lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d68885cff84739d6e564ca4409959ae08cee67ec
hpr-knowledge-base/hpr_transcripts/hpr4061.txt

440 lines
21 KiB
Plaintext
Raw Normal View History

Initial commit: HPR Knowledge Base MCP Server - MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00
Episode: 4061
Title: HPR4061: Setup a Pi-hole
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr4061/hpr4061.mp3
Transcribed: 2025-10-25 19:08:53
---
This is Hacker Public Radio Episode 4,061 from Monday the 26th of February, 2024.
Today's show is entitled, Set Up a Pie Hole.
It is hosted by Kevin and is about 23 minutes long.
It carries a clean flag.
The summary is, setting in a blocker and extra security using a Raspberry Pi with Pie Hole.
Hello, hello, this is Kevin from the Tax Jam Podcast and you are listening to another episode of HPR.
Now this is not going to be a short episode.
In this show, I wish to actually go through the steps to make a Pie Hole project.
You may think, what in the world is a Pie Hole project?
You can practically use this on any Raspberry Pi because it's actually not labor intensive at all on the thing.
And neither do you need much.
This is going to block ads rather than doing it as an ad on Firefox or Chromium Mod, whichever browser you use.
This is going to block ads at the router level.
And we're also going to take you through a swell about blocking some other things as well that you may not want on your system.
So to do this, you're going to need a few things.
I mean, as I said, it's not resource intensive.
However, it does require some things.
And the actual only physical hardwood requires is you need to have a Raspberry Pi with Raspberry Pi always light installed.
And you also need to make sure that SSH is enabled.
The reason that light is preferred for this is because this device is going to stay on 24-7.
And we want it using as little resources as possible.
I would recommend having the Pie connected to the router via Ethernet cable rather than wireless.
That's the only material things you want to need.
You will also need a basic knowledge of changing the settings on your router.
I can't talk you through this unfortunately because every router is different.
But the things you're specifically going to need to know how to do is to give a device a static IP address and set a DNS server.
Okay, those are the two things you will need.
And on the computer, you need to have the ability to SSH.
So if any of these things are completely alien to you, you might want to look them up.
They're not overly difficult. It's just, I am going to assume you know the basics of these.
There is absolutely no reason for this pie to be connected to a screen.
But one thing you are going to need to know is the IP of your Raspberry Pi.
So if you know that, it's great.
If not, then we can do this just by looking up your network map and your router is probably the easiest way.
If you have gone just for the default settings, then it should appear as Raspberry Pi on the list of connected devices.
If you have no clue though, which particular Pi is the one in question, then what to do is turn off your Pi completely, take it out of the plug.
Go to your router homepage and then open up a network map and just take a screenshot of it.
Then switch a Pi back on and a new device should appear.
When this new Pi appears, just note down the IP address of it.
So the first thing we are going to need to make sure of is we are going to set the IP address of this Pi so that it doesn't change.
An IP address is just really something that it's assigned by the router to any new device on the system.
So it says, right, you want to join, okay, this is your address.
If we were to leave this as dynamic, then every time it loaded up, it would change.
So you may think, oh, but I'm not going to switch it off.
Yeah, that's fine, but you may have something a power cut, the trip switches might go for any reason, which would cause us to reboot.
We don't want this to change.
So to do this, go to your router homepage and make the IP static rather than dynamic.
Now, again, this is different for each router.
You may need to look this up for your specific model if it's not something you're comfortable with.
But once you have the IP fixed, take an out of it and we can SSH into it.
If you've gone with purely default, the default settings of the username is Pi and the password is Raspberry.
If you're using Windows, then you're probably going to need to use something like PuTTY.
But on Linux, all you do is open a terminal and then type SSH space Pi at and then enter the IP address of the Pi.
So you'll be then asked for the password and if it's a standard, it's just Raspberry.
If you've set to something else, enter that.
The first thing we're going to do before we do anything else is let's update this Pi.
Just type in sudo app to update and then enter and then sudo app to upgrade and then enter and then just put yes.
Wait for it to do that.
But bear in mind, the Pi is not a desktop PC.
This might take a while, especially it's been a long time since you updated it.
So once all that's done, let's get the Pi whole software itself.
The commands I am going to put into their show notes or head over to the HPR episode so that you can actually get these.
The command is curl space and then dash lower cases, capital S, capital L.
And then a space and it's HTTPS.
