This is a script for installing pi-hole container on Firewalla Gold or Purple. It is based on the Firewalla tutorial and has been tested on 1.974.

• Pi-hole runs fine on Purple or Gold.
• Firewalla uses pi-hole v5.1.2 in their example. I have switched it to "latest" because that is a bit dated now.
• The Pi-hole password will be, firewalla.

To install:

1. SSH into your Firewalla (learn how if you don't know how already.)

2. If you want regular pi-hole with the version Firewalla recommends, copy the line below and paste into the Firewalla shell and then hit enter.

curl -s -L -C- https://raw.githubusercontent.com/mbierman/pihole-installer-for-Firewalla/main/pihole_docker_install.sh | cat <(cat <(bash))

If you want pi-hole with the latest pihole image, copy the line below instead and paste into the Firewalla shell and then hit enter.

curl -s -L -C- https://raw.githubusercontent.com/mbierman/pihole-installer-for-Firewalla/main/pihole_docker_install.sh | cat <(cat <(bash -s -- latest))

If you want pi-hole with DoH, copy the line below instead and paste into the Firewalla shell and then hit enter.

curl -s -L -C- https://raw.githubusercontent.com/mbierman/pihole-installer-for-Firewalla/main/pihole_docker_install.sh | cat <(cat <(bash -s -- doh))

3. Now go to the network settings on Firewalla App, assign 172.16.0.2 as the primary DNS server for all networks that you want to enable Pi-Hole and disable DoH or Unbound on these networks.

   1. Tap on Network Manager.
   2. Tap on the Top right edit button.
   3. Tap on each LAN or VLAN segment you want to use pi-hole on.
   4. Scroll down and change the primary DNS to 172.16.0.2. Leave the secondary DNS empty.

1. After completing the steps above, you should be able to see DNS requests coming up in the pi-hole management console 172.16.0.2/admin.
2. Try to block something obvious in pi-hole like facebook.com and try to reach it you should be blocked.
3. If you go to browserleaks.com/dns you should see the upstream DNS servers you set in pi-hole if you are using unencrypted DNS.

Standard disclaimer: I can not be responsible for any issues that may result. Nothing in the script should in any way, affect firewalla as a router or comprimise security. Happy to answer questions though if I can. :)

You can run this by copying this line and run it on firewalla to uninstall.

curl -s -L -C- https://raw.githubusercontent.com/mbierman/pihole-installer-for-Firewalla/main/uninstall_pihole.sh | cat <(cat <(bash))

There are lots of pihole communities on Reddit. If you have pi-hole questions, please check there.