this post was submitted on 22 Mar 2025
18 points (100.0% liked)

Pi-hole

509 readers
1 users here now

The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software.

founded 2 years ago
MODERATORS
[email protected]
18
How practical is it to block everything by default? (feddit.uk)
submitted 6 days ago by [email protected] to c/[email protected]
31 comments fedilink hide all child comments
 

I've just set up my pihole and I'm considering the best way to configure it. Is it a good idea to set the default group to block (almost) all domains and then manually add trusted devices to another group with a "normal" block list? My use case is untrustworthy devices that I don't want phoning home but which might change their IP address.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 6 days ago (1 children)

My use case is untrustworthy devices that I don't want phoning home but which might change their IP address.

If you're using DHCP, you might be able to tell your router to assign a specific IP to the MAC address.

Alternatively, if you have a few trusted devices on your network, can you add them to an allow list and deny traffic to every other IP?

[–] [email protected] 1 points 6 days ago

If you're using DHCP, you might be able to tell your router to assign a specific IP to the MAC address.

Hopefully, seems pretty unlikely that the untrusted devices will bother spoofing their MAC addresses

can you add them to an allow list and deny traffic to every other IP?

Yeah that's what I meant by manually adding trusted devices to a group with a normal block list