 26, 2023, 9:47am

You mean :

microsoft 2 IN 0.0.0.0 (or 10.10.10.2) ?

I would like not to block the domain, but to block the ip in the DNS response. For example i will want to reach microsoft, but on another ip.

Blockhead · October 26, 2023, 10:15am

I suggest trying Local DNS in the GUI. But I suppose you could use the address of where you want to go there in theory.

DanSchaper · October 26, 2023, 5:32pm

I don't understand what you are trying to accomplish.

What exactly are you doing, please be specific and include the exact configurations you have made. Telling me that you have set blockingmode to IP but providing no other changes or examples of what you see and specifically how that is not what you want to see doesn't give me anything to help with.

teodorescu_radu · October 27, 2023, 5:03pm

Hello Dan,

Yes, you have a point. I will try to be as explicit as i can.

At home i am using Pi-Hole as DNS server. I also have a SIEM to monitor the logs and stuff (graylog). I connected a api to VirusTotal to scan the ip's that the PI-hole is resolving to. For example:

If you check this IP, is malicious and i want to block it , on the Pi-Hole.
What i would like to achive is to block on the Pi-hole dns request/reply containing this ip's. Similar what domain blacklist is , but for ip's.

Thanks

DanSchaper · October 27, 2023, 5:48pm

I don't think you'll be able to do what you wish to do with Pi-hole alone. Blocking IP addresses is best left to a firewall that will block the IP completely. Relying on just DNS to block will not catch hardcoded IP traffic or any traffic that is resolved outside of Pi-hole (any app or application that bypasses your set DNS resolver.)

That said, what configuration changes have you made to Pi-hole? Did you add those ;; QUESTION and ;; ANSWER lines directly to pihole-FLT.conf?

jfb · October 27, 2023, 8:11pm

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

system · November 17, 2023, 8:12pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.