FFirewalls & routers

Why to use AdGuard / Pi-hole filtering blocklists and how to check their effectiveness?

0
Shares
0
0
0
0

Services like AdGuard Home or Pi-hole are popular ad-blocking and privacy protection tools that offers a variety of features to help users improve their online experience. One of its key features is its blocklist, which is essentially a list of URLs or domains that AdGuard/Pi-hole will block from loading on a user’s device. The blocklist contains entries for various types of content, including ads, trackers, malware, and phishing sites.

Using the blocklist can be beneficial for several reasons. First, it can help to speed up your browsing experience by preventing unnecessary content from loading. This can be particularly useful if you have a slow internet connection or are using a device with limited resources.

Second, it can help to protect your privacy by blocking trackers and other types of data collection tools that may be used to monitor your online activity. Finally, it can help to protect your device from malware and other types of malicious content by blocking known sources of such content.

Overall, the AdGuard blocklist can be a useful tool for anyone who wants to improve their online experience by blocking unwanted content, protecting their privacy, and staying safe online.

 

Why you should use Adguard/Pi-hole filtering in your network instead of web browser plug-ins for ad-blocking?

There are several reasons why you might want to use AdGuard Home or Pi-hole DNS over ad-blocking plugins in your browser:

  1. Block ads across all devices: Ad-blocking plugins are limited to the browser on which they are installed. AdGuard Home DNS, on the other hand, can block ads across all devices connected to your network, including phones, tablets, and smart TVs.
  2. Improved privacy: AdGuard Home DNS can block not only ads but also trackers and malicious websites. This provides an extra layer of protection for your online privacy.
  3. Reduced browser load: Ad-blocking plugins work by intercepting network requests and filtering out ads. This can put a strain on your browser, especially if you have a large number of tabs open. AdGuard Home DNS handles ad-blocking at the DNS level, meaning that your browser doesn’t need to do any extra work.
  4. Reduced network traffic: By blocking ads at the DNS level, AdGuard Home DNS can reduce the amount of network traffic generated by ads. This can lead to faster browsing speeds and lower data usage.

Overall, AdGuard Home DNS offers a more comprehensive ad-blocking solution than browser plugins, with improved privacy, reduced browser load, and reduced network traffic.

 

Picking right blocklists

Choose your blocklists with the following considerations in mind. First, consider your “threat” model by asking yourself what you want to block and why. This will help you efficiently determine what you need blocked to benefit you and your network. Also, take into account the devices on your network, how many there are, and what types they are. Not every device will benefit from being blocked, so keep that in mind. Be wary of blocking too much, as this can break many devices, services, and websites. More is not always better, so choose a balanced solution. Finally, if you plan to run an aggressive blocking setup, you should not be afraid to whitelist certain domains to maintain functionality.

1. Define your threat model

When setting up a Adguard/PiHole, it is important to consider your “threat” model by asking yourself two questions. Firstly, what do you want to block? This can include malware domains, advertising, trackers, telemetry, parental control, and more. Secondly, what are your reasons for blocking it? For example, you may want to block excessive device telemetry to prevent network slowdowns, or block adult-content related domains network-wide to protect children.

It is essential to determine what you need to block and why to ensure that your Adguard/PiHole is efficient and provides maximum benefit to your network. While there may not be a specific justification required for blocking certain things, it is still crucial to consider what you want to block and why.

It is also important to keep basic device functionality in mind since blocking “everything” may not be feasible. A “nuke everything” approach may cause various things to break, and some devices, services, or websites may become unusable or inaccessible.

2. Consider the types of devices in your network

When setting up your network, it’s crucial to consider the devices that are connected to it. You should ask yourself questions such as how many devices are connected and what types of devices they are. With the rise of smart devices, this can include a range of things from gaming consoles and smartphones to smart fridges and watches. However, it’s important to be mindful when deciding what to block and what to allow. For example, you may want to limit the amount of telemetry data that your Windows 10 PC sends to Microsoft, but blocking all requests related to known Microsoft domains could negatively impact the functionality of the device. It’s important to strike a balance between privacy and functionality. You may also need to consider the internet-connected services that your devices use, such as streaming services or online gaming. In these cases, blindly blocking everything could prevent you from accessing these services. It’s essential to weigh the benefits and drawbacks of blocking certain requests to ensure that your devices can function properly without sacrificing your desired level of privacy.

