Hi
I'm loving the PiHole and there's one feature that I could think of that I think would be generally useful - especially for those with kids.
There are lots of reports of school kid's results suffering because of addiction to Social Media sites or with online gaming.
The ability to have a second set of blacklist rules that can be implemented on a schedule so to make sure all LAN traffic to/from those sites are gracefully blocked.
I'm sure some routers could do this, but the one we have (VirginMedia Hub3) isn't that smart.
This would help enforce an online curfew where occupants can have full access and at a set time those selected sites will no longer be available.
e.g. At 9pm they can finish watching their YouTube video, but then that's it until 4pm next day (or midday on weekends)
You can write a cron script to add these domains and remove these domains at the desired times, but this will also block those domains for all users on that Pi-Hole. A second Pi-Hole with such a script or a router that has this capability would be your best options.
Not used the pihole command line but I think pihole -g reloads blocks, does it not?
You would have two blacklists now, one after 9pm and one before 9pm. You could either maintain the files yourself from the command line or wait until after 9pm when you are using the night blacklist and then add the social media sites to it.
edit: Looks like others replied while I was writing this. Using two pihole instances would be your best best but that is only going to work if you can segregate the devices to filter differently somehow at your router - a different subnet or something. For your case though I think crontab is going to be best.
Thanks for the replies.
I'd worked out a cron method (no need for a second instance), but it would be good to have it available as an option natively within PiHole for general ease of use and upkeep.
My workaround to activate extra filtering from 21:30 to 16:00 weekdays and 08:00 on weekends:
As root (sudo -i)
cd /etc/pihole
cp regex.list regex.list.standard
cp regex.list regex.list.extra
Edit regex.list.standard to have a list of 24/7 blocked domain(s)
Edit regex.list.extra to have only the additional domain(s)
Rebuilding gravity will not re-compile your regex list. For this you will need to restart pihole-FTL or recompile the regex (I don't recall how to do a re-compile though):
sudo service pihole-FTL restart
Edit: the recompile command is echo ">recompile-regex" | nc localhost 4711
When my step sons were in the house they were always figuring out how to break the rules. Didn't take me long to figure out how to stop them though. PfSense is a powerful router platform!
Thanks for the additional replies although I think some are missing the point.
(I don't have kids, I just thought it would be a good feature to have)
Currently I'm using the second blacklist to shut down all the trackers that run on mobile devices.
e.g FaceBook is disabled on my phone which also has a basic firewall on it, but FB is still (somehow) trying to report back to facebook hq.
But the missus uses FB, so it needs to be available during the evening.
Thanks for the reply.
I think the FTL is compiled after domains are added via the web interface as a full gravity refresh would take too long.
pihole -g does work.though.
At the bottom of the output after the main blocklists it adds our local black/white lists.
e.g.
[β] Consolidating blocklists
[β] Extracting domains from blocklists
[i] Number of domains being pulled in by gravity: 141440
[β] Removing duplicate domains
[i] Number of unique domains trapped in the Event Horizon: 118082 [i] Number of whitelisted domains: 1 [i] Number of blacklisted domains: 0 [i] Number of regex filters: 2
[β] Parsing domains into hosts format
[β] Cleaning up stray matter
In your previous example, you showed five additional regex filters. The output of your gravity update shows only 2 regex filters. The additional filters you added were not re-compiled by a gravity update.
**[i] Number of blacklisted domains: 0**
Recompiling regex and rebuilding gravity are two different things.
My list content, gravity output and cron schedule were examples for the sake of brevity.
All I know is that I change a block or regex file, run pihole -g and stuff stops working when it completes.
I've used PiHole as a network sniffer and my lists have evolved as I see items to add.
At the time of my previous post, there were only 2 "standard" active regex on the list during the day.
As of last night there were 50 blocked after 1am (I spent all yesterday morning going through the logs).
My real lists as of this morning are (wc -l): regex.list.standard = 4 regex.list.extra = 16 regex.list.bed = 30 (a 3rd level blocklist that kicks in at 1 or 2am and locks a lot more down)
Addendum - Although the pilhole-g command does work, it's slow and puts extra strain on the main block list servers.
An alternative (and much faster) way of refreshing the lists can be done by disabling and re-enabling pihole or as @jfb suggested, a pihole-FTL restart.
I came the the forum to request this exact thing. A native, built-in scheduler that just adds from a second BL to the main BL when it's active, and then removes the 2nd BL items when it's inactive would be most excellent, and much less fuss.
Me as well.
I'm not into cron jobs and other things (but always willing to learn and try)
My suggestion would be to create additional groups and add devices to the specific groups (i.e.mobile phones, game computers) to the Kids group. This is an exsiting option. But then you would need to add this specific group to the standard blacklist, but the kids group would also need to be added to the self generated RegEx list., but only for a certain period. (as suggested, weekdays 00.00 till 15.00, and 19.00 till 23.59) This means that Kids group is always on standard blocklist + RegEx, and all hours from 15.00 - 19.00 time frame is only standard Blacklist.
Any thoughts on this to add this to Pi-Hole in an easy way? It would help other users (small office) as well to keep Netflix, youtube, facebook etc etc away from their computers during working time...