Cool on forward slash forward slash install dot Pi dash whole itually dot net.
And then a space and then a vertical line.
Can't remember the actual name of that just now.
And then space and then bash.
If you press enter, then you're going to get the installation wizard.
OK, so the installation wizard, to be honest, it's very, very straightforward.
I was actually shocked as to how easy this was.
So the first thing it says is this installer will transform your device into a network wide ad blocker.
Click OK.
So do add the bottom.
The Pi whole is free but powered by your donations.
And then it gives a website for the donations.
It's just Pi whole dot net forward slash donate.
I would highly recommend you donate to this very worthwhile project if you find it useful.
So again, click OK.
This won't take anywhere.
It's just asking for donations at this point.
As I've already said to you, it's going to emphasize again that this must be a static IP address for the function properly.
And it's going to warn you this again.
So I'm assuming you've already done this at the router level.
So click and continue.
If you haven't, you really have to exit at this point.
But then it will say, do you want to use the current network settings as a static address?
Which I really would recommend you do.
Click yes and then continue.
Next thing it'll come up with is our network warning.
It is possible your router could still try to assign this IP to a device which could cause a conflict.
But in most cases, the router is smart enough to not do that.
If you're worried either manually set the address or modify the DHCP reservation.
So it does not include the IP you want.
Now that's what I recommend if you do at the start.
So yeah, this is just double checking it.
Click OK.
Now the next thing it's going to do is give you a list of DNS providers.
Now all the DNS providers do is they provide their own kind of list of rules as to walk its block to what doesn't.
I'm going to recommend.
Now it's entirely up to you, but there is a reason.
I'm going to recommend CloudFlayer.
That's the second bottom option.
That's the one that I would recommend.
If you don't like it, you can change it later and then click OK.
Next, it says Payhole relies on third party lists in order to block ads.
You can use a suggestion below or add your own afterwards.
Just click yes to continue.
Yeah, you just use that just now.
So click yes.
Next thing you like asked do you want to install the admin web interface?
Yes, you absolutely do not click no here.
You really need that.
OK, that this is essential.
A website that is required for the admin web interface.
Do you wish to install and go through a few things?
Just click yes.
Would you like to enable query logging?
Now, I would say yes, but if you're the type that doesn't want any logging done whatsoever,
I actually think it's quite interesting to see what's been blocked and which devices it's coming from.
So I put yes, but if you really don't want to, then just click no,
but actually I would recommend yes here.
Next, it'll be saying level of privacy.
Don't worry.
You're the one that's in control of this.
You're the admin that you're the ones going to be using this.
I would click on show everything.
Right, unless you've got some people doing some silly dodgy legal things on your own system,
and you wanted to bury your head in the sand in which case click anonymous mode.
But I'm just going to say show everything.
Then it'll just give you an installation complete.
It'll give you your IP address.
And again, I highly recommend that you have a note of this.
And then it says about where you can actually go next to do your admin stuff.
And it gives you just what I've said there.
No, it gives you all this is your IP address forward slash admin.
And it'll give you an admin password, which is just, I think it's randomly generated.
I'm not sure, but it's not awarded anything.
It's just letters numbers up our lowercase stuff.
Click OK and that'll finish and you'll now drop to terminal.
Now the first thing I would recommend you do is change that password to something you're going to remember.
OK.
So sometimes it's a wee bit easier for you.
So to do that, we just type in pi whole pi h o le space and then dash a space dash p.
Press enter.
And then it'll ask you to put twice, you know, to confirm it.
And then at the end, you'll get a wee tick with new password set written beside it.
And that's it.
That's the installation done.
But at this point, we are only at the halfway.
OK.
So don't think I'm done.
I can go.
We need to configure the pi whole and tell it what to block.
This is all done through the web interface.
So at this point, we're completely done.
So you can exit your SSH client or just close the terminal if you're on Linux.
If we go to our web browser and just go to that web page that was said earlier,
it's just your IP address of your pi forward slash admin.
And this will prompt you to enter a password.
This is a password we've just literally said.
Hopefully you haven't.
You haven't forgotten it already.
So enter it.
And at this point, you'll be given a really nice interface, nice clean interface,
with a part at the top showing zero queries, zero queries blocked,
zero percentage of queries blocked.
But you'll also notice you've got about 125,000 plus domains listed.
You know, not that many listed in front of you.
A big long list.
What I mean is that I'll tell you how many domains you've got.