3. More is not always better

It is important to keep in mind that more is not always better when it comes to using blocking lists. Although there are a plethora of blocklists available, it is not advisable to use all of them as there can be a lot of redundancy and overlap among them. Using too many lists may also increase the likelihood of encountering false positives, which can be inconvenient to deal with. It’s better to find a balanced solution that enhances your privacy without sacrificing functionality. The stock blocklist may be sufficient for your needs, and it is important to remember that using every available blocklist is not necessarily the best approach.

4. Don’t be afraid to allow/whitelist URLs

If you’re planning to use an aggressive blocking setup, don’t hesitate to whitelist specific domains that might break legitimate websites or services. It may seem counterintuitive, but the more aggressive your blocking is, the higher the chances of encountering false positives and breaking websites or services.

You can still maintain your level of aggressiveness by whitelisting domains that are necessary for maintaining functionality. However, be sure to update your whitelist regularly as these domains can change over time.

Domains can become obsolete and crucial services may be moved to other hosts with different domains, so you need to be vigilant about updating your whitelist. Your whitelist may also grow over time due to factors like the addition of new devices on your network, updates, or the installation of new apps on your devices.

 

Blocklist collections

When it comes to blocklists, there are plenty of resources to choose from. The best approach is to use a search engine with the query “best pi-hole blocklists” to find some latest and best blocklist to use. Additionally you can add a country-code like US or type of traffic you want to block to find blocklists specific for your use case ex. “pi-hole blocklist US malware”.

Here are sample sites that list latest blocklists:

  • https://avoidthehack.com/best-pihole-blocklists
  • https://ninja-ide.org/pihole-blocklists-2022/
  • https://github.com/topics/pi-hole-blocklists

Sample blocklist collections

Below you’ll find a list of prominent blocklists that you can use in your setup. Before adding any of these please acknowledge with their use cases by searching their descriptions in search engines.


Copy Code

 



