From 04fd296ffe8ea2411dc158c3a6f12cd6f48cc1be Mon Sep 17 00:00:00 2001
From: DL6ER <dl6er@dl6er.de>
Date: Tue, 1 Jan 2019 17:13:43 +0100
Subject: [PATCH] Add wpad vulnerability fix as suggested by
 dnsmasq.conf.example

Signed-off-by: DL6ER <dl6er@dl6er.de>
---
 advanced/01-pihole.conf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/advanced/01-pihole.conf b/advanced/01-pihole.conf
index 3f4e4bc5..af46e918 100644
--- a/advanced/01-pihole.conf
+++ b/advanced/01-pihole.conf
@@ -46,3 +46,8 @@ log-facility=/var/log/pihole.log
 local-ttl=2
 
 log-async
+
+# If a DHCP client claims that its name is "wpad", ignore that.
+# This fixes a security hole. see CERT Vulnerability VU#598349
+dhcp-name-match=set:wpad-ignore,wpad
+dhcp-ignore-names=tag:wpad-ignore