From 0fde38176e0f8cbf1030478728405c4398847795 Mon Sep 17 00:00:00 2001
From: Eric Warnke <ericew@gmail.com>
Date: Tue, 25 Oct 2016 15:49:57 -0400
Subject: [PATCH] More cleanup for rpm based systems including dependacies and
 remove iptables firewall since it won't stay between reboots

---
 automated install/basic-install.sh | 51 ++++++++++++++----------------
 1 file changed, 23 insertions(+), 28 deletions(-)

diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh
index 020b47ef..149bb37a 100755
--- a/automated install/basic-install.sh	
+++ b/automated install/basic-install.sh	
@@ -71,10 +71,6 @@ fi
 
 if [ -x "$(command -v apt-get)" ]; then
 	#Debian Family
-	#Decide if php should be `php5` or just `php` (Fixes issues with Ubuntu 16.04 LTS)
-	phpVer="php5"
-	apt-get install --dry-run php5 > /dev/null 2>&1 || phpVer="php"
-	#############################################
 	PKG_MANAGER="apt-get"
 	PKG_CACHE="/var/lib/apt/lists/"
 	UPDATE_PKG_CACHE="${PKG_MANAGER} update"
@@ -82,8 +78,13 @@ if [ -x "$(command -v apt-get)" ]; then
 	PKG_INSTALL="${PKG_MANAGER} --yes --fix-missing install"
 	# grep -c will return 1 retVal on 0 matches, block this throwing the set -e with an OR TRUE
 	PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
+	# #########################################
+	# fixes for dependancy differences 
 	# Debian 7 doesn't have iproute2 use iproute
-	${PKG_MANAGER} install --dry-run iproute2 > /dev/null 2>&1 && IPROUTE_PKG='iproute2' || IPROUTE_PKG='iproute'
+	${PKG_MANAGER} install --dry-run iproute2 > /dev/null 2>&1 && IPROUTE_PKG="iproute2" || IPROUTE_PKG="iproute"
+	# Ubuntu 16.04 LTS php / php5 fix
+	${PKG_MANAGER} install --dry-run php5 > /dev/null 2>&1 && phpVer="php5" || phpVer="php"
+	# #########################################
 	INSTALLER_DEPS=( apt-utils whiptail git dhcpcd5)
 	PIHOLE_DEPS=( dnsutils bc dnsmasq lighttpd ${phpVer}-common ${phpVer}-cgi curl unzip wget sudo netcat cron ${IPROUTE_PKG} )
 	LIGHTTPD_USER="www-data"
@@ -95,35 +96,30 @@ if [ -x "$(command -v apt-get)" ]; then
 	}
 elif [ -x "$(command -v rpm)" ]; then
 	# Fedora Family
-	if [ -x "$(command -v dnf)" ]; then
-		PKG_MANAGER="dnf"
-	else
-		PKG_MANAGER="yum"
-	fi
+
+	(command -v dnf >/dev/null ) && PKG_MANAGER="dnf" || PKG_MANAGER="yum"
+	(grep -q "Fedora" /etc/redhat-release ) && ISFEDORA=1
+	(grep -q -i "release 6." /etc/redhat-release ) && ISREL6=1
 	PKG_CACHE="/var/cache/${PKG_MANAGER}"
 	UPDATE_PKG_CACHE="${PKG_MANAGER} check-update"
 	PKG_UPDATE="${PKG_MANAGER} update -y"
 	PKG_INSTALL="${PKG_MANAGER} install -y"
 	PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l"
+	# We only need epel if we are not Fedora 
+	[ ${ISFEDORA} ] || EPEL_PKG="epel-release"
 	${PKG_MANAGER} list procps-ng &> /dev/null && PROCPS_PKG="procps-ng" || PROCPS_PKG="procps"
-	${PKG_MANAGER} list nmap-ncat &> /dev/null && NCAT_PKG="nmap-ncat" || NCAT_PKG="nmap"
+	${PKG_MANAGER} list nmap-ncat &> /dev/null && NCAT_PKG="nmap-ncat" || NCAT_PKG="nc"
 	INSTALLER_DEPS=( iproute net-tools $PROCPS_PKG newt git )
-	PIHOLE_DEPS=( epel-release bind-utils bc dnsmasq lighttpd lighttpd-fastcgi php-common php-cli php curl unzip wget findutils cronie sudo $NCAT_PKG )
-	if grep -q 'Fedora' /etc/redhat-release; then
-		remove_deps=(epel-release);
-		PIHOLE_DEPS=( ${PIHOLE_DEPS[@]/$remove_deps} );
-	fi
+	PIHOLE_DEPS=( ${EPEL_PKG} bind-utils lsof bc dnsmasq lighttpd lighttpd-fastcgi php-common php-cli php curl unzip wget findutils cronie sudo $NCAT_PKG )
 	LIGHTTPD_USER="lighttpd"
 	LIGHTTPD_GROUP="lighttpd"
 	LIGHTTPD_CFG="lighttpd.conf.fedora"
 	DNSMASQ_USER="nobody"
 	package_check_install() {
-		rpm -qa | grep ^"${1}"- > /dev/null || ${PKG_INSTALL} "${1}"
+		${PKG_INSTALL} "${1}"
 	}
 	# v6 variants php is too old, install repo for php7.1
-	if grep -q -i "release 6." /etc/redhat-release; then
-		echo "::: running CentOS/RHEL 6.X, admin interface is broken"
-	fi
+	[ ${ISREL6} ] && echo "::: WARNING running CentOS/RHEL 6.X, admin interface is broken"
 else
 	echo "OS distribution not supported"
 	exit
@@ -781,14 +777,13 @@ configureFirewall() {
 	if [ -x "$(command -v firewall-cmd)" ]; then
 		firewall-cmd --state &> /dev/null && ( echo "::: Configuring firewalld for httpd and dnsmasq.." && firewall-cmd --permanent --add-port=80/tcp && firewall-cmd --permanent --add-port=53/tcp \
 		&& firewall-cmd --permanent --add-port=53/udp && firewall-cmd --reload) || echo "::: FirewallD not enabled"
-	elif [ -x "$(command -v iptables)" ]; then
-		echo "::: Configuring iptables for httpd and dnsmasq.."
-		iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-		iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-		iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
-	else
-		echo "::: No firewall detected.. skipping firewall configuration."
-	fi
+		return
+	if [ "$(command -v iptable)" ]; then
+		iptables_out=$(iptables -L -n || :)
+		(cat $iptables_out | grep -i DENY || cat $iptables_out | grep -i DROP || echo "::: IPTables firewall does not seem to be active" && return )
+		echo "::: IPTables firewall active, please make sure ports 53/udp, 53/tcp, and 80/tcp are open"
+		return
+	echo "::: No firewall detected.. skipping firewall configuration."
 }
 
 finalExports() {