Is this Nethserver module helpful to you?
Please consider donating to the author

Thank you kindly!

2019/03/04 05:32 · HF

Available for NS7

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole and optionally a DHCP server (even if it is workable, you could use the router of your network or the DHCP server of NethServer), intended for use on a private network. It is designed for use on embedded devices with network capability, such as the Raspberry Pi,but it can be used on other machines running Linux and cloud implementations.

Pi-hole has the ability to block traditional website advertisements as well as advertisements in unconventional places, such as smart TVs and mobile operating system advertisements.

nethserver-pihole relie on nethserver-docker, you will run a docker container either on the aeria network (experimental) or on the macvlan network (Recommended). Saying that the pihole container will have an IP on your network, you will just have to set in the DHCP server of your network that the DNS server is the IP of pihole


Stephane de Labrusse at


1-You need to install my repository, see how to do it

2-You can install pihole

yum install nethserver-pihole --enablerepo=stephdl


Macvlan is particuliar network, this is the documentation for explanation, please refer there to understand:

You must have a bridge, here called br0, if you have installed SAMBA AD, then it is already created. Else you can use the network panel to make it available.

config setprop  docker macVlanGateway macVlanLocalNetwork macVlanNetwork macVlanNic br0
signal-event nethserver-docker-update
  • check macvlan is up : docker network ls
  • then assign macvlan to piholeNetwork and set the IP to piholeMacVlanIP (in macvlan range)
config setprop pihole piholeNetwork macvlan piholeMacVlanIP

Create the container

review the pihole conf : config show pihole

    DNS1=    #upstream dns
    DNS2=    #upstream dns
    mac=00:60:2f:0a:66:06    # once generated, it is static mac
    password=admin  #web admin password

  • change the admin password (default is admin) By default the password is admin, you should change it obviously, once created with a password, you must destroy the container, change the password and create it again.

config setprop docker password azertyuiop

  • Modify the upstream DNS of pihole following your needs, it can be used (default is google DNS)

you can adjust to different dns if you think they are faster or DNS with adult filtering if your want to protect your kids

as example I will use, decide what Family or Adult filter to use

If you want to filter porn, set DNS1 and DNS2 to

Family filter
    DNS1=    #upstream dns
    DNS2=    #upstream dns
Adult filter
    DNS1=    #upstream dns
    DNS2=    #upstream dns

set DNS1 and DNS2 accordingly

config setprop pihole DNS1 DNS2


config setprop pihole DNS1 DNS2
  • trigger the event to create the container
signal-event nethserver-pihole-update
  • The time depends of your internet bandwith
  • check docker pihole is up :

docker ps

pihole status


Where to start

Once installed dolibarr is available at the ip of the container, to find it do pihole ip in the terminal, use the IP of the container in your browser, then log with the credential admin and the password set in the password esmith property

pihole wrapper

do pihole in your container to get help

pihole facilities wrapper to docker command

pihole ip : find the IP of pihole given by your dhcp server for aeria network
pihole status : retrieve the status of pihole container
pihole env : retrieve all the environment vars of the container
pihole bash : start a shell inside the container
pihole start: Start the pihole container
pihole stop: Stop the pihole container
pihole destroy: Delete the pihole container
pihole build: Delete then create the pihole container
pihole ps: Container information
pihole log: Display the error log of the container


As many docker container the upgrade of a container means you must destroy it before

pihole build

delete then build again the container


Please raise Issues on github