  - enabled: true
    url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
    name: AdGuard DNS filter
    id: 1
  - enabled: true
    url: https://adaway.org/hosts.txt
    name: AdAway Default Blocklist
    id: 2
  - enabled: true
    url: https://someonewhocares.org/hosts/zero/hosts
    name: Dan Pollock's List
    id: 1667252933
  - enabled: true
    url: https://raw.githubusercontent.com/DandelionSprout/adfilt/master/GameConsoleAdblockList.txt
    name: Game Console Adblock List
    id: 1667252934
  - enabled: true
    url: https://abp.oisd.nl/basic/
    name: OISD Blocklist Basic
    id: 1667252935
  - enabled: true
    url: https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV-AGH.txt
    name: Perflyst and Dandelion Sprout's Smart-TV Blocklist
    id: 1667252936
  - enabled: true
    url: https://pgl.yoyo.org/adservers/serverlist.php?hostformat=adblockplus&showintro=1&mimetype=plaintext
    name: Peter Lowe's List
    id: 1667252937
  - enabled: true
    url: https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareAdGuardHome.txt
    name: Dandelion Sprout's Anti-Malware List
    id: 1667252938
  - enabled: true
    url: https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt
    name: NoCoin Filter List
    id: 1667252939
  - enabled: true
    url: https://raw.githubusercontent.com/durablenapkin/scamblocklist/master/adguard.txt
    name: Scam Blocklist by DurableNapkin
    id: 1667252940
  - enabled: true
    url: https://raw.githubusercontent.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites/master/hosts
    name: The Big List of Hacked Malware Web Sites
    id: 1667252941
  - enabled: true
    url: https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
    name: WindowsSpyBlocker - Hosts spy rules
    id: 1667252942
  - enabled: true
    url: https://malware-filter.gitlab.io/malware-filter/urlhaus-filter-agh-online.txt
    name: Online Malicious URL Blocklist
    id: 1667252943
  - enabled: true
    url: https://raw.githubusercontent.com/DRSDavidSoft/additional-hosts/master/domains/blacklist/unwanted-iranian.txt
    name: 'IRN: Unwanted Iranian domains'
    id: 1667252944
  - enabled: true
    url: https://raw.githubusercontent.com/MajkiIT/polish-ads-filter/master/polish-pihole-filters/hostfile.txt
    name: 'POL: Polish filters for Pi hole'
    id: 1667252945
  - enabled: true
    url: https://raw.githubusercontent.com/ABPindo/indonesianadblockrules/master/subscriptions/abpindo.txt
    name: 'IDN: ABPindo'
    id: 1667252946
  - enabled: true
    url: https://abpvn.com/android/abpvn.txt
    name: 'VNM: ABPVN List'
    id: 1667252947
  - enabled: true
    url: https://anti-ad.net/easylist.txt
    name: 'CHN: anti-AD'
    id: 1667252948
  - enabled: true
    url: https://raw.githubusercontent.com/lassekongo83/Frellwits-filter-lists/master/Frellwits-Swedish-Hosts-File.txt
    name: 'SWE: Frellwit''s Swedish Hosts File'
    id: 1667252949
  - enabled: true
    url: https://filtri-dns.ga/filtri.txt
    name: 'ITA: Filtri-DNS'
    id: 1667252950
  - enabled: true
    url: https://raw.githubusercontent.com/yous/YousList/master/hosts.txt
    name: 'KOR: YousList'
    id: 1667252951
  - enabled: true
    url: https://raw.githubusercontent.com/DandelionSprout/adfilt/master/NorwegianExperimentalList%20alternate%20versions/NordicFiltersAdGuardHome.txt
    name: 'NOR: Dandelion Sprouts nordiske filtre'
    id: 1667252952
  - enabled: true
    url: https://raw.githubusercontent.com/cchevy/macedonian-pi-hole-blocklist/master/hosts.txt
    name: 'MKD: Macedonian Pi-hole Blocklist'
    id: 1667252953
  - enabled: true
    url: https://easylist-downloads.adblockplus.org/easylistdutch.txt
    name: 'NLD: Easylist'
    id: 1667252954
  - enabled: true
    url: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
    name: "1"
    id: 1667256468
  - enabled: true
    url: http://sysctl.org/cameleon/hosts
    name: "1"
    id: 1667256469
  - enabled: true
    url: https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt
    name: "2"
    id: 1667256470
  - enabled: true
    url: https://block.energized.pro/porn/formats/hosts.txt
    name: "3"
    id: 1667256471
  - enabled: true
    url: http://hole.cert.pl/domains/domains_hosts.txt
    name: "4"
    id: 1667256473
  - enabled: true
    url: https://dbl.oisd.nl
    name: "1"
    id: 1667256474
  - enabled: true
