eseiker/Cloudflare-Gateway-Pihole

Make ad blocking dns using Cloudflare Gateway Zero Trust

English | Việt Nam

Pihole styled, but using Cloudflare Gateway

For Devs, Ops, and everyone who hates Ads.

Create your ad blocklist using Cloudflare Gateway

Credit goes there.

---

First inspired by IanDesuyo/CloudflareGatewayAdBlock.

Thanks alot to @nhubaotruong for his contributions.

Readme by @minlaxz.

Added dynamic domain filter (whitelist and blacklist) idea (please check ini files, as you may also need to modify those.)

Supported styles

---

• White list whitelist.ini and block list adlist.ini
• Two kinds of lists

https://raw.githubusercontent.com/bigdargon/hostsVN/master/option/hosts-VN

or

[Hosts-Urls]
hostsVN = https://raw.githubusercontent.com/bigdargon/hostsVN/master/option/hosts-VN

How to set this up?

---

1. Fork this repository to your account.

2. Grab your Cloudflare Account ID (which after https://dash.cloudflare.com/) from ➞ https://dash.cloudflare.com/?to=/:account/workers

3. Create your API Token from ➞ https://dash.cloudflare.com/profile/api-tokens with 3 permissions

   1. Account.Zero Trust : Edit
   2. Account.Account Firewall Access Rules : Edit
   3. Account.Access: Apps and Policies : Edit

4. Add Repository Secrets to your forked repository ➞ https://github.com/<username>/<forked-repository>/settings/secrets/actions

   1. Set Cloudflare Account ID to CF_IDENTIFIER
   2. Set API Token to CF_API_TOKEN

Note

---

Github Actions: it has 2 dependent backup workflows re-run and re-run2 in case if the main workflow fails,

They will retry after 5 minutes one after another only if the main workflow has been failed (not cancelled - if you cancelled the main workflow manually, they will not be triggered anyway).

How to set up using Termux?

---

• Download the GOAT Termux

• Here're commands need to be run one after another to setup python

if you know how to do, you can skip this step.

pkg upgrade
pkg install python-pip
pkg install git
# Clone your forked repo. #

• Command to upload (update) your DNS list.

python -m src

You may also check this out termux-change-repo in case if you run into trouble setting things up.

Note

---

• The limit of Cloudflare Gateway Zero Trust free is 300k domains so remember to pay attention to the workflow logs, if it is exceeded, the script will stop

• If you have uploaded lists using another script, you should delete them using the delete feature of the uploaded script or delete them manually

• I have updated the feature to delete lists when you no longer need to use the script. Go to main.py as follows:

async def main():
    adlist_urls = read_urls_from_file("adlist.ini")
    whitelist_urls = read_urls_from_file("whitelist.ini")
    adlist_name = "DNS-Filters"
    app = App(adlist_name, adlist_urls, whitelist_urls)
    await app.delete()  # Leave script
    # await app.run()

Note from @minlaxz:

1. Domain list style: I personally preferred second one in blacklist styles, which has more readablity and concise.
2. Dynamic domain list: You can also update your dynamic (fluid) whitelist and blacklist using dynamic_blacklist.txt and dynamic_whitelist.txt
3. Deprected using .env : Setting sensitive information inside a public repository is considered too dangerous use-case, since any unwanted person could easily steal your Cloudflare credentials from that .env file.

🥂🥂 Cheers! 🍻🍻