this post was submitted on 22 Mar 2025
18 points (100.0% liked)

Pi-hole

509 readers
18 users here now

The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software.

founded 2 years ago
MODERATORS
[email protected]
18
How practical is it to block everything by default? (feddit.uk)
submitted 6 days ago by [email protected] to c/[email protected]
31 comments fedilink hide all child comments
 

I've just set up my pihole and I'm considering the best way to configure it. Is it a good idea to set the default group to block (almost) all domains and then manually add trusted devices to another group with a "normal" block list? My use case is untrustworthy devices that I don't want phoning home but which might change their IP address.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 6 points 6 days ago (1 children)

Not very practical. Find a few curated lists, then start blocking domains 1 by 1. Sounds inefficient, but it's ironically faster in the long run than blocking the whole WWW then backpedaling

[–] [email protected] 2 points 6 days ago (1 children)

The trouble is that I don't want an untrusted device to be able to call out at all, and I won't know where it's trying to reach until I connect it

[–] [email protected] 2 points 6 days ago (2 children)

Isolate a wlan, then deny it access past the router

[–] [email protected] 1 points 5 days ago

Think you meant VLAN and autoincorrect got you.

[–] [email protected] 1 points 6 days ago (1 children)

Can you explain this a bit more to a networking beginner?

[–] [email protected] 3 points 6 days ago (1 children)

most routers allow dual wireless networks now, you should be able to set one that's exclusively for IoT. So you have MyWifi and WifiForThings.

You can then set the WifiForThings to have no actual internet access. This will mean that any apps etc won't work though, so be aware.

[–] [email protected] 1 points 5 days ago (2 children)

Ah, sadly not something mine can do

[–] [email protected] 2 points 5 days ago (1 children)

You could get a second, inexpensive wifi router, and use it for the untrusted devices.

[–] [email protected] 1 points 5 days ago

Any idea how I go about setting up a second sub(?)network? I've got a load of old routers but I've always assumed they're too locked down to be of any use.

[–] [email protected] 2 points 5 days ago (1 children)

You could explore openwrt if you were inclined - you should be able to set a static ip assignation for the device and then just block that off

[–] [email protected] 1 points 5 days ago (1 children)

I've seen it mentioned a lot over the years, ultimately I think I'd just be making a rod for my own back by giving myself another device to support! I have considered it before but I just feel I'm going to spend a load of time tinkering every time I move house or change ISP, and paying for the privilege of buying my own hardware while I'm at it.

[–] [email protected] 2 points 5 days ago (1 children)

Eh? Not really. It's router firmware that means you have more in depth control. It's no different from any byo modem router deal

[–] [email protected] 1 points 5 days ago (2 children)

I mean that buying a new device (which I guess I then might have to replace in X years) and configuring it to use openwrt is going to take some time and effort, and ultimately I might end up in a worse situation (than my current "working OK" setup). Maybe if I had infinite time but there's only so many hours in the day!

[–] [email protected] 3 points 5 days ago (1 children)

I'm literally running it on a tplink n600 i flashed :). Bought that in 2009.

[–] [email protected] 2 points 5 days ago

Alright, alright, I'll add it to the todo list!

[–] [email protected] 2 points 5 days ago

I'm still using 15 year old consumer WIFI routers for stuff. Like this.

Hell, my main router is over 5 years old now.