    url: https://github.com/chadmayfield/pihole-blocklists/raw/master/lists/pi_blocklist_porn_all.list
    name: "1"
    id: 1667256476
  - enabled: true
    url: https://gitlab.com/ookangzheng/dbl-oisd-nl/raw/master/dbl.txt
    name: "1"
    id: 1667256480
  - enabled: true
    url: https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt
    name: "1"
    id: 1667256481
  - enabled: true
    url: https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt
    name: "2"
    id: 1667256482
  - enabled: true
    url: https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt
    name: "2"
    id: 1667256483
  - enabled: true
    url: https://hostfiles.frogeye.fr/multiparty-trackers-hosts.txt
    name: "4"
    id: 1667256484
  - enabled: true
    url: https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt
    name: "4"
    id: 1667256485
  - enabled: true
    url: https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext
    name: "5"
    id: 1667256487
  - enabled: true
    url: https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext
    name: "2"
    id: 1667256488
  - enabled: true
    url: https://phishing.army/download/phishing_army_blocklist_extended.txt
    name: "1"
    id: 1667256489
  - enabled: true
    url: https://raw.githubusercontent.com/AmnestyTech/investigations/master/2021-07-18_nso/domains.txt
    name: "4"
    id: 1667256490
  - enabled: true
    url: https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
    name: "4"
    id: 1667256491
  - enabled: true
    url: https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts
    name: "5"
    id: 1667256492
  - enabled: true
    url: https://raw.githubusercontent.com/bogachenko/fuckfuckadblock/master/fuckfuckadblock.txt
    name: "1"
    id: 1667256493
  - enabled: true
    url: https://raw.githubusercontent.com/chadmayfield/my-pihole-blocklists/master/lists/pi_blocklist_porn_all.list
    name: "1"
    id: 1667256494
  - enabled: true
    url: https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt
    name: "5"
    id: 1667256495
  - enabled: true
    url: https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists/ParsedBlacklists/AakList.txt
    name: "3"
    id: 1667256496
  - enabled: true
    url: https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists/ParsedBlacklists/Prebake-Obtrusive.txt
    name: "2"
    id: 1667256497
  - enabled: true
    url: https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts
    name: "3"
    id: 1667256498
  - enabled: true
    url: https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts
    name: "2"
    id: 1667256499
  - enabled: true
    url: https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts
    name: "2"
    id: 1667256500
  - enabled: true
    url: https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts
    name: "2"
    id: 1667256501
  - enabled: true
    url: https://raw.githubusercontent.com/hectorm/hmirror/master/data/adaway.org/list.txt
    name: "3"
    id: 1667256502
  - enabled: true
    url: https://raw.githubusercontent.com/HenningVanRaumle/pihole-ytadblock/master/ytadblock.txt
    name: "22"
    id: 1667256503
  - enabled: true
    url: https://raw.githubusercontent.com/jdlingyu/ad-wars/master/hosts
    name: "22"
    id: 1667256504
  - enabled: true
    url: https://raw.githubusercontent.com/jjjxu/NSO_Pegasus_Blocklist/master/Pegasus-Hosts-Formatted.txt
    name: "22"
    id: 1667256505
  - enabled: true
    url: https://raw.githubusercontent.com/MajkiIT/polish-ads-filter/master/polish-pihole-filters/Ad_filter_list_by_Disconnect.txt
    name: "1"
    id: 1667256506
  - enabled: true
    url: https://raw.githubusercontent.com/MajkiIT/polish-ads-filter/master/polish-pihole-filters/adguard_crypto_host.txt
    name: "1"
    id: 1667256507
  - enabled: true
    url: https://raw.githubusercontent.com/MajkiIT/polish-ads-filter/master/polish-pihole-filters/adguard_host.txt
    name: "2"
    id: 1667256508
  - enabled: true
    url: https://raw.githubusercontent.com/MajkiIT/polish-ads-filter/master/polish-pihole-filters/adguard_mobile_host.txt
    name: "2"
    id: 1667256509
  - enabled: true
    url: https://raw.githubusercontent.com/MajkiIT/polish-ads-filter/master/polish-pihole-filters/adservers.txt
    name: "2"
    id: 1667256510
  - enabled: true
    url: https://raw.githubusercontent.com/MajkiIT/polish-ads-filter/master/polish-pihole-filters/easy_privacy_host.txt
    name: "2"
    id: 1667256511
