[Solved] Pattern Ad Blocker - easylist format

As much as I understand eBlocker you can have one active only:

- Domain Blocker
- Pattern Blocker 
Tested the Pattern Blocker with advanced anti-ad-blocker-blocklist and eBlocker went all "destroy all humans" at me. What I see is that the pattern files style edits get recognized to a specific point. After that it will just ignore the rule all together.

My suggestion is to mix match best out of both worlds:
I made this in to my project -> eBlocker and Pi-hole (But using Pi-hole as an unbound DNS Server) 

Intention is to offload the Domain-Blocker to Pi-hole and if the Patterns miss something I can see that in Pi-hole very easy - Plus the added advantage - The Pi-hole will be eblockers DNS Uplink Server. 😉

Have to wait for eBlocker Raspi 4 version or docker to get developed since using a Pi-hole on a Raspi. 4 is pure overkill. ^^

Sincerely
Eli. 
--------------------------------------------- UPDATE --- 16.01.2020 ----------------------------------------

From today on I have configured my Pi-hole to my "raspberry pi 4b" - could not wait...

What I did?
Clean Pi-hole install 
Tested Pi-hole DNS directly with Quad9 Uplink DNS Server
Installed and Configured - Unbound - Recursive DNS Server and Signatures
Like this all DNS Querys hit the Pi-hole and it makes a direct request to the Root-DNS-Servers plus Signature chain.

Example DNS Query:

PC----> eblocker -----> Pi-hole <---> Unbound (Service Local on Pi-hole) ---> Router ----> ISP

Best part out of it that I do not need to rely on services like cloudflare, quad9 and google to function since I request directly from the root servers.

DNSSec works too! 🙂

eBlocker is setup to have the Pi-hole as the Uplink server and disabled all Domain Blocklists since Pi-hole will take care of that part by itself and I am able to see what domains are "bogus" or "insecure". Now the added advantage is the following with eBlocker...

HTTPs Inspection --- goes to Pattern Files ---- that forwards unblocked querys to the DNS (Pi-hole) ---- that checks if the Domains are Blacklisted and allows/denys that query ---- verfiys DNSSEC  ------ So you have the best of two worlds HTTPS Inspection from eBlocker and DNSSec, RecursiveDNS and Blocklist from unblound/Pi-hole.

Best regards
Eli.
 

Hey Eli that sounds great. I thought about an similar set up in my network but I am not sure if I will set all up properly.

so I thought about something like this

Devices connected to Fritz.box(DHCP off, DNS from eblocker) —>eblocker(dhcp Server & DNSfirewall active)DNS configuration to Pi Hole —>Pi Hole with cloud flare as DNS 

i hope it is understandable 😀

as addition and a little oftopic. 
On some sides I have seen that I can‘t click on any links when the eblocker is active. Even when the websites are in the whitelist. Could it be that some java scripts are blocked?

Hello @Seruschl,

welcome at the eblocker forum. 🙂

The thing about DNS Traffic is to understand how it works and what you would like to achieve with the configuration. 

How does DNS work? (Basics) 
https://www.youtube.com/watch?v=72snZctFFtA

So what happens with your PC?
Your PC wants to go to "example.com"
PC <----> eblocker <-----> Pi-hole <----> Cloudflare, IBM, Google and more... <----> Root DNS Servers 

The idea with using "unbound" on the Pi-hole was that it turns the normal DNS in to a Recursive DNS with access to the Root DNS Servers with Certificate chain for DNSsec.

I tested this on my system and it was super easy to setup (Guide and Explanation):
https://pi-hole.net/2018/06/09/ftldns-and-unbound-combined-for-your-own-all-around-dns-solution/

What does that mean?
Since Pi-hole can cache requests and certificate chains for DNSsec it is super fast after it found something. Plus you do not need to rely on other DNS Providers to be online and running. Since you request it directly from the RootDNSServer with Cert. chain.

So what does what and when?
DHCP = eblocker
Gateway = eblocker
DNS = eblocker
@eblocker gui -> Upstream = Pi-hole
@Pi-hole -> (127.0.0.1:5353) Loopback to "unbound"
Router in that manner just acts as a Switch with its own IP and connection to the ISP. 
Important: "Do not forget to disable DHCP on your Router!" 😉

Best regards
Eli.

Thanks for the explanation @Eli it will help a lot 

Posted by: @Eli

So what does what and when?
DHCP = eblocker
Gateway = eblocker
DNS = eblocker
@eblocker gui -> Upstream = Pi-hole
@Pi-hole -> (127.0.0.1:5353) Loopback to "unbound"
Router in that manner just acts as a Switch with its own IP and connection to the ISP. 
Important: "Do not forget to disable DHCP on your Router!" 😉

Best regards
Eli.

Hi,

I am very interested in your configuration. Could you please explain it more detailed?

Which gateway do i have to use in eblocker?

Thanks in advance. Regards

@jens123 Gateway (in eBlocker) needs always to be set to your router‘s IP. (That‘s „how the Internet works“ basics)

I‘m not sure what you try to achieve - as above setting are rather „very special“.

Above‘s setting always results in overblocking and disables the advantages of eBlocker‘s pattern blocker.

Example: gooddomain.com/badtracker.php will be filtered by eBlockers pattern blocker. But if you add another DNS blocker (like pihole) it either blocks the full domain - so you can not access gooddomain.com/goodurl.php anymore (which eBlocker‘s pattern blocker would pass). Or if gooddomain.com is not on the pihole list, then the request will just pass - but not give you any advantage to eBlocker. 

If you are looking for DNSSEC support I‘d rather vote up this feature request in the Feature Request forum. But even DNSSEC is a rather „special“ requirement as well...

So again I would recommend to rethink your requirements and not try to add as many blocking tools / list / tricks you can find if you are not an expert and 100% sure what you do.

eBlocker is meant for full protection - and there is no need for the general user to add more tools...

THX!