In case you want to block all Russian (or any) domains

I got this from somewhere a long time ago and it's been on by blacklist since the beginning, but in case you're worried about anything cyber coming from a country (e.g. Russia and China) then here's how to blacklist their domains:

Blacklist | Regex Filter | Domain
(^|\.)(cn|ru|hk)$

ru = Russia
cn = China
hk = Hong Kong

2 Likes

Explain more please.. is it just changing like that? I want to try

Sure.

Countries usually have their own domain extensions.
For example, the domain extension for the UK is .co.uk

This is useful for some larger international companies that have regional sites for language or shopping purposes. Amazon is a good example where they have regional domains serving a global customer base.

If you wanted to block a domain extension for a country then you can use the above REGEX statement and add the extension name for the PiHole to ignore it.

e.g. Want to exclude Australia, add "au" to the list. Block french sites, add "fr". Block some sex websites, add "xxx" and "sex" to the REGEX. This will work for any domain extension that you want to block.

Adding all these to the above regex would look like this:
(^|\.)(cn|ru|hk|uk|au|fr|xxx|sex)$

Here's a list of countries and their related top level domain extensions:

REGEX is a form of pattern recognition and is a way of telling the PiHole to ignore any domain as long a it ends with the extensions you select (separated by the pipe "|")
More info on REGEX here: Regular expression - Wikipedia

Is that explanation useful ... or did I misinterpret your question?

Is there a more efficient way to write this regex? I ended up putting all ccTLDs into one expression.

(^|\.)(zw|zm|za|yt|ye|ws|wf|vu|vn|vi|vg|ve|vc|va|uz|uy|uk|ug|ua|tz|tw|tv|tt|tr|to|tn|tm|tl|tk|tj|th|tg|tf|td|tc|sz|sy|sx|sv|su|st|ss|sr|so|sn|sm|sl|sk|si|sh|sg|se|sd|sc|sb|sa|rw|ru|rs|ro|re|qa|py|pw|pt|ps|pr|pn|pm|pl|pk|ph|pg|pf|pe|pa|om|nz|nu|nr|np|no|nl|ni|ng|nf|ne|nc|na|mz|my|mx|mw|mv|mu|mt|ms|mr|mq|mp|mo|mn|mm|ml|mk|mh|mg|me|md|mc|ma|ly|lv|lu|lt|ls|lr|lk|li|lc|lb|la|kz|ky|kw|kr|kp|kn|km|ki|kh|kg|ke|jp|jo|jm|je|it|is|ir|iq|in|im|il|ie|id|hu|ht|hr|hn|hm|hk|gy|gw|gu|gt|gs|gr|gq|gp|gn|gm|gl|gi|gj|gg|gf|ge|gd|ga|fr|fo|fm|fk|fj|fi|eu|et|es|er|eh|eg|ee|ec|dz|do|dm|dk|dj|de|cz|cy|cx|cw|cv|cu|cr|co|cn|cm|cl|ck|ci|ch|cg|cf|cd|cc|ca|bz|by|bw|bt|bs|br|bq|bo|bn|bm|bj|bi|bh|bg|bf|be|bd|bb|ba|az|ax|aw|au|at|as|ar|aq|ao|am|al|ai|ag|af|ae|ad|ac)$

Honestly, if you want to block all of that then just wildcard block the full internet with a regex of * and then whitelist the individual TLD's you trust.

Note, this won't do very much for you. Malware doesn't usually leave a calling card with their country TLDs.

4 Likes

@callar Thanks for your explanation and to all who have left their comments.

I've found it useful to block Cameroon and Oman ccTLDs, not because they're evil, but to protect me from typosquatting, eg. example.cm or examplec.om.

A lot of the new gTLDs (win, click, bid, bet, top, cricket, ..) look to me like they're only used for sketchy advertising, spam, or phishing. No ill effects in blocking them wholesale, and minimal support burden from the family (no complaints about blocking too much useful stuff, no having to reimage people's machines every couple of weeks because they're clicking on too much crap).

1 Like