  - enabled: true
    url: https://raw.githubusercontent.com/MajkiIT/polish-ads-filter/master/polish-pihole-filters/easylist_host.txt
    name: "2"
    id: 1667256512
  - enabled: true
    url: https://raw.githubusercontent.com/MajkiIT/polish-ads-filter/master/polish-pihole-filters/gambling-hosts.txt
    name: "2"
    id: 1667256513
  - enabled: true
    url: https://raw.githubusercontent.com/MajkiIT/polish-ads-filter/master/polish-pihole-filters/kad_host.txt
    name: "3"
    id: 1667256514
  - enabled: true
    url: https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt
    name: "2"
    id: 1667256515
  - enabled: true
    url: https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt
    name: "2"
    id: 1667256516
  - enabled: true
    url: https://raw.githubusercontent.com/root-host/Spotify-AdBlock/master/domains2
    name: "2"
    id: 1667256517
  - enabled: true
    url: https://raw.githubusercontent.com/Sekhan/TheGreatWall/master/TheGreatWall.txt
    name: "2"
    id: 1667256518
  - enabled: true
    url: https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt
    name: "2"
    id: 1667256519
  - enabled: true
    url: https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
    name: "2"
    id: 1667256520
  - enabled: true
    url: https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
    name: "2"
    id: 1667256521
  - enabled: true
    url: https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
    name: "2"
    id: 1667256522
  - enabled: true
    url: https://urlhaus.abuse.ch/downloads/hostfile/
    name: "2"
    id: 1667256526
  - enabled: true
    url: https://v.firebog.net/hosts/AdguardDNS.txt
    name: "2"
    id: 1667256527
  - enabled: true
    url: https://v.firebog.net/hosts/Admiral.txt
    name: "2"
    id: 1667256528
  - enabled: true
    url: https://v.firebog.net/hosts/Easylist.txt
    name: "2"
    id: 1667256529
  - enabled: true
    url: https://v.firebog.net/hosts/Easyprivacy.txt
    name: "2"
    id: 1667256530
  - enabled: true
    url: https://v.firebog.net/hosts/Prigent-Ads.txt
    name: "2"
    id: 1667256531
  - enabled: true
    url: https://v.firebog.net/hosts/Prigent-Crypto.txt
    name: "2"
    id: 1667256532
  - enabled: true
    url: https://v.firebog.net/hosts/static/w3kbl.txt
    name: "2"
    id: 1667256533
  - enabled: true
    url: https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt
    name: "2"
    id: 1667256534
  - enabled: true
    url: https://www.github.developerdan.com/hosts/lists/amp-hosts-extended.txt
    name: "2"
    id: 1667256535
  - enabled: true
    url: https://www.github.developerdan.com/hosts/lists/dating-services-extended.txt
    name: "2"
    id: 1667256536
  - enabled: true
    url: https://www.github.developerdan.com/hosts/lists/facebook-extended.txt
    name: "22"
    id: 1667256537
  - enabled: true
    url: https://www.github.developerdan.com/hosts/lists/hate-and-junk-extended.txt
    name: "322"
    id: 1667256538
  - enabled: true
    url: https://www.github.developerdan.com/hosts/lists/tracking-aggressive-extended.txt
    name: "22"
    id: 1667256539
  - enabled: true
    url: https://www.stopforumspam.com/downloads/toxic_domains_whole.txt
    name: "22"
    id: 1667256540
  - enabled: true
    url: https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser
    name: "222"
    id: 1667256541
  - enabled: true
    url: https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_11_Mobile/filter.txt
    name: Adguard Mobile Ads
    id: 1667305801
  - enabled: true
    url: https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_3_Spyware/filter.txt
    name: Adguard Tracking Protection
    id: 1667305802
  - enabled: true
    url: https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_17_TrackParam/filter.txt
    name: Adguard URL tracking filter
    id: 1667305803
  - enabled: true
    url: http://hole.cert.pl/domains/domains.txt
    name: CERT POLSKA fraud
    id: 1667305804
  - enabled: true
    url: https://raw.githubusercontent.com/llacb47/mischosts/master/apple-telemetry
    name: APPLE telemmetry
    id: 1667305805
  - enabled: true
    url: https://raw.githubusercontent.com/MajkiIT/polish-ads-filter/master/polish-pihole-filters/SmartTV_ads.txt
    name: SmartTV
    id: 1667305806
  - enabled: true
    url: https://easylist-downloads.adblockplus.org/easylistpolish.txt
    name: Easylist Polish
    id: 1667305811