Don't worry about the lack of queries and blocks,
because we actually haven't filtered any traffic through the pi whole yet.
It's not quite ready for us to do that.
The first thing we're going to do is to populate the add list.
So if you go over to the left and click on add list,
and you should see two input boxes.
The address is where we can enter our add list.
The comment box is purely optional.
You don't need to pretend anything.
Now, this whole process would be a royal pane,
but there are a couple of sites which make this really easy.
Now, the first site we're going to go to is fireball.net.
So just F-I-R-E-B-O-G-D-M-E-T.
That will come up with a few different groups.
So it's got suspicious lists, advertising lists, tracking until imagery lists,
malicious lists, and other lists.
What I would recommend you do here is make sure that whichever list you use,
it's in green, because the blue ones are the ones which haven't been updated for a while.
And for this to work, it's got to be updated.
The ones in green are updated regularly.
The ones that are striked through are basically default now.
So do not use any that have a striked through on them.
You don't want too much, because at the end of the day,
if you filter everything, your internet's going to be useless.
So what I would just do is take two from each list.
So two from suspicious list, two from advertising list, two from tracking until imagery,
two from malicious, and there is only one active on the other list.
I added that as well.
All you're just doing is just copy those and paste them one at a time into the input box.
That is actually nice and easy.
Okay, so that's all we do there.
This will block mostly background things, things that are trying to track you,
the block ads.
So at this point, we could leave it and not add any more,
and it would work perfectly well.
However, one of the beauties of this is that we can actually filter out specific types of sites.
Now again, this could take a long, long time,
but thankfully there's a community behind this.
And what I would recommend you do.
Now, I'll go for an example.
I'll do one specific type.
So I blocked pornography on this.
So nobody in this, nobody in the house should be able to access that.
I've got two links in the show notes.
I'm not going to read them out.
It's quite lengthy.
Copy them in and add them individually to your ad list.
And that is something that it's not targeting the advertising or anything.
It's just specifically targeting pornographic websites.
If you want to be specific and other things,
then there's a website and it's block list project,
all one word, block list project.
.github.io forward slash lists.
If you go to that, it actually has links for various other things.
So you can block out things like abuse, drugs, Facebook.
I like the fact that Facebook sales are there with abuse and drugs.
Gambling, malware, phishing, piracy.
It's another porn one there.
Ransom, scam, TikTok, torrent sites, tracking sites.
So you can decide what it is you want.
Again, it's exactly the same way as you would add the ad list.
It's just goes in the same place.
Just click on add list, enter that link into the box,
the input box, click OK and it'll add it.
Back in the initial set up when we chose a server.
I recommended that we use cloud failure.
Now there's a specific reason for me choosing cloud failure.
And again, it's because hello,
they have a server dedicated to blocking unwanted intrusion at the back
and adverts and everything like that.
They also have a specific one
that is dedicated to blocking pornographic websites.
To add this custom version,
you go to settings,
by default this will open up system.
Now, if you look at the top,
there'll be some tabs of systems on the left
and one to the right.
There's a tab of DNS.
So click on that.
And you should see the list of all the servers that you were offered
with two clicks beside Cloudflare.
But to activate Cloudflare's dedicated server,
then you should notice that depending,
now if you've got full screen,
it'll be over on the right hand side of the page.
If you've got your browser windowed,
it'll be underneath it.
But you should see one saying custom one IPv4.
And in there, make sure that's ticked
and enter the value 1.1.1.1.
Now that's just the specific server.
Just if you're interested,
Cloudflare's two cell version
actually operates with the ticks
are 1.1.1.1
and 1.0.0.1.
So all of these things,
they're just addresses.
That's all they are.
It's been obviously given a name
to make life a wee bit easier.
Now the other thing you can do
is to block specific domains.
If there was a site that you wanted specifically to block,
so maybe the list was not catching something
or something I'd been set up just in the last day
and you've discovered it.
No, no, I don't want this to be available on the site.
Then what you do is over on the left hand side of the screen,
you should see domains.
Click there,
and then you should see an input box there.
So just enter anything you want
into that input box.
And you've got two options there.
Now I said a bit blocking.
It could be the opposite.
You're saying don't block it.
So your options are, once you enter the domain,
click on Blacklist or Whitelist.
So let's just say, for example,
you had something where you wanted to block alcohol websites.
But then your filter was blocking you from doing your weekly show
being because your local supermarket
or local place where you get your food delivered
sells alcohol as well.
