https://pi-hole.net/

https://github.com/pi-hole/pi-hole

https://discourse.pi-hole.net/t/hardware-software-requirements

https://docs.pi-hole.net/main/prerequesites/

https://discourse.pi-hole.net/t/seven-things-you-may-not-know-about-pi-hole

https://freek.ws/2017/03/18/public-pi-hole/

pihole -up

curl -sSL https://install.pi-hole.net | bash

Change the pihole user password used to log in to the web interface:

pihole -a -p

Pi-Hole seems to work fine with only port 53 (TCP and UDP) exposed publicly.

Port 80 needs to be open for the web administration.

We use CSF firewall for bastion hosts.

Create an IP list from the last two days:

cat /var/log/pihole.log |grep query |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq > evildoers.txt
cat /var/log/pihole.log.1 |grep query |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq >> evildoers.txt

RegEx to find IP of attacker of ELDERJUSTICE.GOV:

^\S+\s+\d+\s+\S+ \S+ query\[[A-Z]+\] ELDERJUSTICE.GOV from (\d+\.\d+\.\d+\.\d+)

vim /usr/local/csf/bin/regex.custom.pm

Inserting this :

# Pihole
if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ query\[[A-Z]+\] ELDERJUSTICE.GOV from (\d+\.\d+\.\d+\.\d+)/)) {
return ("DNS attack from",$1,"mydnsmatch","3","53","604800");
}

vim /etc/csf/csf.conf

Change:

CUSTOM1_LOG = "/var/log/pihole.log"

Reboot needed?