AdGuard Home
AdGuard Home
Section titled “AdGuard Home”AdGuard Home is a network-wide DNS-based ad and tracker blocker. Running it as a container on RouterOS allows you to apply filtering for all devices on your network without a dedicated server.
AdGuard Home images are available for ARM32, ARM64, and AMD64 architectures. Recommended minimum requirements are 256 MB RAM and 512 MB available storage for the container image and data.
Prerequisites
Section titled “Prerequisites”- RouterOS v7.4 or later
containerpackage installed- External storage device (USB, SATA, or NVMe recommended)
- Device mode with container support enabled
Container Mode
Section titled “Container Mode”Enable container support in device mode and reboot:
/system/device-mode/update container=yesAfter executing this command, confirm by pressing the reset button (or cold-rebooting x86 devices). The router must restart before container functionality is available.
Networking Configuration
Section titled “Networking Configuration”Create a dedicated bridge and veth interface for the AdGuard Home container:
/interface/bridge/add name=containers/ip/address/add address=172.17.0.1/24 interface=containers/interface/veth/add name=veth-adg address=172.17.0.2/24 gateway=172.17.0.1/interface/bridge/port/add bridge=containers interface=veth-adg/ip/firewall/nat/add chain=srcnat src-address=172.17.0.0/24 action=masqueradePort Forwarding
Section titled “Port Forwarding”Expose the AdGuard Home web interface and DNS service to your LAN:
# Initial setup UI (port 3000)/ip/firewall/nat/add chain=dstnat in-interface-list=LAN protocol=tcp dst-port=3000 action=dst-nat to-addresses=172.17.0.2 to-ports=3000
# DNS (port 53, TCP and UDP)/ip/firewall/nat/add chain=dstnat in-interface-list=LAN protocol=tcp dst-port=53 action=dst-nat to-addresses=172.17.0.2 to-ports=53/ip/firewall/nat/add chain=dstnat in-interface-list=LAN protocol=udp dst-port=53 action=dst-nat to-addresses=172.17.0.2 to-ports=53
# Web UI after initial setup (port 80)/ip/firewall/nat/add chain=dstnat in-interface-list=LAN protocol=tcp dst-port=80 action=dst-nat to-addresses=172.17.0.2 to-ports=80If your firewall forward chain default policy is drop, add explicit accept rules:
/ip/firewall/filter/add chain=forward dst-address=172.17.0.2 protocol=tcp dst-port=3000,53,80 action=accept place-before=0/ip/firewall/filter/add chain=forward dst-address=172.17.0.2 protocol=udp dst-port=53 action=accept place-before=0Storage and Environment
Section titled “Storage and Environment”Create persistent storage directories for AdGuard Home configuration and working data:
/file/add name=disk1/adguardhome/work type=directory/file/add name=disk1/adguardhome/conf type=directoryRegister the mounts:
/container/mounts/add name=adg-work src=disk1/adguardhome/work dst=/opt/adguardhome/work/container/mounts/add name=adg-conf src=disk1/adguardhome/conf dst=/opt/adguardhome/confSet the timezone environment variable (adjust to your region):
/container/envs/add list=adg-env key=TZ value=UTCPulling the Image
Section titled “Pulling the Image”Configure the registry and create the container:
/container/config/set registry-url=https://registry-1.docker.io tmpdir=disk1/tmp/container/add remote-image=adguard/adguardhome:latest interface=veth-adg root-dir=disk1/adguardhome/root mounts=adg-work,adg-conf envlist=adg-env logging=yes start-on-boot=yesMonitor image extraction:
/container/printWait until status=stopped before starting the container.
Starting the Container
Section titled “Starting the Container”/container/start 0Verify the container is running:
/container/printThe status should change to status=running within a few seconds.
Initial Setup
Section titled “Initial Setup”Open a browser and navigate to http://<router-LAN-IP>:3000 to complete the AdGuard Home first-run wizard. During setup:
- Configure the admin interface to listen on port 80 (or another preferred port).
- Set the DNS server to listen on port 53.
- Create an admin username and password.
After completing setup, the web interface moves to port 80 and the initial setup wizard on port 3000 is no longer active.
To use AdGuard Home as the DNS server for your LAN, update your DHCP server to hand out the container’s router-side IP as the DNS address:
/ip/dhcp-server/network/set [find] dns-server=192.168.88.1AdGuard Home intercepts port 53 on 172.17.0.2, which the router forwards via the NAT rule above.
Resource Usage
Section titled “Resource Usage”AdGuard Home is lightweight. Typical resource consumption:
| Resource | Typical Usage |
|---|---|
| RAM | 50–100 MB |
| CPU | < 5% at idle |
| Storage | ~100 MB image + query log data |
Container logs are accessible via:
/log print where topics~"container"Verification
Section titled “Verification”Tested on staging-router-02, RouterOS 7.15.3 (stable), CHR. staging-router-01 was offline at time of validation.
Container package availability — The container package is a separate extra package and must be installed before any /container/* commands are available. A base RouterOS install returns syntax error for container commands.
Networking commands — All bridge, veth, IP address, bridge port, and NAT masquerade commands validated successfully:
[admin@staging-router-02] > /interface/veth/add name=veth-adg address=172.17.0.2/24 gateway=172.17.0.1[admin@staging-router-02] > /interface/veth/printFlags: X - disabled; R - running 0 R name="veth-adg" address=172.17.0.2/24 gateway=172.17.0.1 gateway6=""Storage directories — The /file/make-dir command does not exist in RouterOS 7.15.3. Use /file/add name=... type=directory instead (corrected above).
Container-specific commands — /container/*, /container/mounts/*, /container/envs/*, and /container/config/* require the container extra package to be installed. Enable container mode and install the package as described in Prerequisites before running these commands.