You may want them to go, okay, get right the domain in.
And if you wanted to have it so that you can view it,
click on Whitelist.
If it's something that specifically you want to block,
don't put in this specific URL of one page.
Put in the whole domain.
So if, for example,
it was my local supermarket.com, just put that down.
If you've taken your time, you've sent this up.
But before we exit this,
there's one thing we need to do.
And that's we must apply these changes
or they will not take effect.
On the left, you should see the option for tools.
Click on Tools and it'll produce a drop-down menu.
Then click Update Gravity from that drop-down menu.
This will reveal a very simple page with a large blue button,
same update.
Press this.
Now, first time I did this, I thought, what have I done wrong?
It's working through everything.
This will take a full minute or two.
So it's doing everything, it's making changes.
Now, we mustn't forget is any time we make any change.
So if you add a new list,
if you add a new domain,
if you want a white list or black list or sight,
it will not take effect until you hit that update button
in the Update Gravity section.
Just basically, we think of as an apply button.
You've done everything, now you're doing the apply.
If we go back now and click on Dashboard,
you'll notice that we've got probably about three and a half,
100,000 domains list there,
but we've still got no queries and nothing blocked.
Again, don't panic.
The reason for that is that we need to tell a router
to put all traffic through the pile.
And right now, it's not, okay?
So to achieve this, and again,
this is where you need a wee bit of information
and a bit of your own router.
Go to your router's homepage,
and it's most likely, now I'm not saying 100%,
but it'll most likely be in the LAN section.
And if your LAN section and different sections
in the DHCP server settings,
what we want to look for is DNS server.
And what we need to do is we need to put in that DNS server box.
You may have multiple, but just in the first one,
you need to put the IP of this pile that we're setting up.
And what that means is that all traffic
will run through the pile hole.
Don't forget here to hit apply before exiting this.
Again, otherwise nothing will happen.
We've got one final task.
Because what that's saying is that rule is saying that
from anybody connecting to this router onwards,
we are going to use that DNS server.
But the problem is you've got everything connected to that already.
So to get all your devices to start using the pile hole,
one last thing need to simply reboot your router.
That's it.
And of course, this is going to force every device to reconnect.
And everything will be running through the pile.
As far as what you need,
I'm running it on a pi4 because I had a pi4.
I had a spare pi4.
And when you click on settings,
it tells you how much has been used.
So total CPU used 0.4%.
Memory utilization 0.4%.
So both of them has 0.4%.
So that is more than enough power.
First, probably too much power to be honest, not pi4.
So if you've got something like an old pi2,
possibly even a pi1,
then this might be an ideal thing
because not only should be able to cope with it,
but also it's going to be using up less power than the log run.
I mean, I know it's tiny,
but I think from my memory,
a pi4 uses 4 watts
when it's sitting idle,
just doing that specific background task
for some like 4 watts per hour.
Something like that.
The pi2 uses 1.1.
So that's less than half.
So okay, you're not talking about an awful lot of power.
But when you're running 24.7,
those things can build up.
And it is something to think about.
But anyway, I hope that this has been useful.
Like I said, I'm going to try and get quite a bit of that
into the show notes
so that you can refer back.
Especially when it comes to doing the commands,
I'd rather people cope in peace to be honest,
rather than typing.
But like I said,
if that's not an option
and you're just listening along,
that is also fine.
So I'm not actually going to leave you with a tune
because I think this episode was long enough.
If you want to find out a wee bit more about
tuxjam, then head over to tuxjam.otherside.network.
It's usually a monthly show we tend to release
with myself and Dave Lee and Andrew Conway,
both of those guys I know you have probably heard on HPR before.
If you really love this show,
then again, HPR, I mean,
then please do think about contributing.
Kind of numbers do seem a bit low just now.
The basically statement has always been from HPR
when they run out of shows,
that's the show ended.
So let's hope that this continues for another wee while.
So thank you so much for listening
and all the best.
You have been listening to Hecker Public Radio
at Hecker Public Radio does work.
Today's show was contributed by a HPR listener
like yourself.
If you ever thought of recording podcasts,
you click on our contribute link
to find out how easy it really is.
Hosting for HPR has been kindly provided
by an honesthost.com,
the internet archive, and our sings.net.
On the Sadois status,
today's show is released under Creative Commons,
Attribution 4.0 International License.
Reference in New Issue Copy Permalink