Pakfire for DNS Blackholing?

This script will block the ad hosts for all clients of GREEN interface. As I use only RED and GREEN, I didn’t test on BLUE. Got no idea how to restrict the script to apply only to a few selected clients.
As for the other questions ask upstream or study the script dns_blocklist.sh yourself.

This can never be accepted.
Either the shell script builds the config file with the right contents or it should not be run.
Correcting errors by a second script isn’t really safe.
Just my 2c

I don’t get what you mean. Instead of changing the file dns_blocklist.sh you can just select working hostlists with 1,3,6,7,14 and so on for example.
Did you even read the latest upstream change? It was 2016. So of course some lists would change since then. It is up to you if you want to use the script or not. Some people just need a Pi-hole inside IPFire.

I do know, what the script does.
It parses the block lists and generates “false” answers for unbound. But this is useless, if the requestor ( the app on the client ) doesn’t use unbound in IPFire! Therfore you must force all clients to use the DNS server of your IPFire installation.

If you don’t want to force all clients then use proxy. My usecase is ok with the mentioned script above.

Working good for me, I just had to modify the awk so it would accept the phishing.army list but got it going gangbusters.

Nice to hear.
And how do you manage the passing by applications in your net?
Every DNS request using 8.8.8.8 isn’t blocked by your solution.

1 Like

I don’t need to manage it because people aren’t getting phished streaming to their chromecast and I’ve never seen a Fire tablet in my life.

Usually smartphones do the same things. :wink:

If you only have clients connected to GREEN ( ethernet ) and fully administered by you, that solution can work.
I didn’t dig to deep in the sources yet, therefore I cannot say nothing about effectiveness nor about efficiency.

Could you please show where you did the awk adjustment and how? I am not familiar with awk.
I guess you could do “sed -i ‘s/^/127.0.0.1 /’ host.txt” but then some lists would get double 127.0.0.1 which we don’t want.

Sure, I’m also not familiar I just took out the bit I figured was looking for IP.

Turns out I removed the awk and just let it parse each line this is the code I have

 # This awk tries to combine both above.
  curl -v --max-time 30 --connect-timeout 5 --silent "$1" --stderr - >> $TMP_HOSTS_FILE
1 Like