2023-10 UPDATE

https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/spam.mails
https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/child-protection
https://big.oisd.nl
https://nsfw.oisd.nl
https://blocklistproject.github.io/Lists/adobe.txt
https://blocklistproject.github.io/Lists/tracking.txt
https://blocklistproject.github.io/Lists/scam.txt
https://blocklistproject.github.io/Lists/malware.txt
https://blocklistproject.github.io/Lists/fraud.txt
https://blocklistproject.github.io/Lists/smart-tv.txt
https://blocklistproject.github.io/Lists/drugs.txt
https://blocklistproject.github.io/Lists/crypto.txt
https://blocklistproject.github.io/Lists/ads.txt
https://blocklistproject.github.io/Lists/abuse.txt
https://hole.cert.pl/domains/domains.txt
https://raw.githubusercontent.com/EnergizedProtection/EnergizedBlu/master/energized/blu.txt
https://hosts.anudeep.me/mirror/CoinMiner.txt
https://phishing.army/download/phishing_army_blocklist_extended.txt
https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt
https://raw.githubusercontent.com/d3ward/toolz/master/src/d3host.txt
https://easylist.to/easylist/easyprivacy.txt
https://secure.fanboy.co.nz/fanboy-cookiemonster.txt
https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/nocoin.txt
https://raw.githubusercontent.com/FiltersHeroes/KADhosts/master/KADhole.txt

https://raw.githubusercontent.com/laylavish/uBlockOrigin-HUGE-AI-Blocklist/main/noai_hosts.txt

 

NOTE: Each blocklist needs to be customized to various environment, since some of the URLs with the huge amount of filters needs to be white-listed manually by observing the AdGuard query and reports from the users. The best approach is to add each blocklist and test if won’t break the workflow.

You can add these blocklists by simpy editing the AdGuardHome.yaml file in your AdGuard configuration via VI Editor or by putting the URLs manually via GUI. If you more into using scripts you can use some automation scripts available in Github.

 

White-listing URLs

You can easily track the behavior of devices in Adguard Home > Query and adjust the traffic by white-listing some domains or block them.

 

Testing the blocklist effectiveness against the telemetry and ads

The various tests help you in identifying what formats of advertisements are blocked or unblocked so that you can understand your ad-blockers effectiveness. Use the various tests to test ad-blockers such as AdBlock, AdBlock Plus, AdBlocker Ultimate, AdGuard, Ghostery, uBlock Origin, Pi-Hole, NoScript and more with various ad formats such as Web Banners, Native Ads, Pop-Unders,  In-Page Push Ads, etc from popular Ad Networks.

 

Things that Adblock DNS server cannot block easily

As you know the Adblock Home is an internal DNS server which resolves the requested domain name that is pushed from the client ex. www.google.com to IP format ex. 8.8.8.8. Adblocking service can filter only the traffic that contains the domain name.

 

If the client connects via application to an IP server that has no domain set, the connection will bypass the DNS service.

 

In that case if you want to make your client more secure, you need to install additional IPS service on OPNsense firewall like Suricata, Snort, Zenarmor or Crowdsec so the traffic will be filtered automatically based on the public threat blocklists.

 

Suricata

Zenarmor

 

If you would like to be more in control of your client machine you can also filter all the outgoing connections using the Safing Portmaster app (Windows/Linux) or Little Snitch (MacOS)

 

There are additional services that are worth to mention that are not blocked easily. It is not likely that you’ll be able to block in-video ads with Adguard/Pi-hole. For that, you’ll need something like uBlock origin for desktop/browser, Adblocker for Youtube in browser, Newpipe for Android or Freetube for all platforms.

 

0 Shares:
Share 0
Tweet 0
Pin it 0

Network security expert with a deep passion for wireless networks, networking and data security. When I'm not working, you'll find me diving into hobby projects, contributing to open-source initiatives, or enjoying hands-on experiments with cutting-edge tech. My goal is to bridge the gap between complex concepts and accessible knowledge, making the world of network security both intriguing and approachable for all.

You May Also Like