If you are using Firewalla Red or Blue, please follow the directions below. Firewalla Gold will need to run Pi-Hole in docker containers. Here is the beta guide for running Pi-Hole on Gold: https://help.firewalla.com/hc/en-us/articles/360051625034
Firewalla is a full distribution Linux, so it is possible to install many different services running alongside Firewalla. Here is a quick tutorial on bringing one of the open-source projects to Firewalla in less than 5 mins.
- This tutorial will only work with Firewalla version 1.965 or greater
- Please make sure you know how to reset firewalla, in case things blow up.
- Please only try this on the Firewalla Blue. The red may not have enough RAM.
- Pi-hole won't with the following features of Firewalla on the same device. Firewalla's feature always have a higher priority. These features are: Family Protect, Adblock, and DNS over HTTPS.
- This tutorial is only for Pro people.
- You should not enable conditional forwarding in most cases or it might create DNS loop.
- Pi-Hole query database may eat up all left space on Firewalla disk if it is not managed well. Reference: https://docs.pi-hole.net/database/ftl/
Warning: The conflict of DNS blocking between Pi-Hole and Firewalla
If you install Pi-Hole on Firewalla, Pi-hole will become the upstream DNS server of Firewalla. All DNS traffic will route through Firewalla first then to Pi-Hole, so that you will only be able to see localhost and Firewalla on the Pi-Hole portal.
Devices -> Firewalla -> Pi-Hole -> further upstream DNS servers
To get individual stats on devices, you will have to install Pi-Hole on a separate device and use it as DNS server in your router DHCP setting. But in this way, you will lose all the per-device DNS features (Family Protect, Ad-Block, Safe search, etc.) on Firewalla, because Firewalla will only see DNS traffic from Pi-Hole.
Devices -> Pi-Hole -> Firewalla -> further upstream DNS servers
How to run Pi-Hole on Firewalla in 5 mins
Step 1. Get Firewalla SSH password from Firewalla App (Settings-> Advanced -> Configurations -> SSH Console -> tap the password to reveal it).
Step 2. Login Firewalla by ssh, the user account is pi. Then install Pi-Hole with this command:
curl -sSL https://install.pi-hole.net | bash
Step 3. On Firewalla app, go Settings -> Advanced -> Network Settings. Change the DNS of primary network (if you are in simple mode) or overlay network (if you are in DHCP mode) to Firewalla's IP address in PRIMARY network.
Step 4. Reboot Firewalla ( Settings-> Advanced -> Reboot), and it's done.
1. Firewalla may take longer to complete the reboot process when pi-hole is installed, so please be patient.
2. If you enabled web interface when installing Pi-Hole, you can access by http://<firewalla_ip>. If you see Firewalla pairing page when accessing the site, it means the pairing service is running, just wait for 10 minutes and try again.