WD
WD

Setting Up Pihole With Mac OS X to Block Ads Everywhere in Your House

I use four different adblockers for my browser, plus extensions that hide various things like the Facebook timeline (I only really need Messenger + Events these days) or hide reposts on Soundcloud.

The web is increasingly funded by garbage & bloat that comes packaged along with the content you want to see. I happily pay for online services (Spotify, Soundcloud, Evernote, etc) but many services, like Facebook or random news sites don’t offer this. Nor do I want to subscribe to every news website - my friend sent me a random link to click on, I don’t want a lifetime subscription.

It’s not just about seeing annoying ads, it’s about privacy (being tracked by ad networks), page load time (have you tried loading CNET.com lately???), safety (malware), and for mobile clients, minimzing data usage. Thus, Adblockers have started to become more mainstream.

But what about native apps? Or using my iPhone / Android?

Now you can even do that.

Pihole is a nice way to set up a homegrown server on a Raspberry Pi that filters every web request you make - even on smartphones, iPads - anything on your Wifi network.

Here’s the dead simple instructions. From start to finish this took me less than an hour.

Setting up Headless (no Monitor) Pihole

You can set up a headless Pihole with just a Raspberry Pi, a power cable that comes with it, your laptop, and an SD card. No need for mouse, keyboard, or monitor.

  1. Order a Raspberry Pi. I like the 3B since it has decent storage + Wifi. It was $27.
  2. You have to load an operating system (OS) image (from here) onto SD card. The Pi can’t boot without an SD card with a boot image on it. I choose RASPBIAN STRETCH LITE.
  3. Download the ZIP of the OS image.
  4. Install Etcher.
  5. Feed ZIP into Etcher and burn image onto SD card.
  6. Reload the SD card onto your computer - should be called “boot”.
  7. Execute the following in the terminal:
    $ cd /Volume/boot
    $ touch ssh  # this enables SSH on startup
    $ cd ..
    
  8. Eject the SD card, put it into the Pi.
  9. It should use this boot image, boot OS, and start the SSH server.
  10. Install nmap:
    $ brew install nmap
    
  11. Find local IP in Mac OS X: System Preference > Network, should be like 10.0.0.x or 192.168.x.x.
  12. Find devices connected to the same Wifi network:
     $ nmap -sn 10.0.0.0/24  # scan ports for 10.0.0.xxx where xxx is 1 - 255
     Nmap scan report for 10.0.0.1
     Host is up (0.023s latency).
     Nmap scan report for 10.0.0.92
     Host is up (0.017s latency).
     Nmap scan report for 10.0.0.142
     Host is up (0.056s latency).
     Nmap scan report for 10.0.0.150
     Host is up (0.00030s latency).
     Nmap scan report for 10.0.0.241
     Host is up (0.020s latency).
     Nmap scan report for 10.0.0.254
     Host is up (0.019s latency).
     Nmap done: 256 IP addresses (6 hosts up) scanned in 2.57 seconds
    
  13. For each IP address, try the following:
     $ ssh pi@<ip-address-here>
    
  14. Eventually, you’ll see the following:
     The authenticity of host '10.0.0.92 (10.0.0.92)' can't be established.
     ECDSA key fingerprint is SHA256:JWu8wZKPNVN/oqeBWZCQT7/h62+a67euoa3HFaJeizM.
     Are you sure you want to continue connecting (yes/no)?
    
  15. Type ‘yes’, type the password ‘raspberry’, and you’re in.
     $ uname -a
     Linux raspberrypi 4.14.79-v7+ #1159 SMP Sun Nov 4 11:50:20 GMT 2018 armv7l GNU/Linux
    
  16. To set locale, timezone, Wifi SSID + password (if Wifi enabled Pi):
     $ sudo raspi-config
    
  17. Then change the password:
     $ passwd
    
  18. Then run PiHole installer: curl -sSL https://install.pi-hole.net | bash.
    • Choose a static IP address, remember this.
    • Mostly can just stick with the defaults
  19. Restart the Pi to take that <static-IP-address> into account
  20. SSH back into the Pi with: ssh pi@<static-IP-address>
  21. We confirmed that Pihole is running. Great.
  22. Go to your iPhone and go to your Wifi network (same network Pi is running on or plugged into modem/router)
  23. Change DNS setting to first use your Pihole’s static IP <static-IP-address>
    • I’d also recommend removing Comcast or insert-other-shitty-ISP’s DNS server as well
    • If you’re worried about the Pi going offline or whatever, stick 8.8.8.8 and 8.8.4.4 (Google’s DNS servers) at the end of the list
    • If you’re even more privacy conscious, look up OpenDNS and use their DNS server IP addresses
  24. Now you’re good to go! Try visiting CNET.com on your iPhone browser and watch the blissful speed you get and lack of ads as you scroll down.

Pretty easy.

Admin Panel

Visit it at http://<static-pihole-ip-address>/admin.

Here you can manage blocklists, see how much blocking is going on, and even watch logs to see requests come through in realtime.

Or even the top blocked tracking domains:

After using for a couple hours I was shocked - around 30% of all requests made on my iPhone were adservers, trackers, and/or malware.

Setting up passwordless SSH

It’s annoying to log into the Pi all the time without this. To add SSH passwordless login:

$ ssh-copy-id -i ~/.ssh/id_rsa.pub pi@10.0.0.10

And add to ~/.ssh/config:

Host pihole
  Hostname 10.0.0.10
  User pi

Now you should be able to do:

$ ssh pihole

Blocklists are located at: /etc/pihole/adlists.list. To change the lists:

$ sudo nano /etc/pihole/adlists.list

Comment out with # any you don’t want, or add more. Then to reload the blocklists:

$ pihole -g

To see what is being blocked in realtime:

$ pihole -t  # same as: tail -f /var/log/pihole.log

For example, in the first 100 ms when opening Messenger (blocked ones are with [query] label):

Wow.

Happy Pihole-ing!