From 3e5c6afaee2755503ce1e7124d0413e44f496e6c Mon Sep 17 00:00:00 2001 From: Gusher123 <31935813+Gusher123@users.noreply.github.com> Date: Sat, 11 Aug 2018 14:33:33 +0200 Subject: [PATCH 1/8] Don't let one blocklist, block an other If a blocklist is blocked by an other and 'pihole -g' is run, update the blocked blocklist by useing an alternate dns server (in this case 1.1.1.1) to acquire the IP adres and download the blocklist using the 'curl --resolve' (https://curl.haxx.se/docs/manpage.html#--resolve) --- gravity.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/gravity.sh b/gravity.sh index 50c37784..a9136990 100755 --- a/gravity.sh +++ b/gravity.sh @@ -217,6 +217,17 @@ gravity_DownloadBlocklistFromUrl() { str="Status:" echo -ne " ${INFO} ${str} Pending..." # shellcheck disable=SC2086 + if [ `dig $domain +short | grep 0.0.0.0 -c` -ge 1 ]; then + ip=`dig @1.1.1.1 +short $domain` + if [ `echo $url | awk -F '://' '{print $1}'` = "https" ]; then + port=443; + else + port=80 + fi + echo -e "${OVER} ${CROSS} ${str} ${domain} is currently blocked by pi-hole. Circumventing pi-hole and trying again"; + echo -ne " ${INFO} ${str} Pending..." + cmd_ext="--resolve $domain:$port:$ip $cmd_ext" + fi httpCode=$(curl -s -L ${cmd_ext} ${heisenbergCompensator} -w "%{http_code}" -A "${agent}" "${url}" -o "${patternBuffer}" 2> /dev/null) case $url in From e58142b4ac8d8120ede147d09f85c0e807bc692c Mon Sep 17 00:00:00 2001 From: Gusher123 <31935813+Gusher123@users.noreply.github.com> Date: Sat, 11 Aug 2018 15:14:45 +0200 Subject: [PATCH 2/8] Added comments --- gravity.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index a9136990..6338f1dc 100755 --- a/gravity.sh +++ b/gravity.sh @@ -216,18 +216,23 @@ gravity_DownloadBlocklistFromUrl() { str="Status:" echo -ne " ${INFO} ${str} Pending..." - # shellcheck disable=SC2086 + # Determine if the domain is blocked by Pi-hole if [ `dig $domain +short | grep 0.0.0.0 -c` -ge 1 ]; then + # If the domain is blocked by Pi-hole, use an alternate dns server to lookup the ip adres ip=`dig @1.1.1.1 +short $domain` + # Determine the port to be used by curl. If "https://" is not present, port 80 is asumed if [ `echo $url | awk -F '://' '{print $1}'` = "https" ]; then port=443; else port=80 fi + # Print some extra info echo -e "${OVER} ${CROSS} ${str} ${domain} is currently blocked by pi-hole. Circumventing pi-hole and trying again"; echo -ne " ${INFO} ${str} Pending..." + # Add extra options to $cmd_ext cmd_ext="--resolve $domain:$port:$ip $cmd_ext" fi + # shellcheck disable=SC2086 httpCode=$(curl -s -L ${cmd_ext} ${heisenbergCompensator} -w "%{http_code}" -A "${agent}" "${url}" -o "${patternBuffer}" 2> /dev/null) case $url in From 926b25fd54bf96b08165a912ee25036a3c920241 Mon Sep 17 00:00:00 2001 From: Gusher123 <31935813+Gusher123@users.noreply.github.com> Date: Sun, 12 Aug 2018 01:15:42 +0200 Subject: [PATCH 3/8] Not hardcoding dns and covering all blockingmodes --- gravity.sh | 44 +++++++++++++++++++++++++++++++++----------- 1 file changed, 33 insertions(+), 11 deletions(-) diff --git a/gravity.sh b/gravity.sh index 6338f1dc..03df870b 100755 --- a/gravity.sh +++ b/gravity.sh @@ -68,6 +68,17 @@ else exit 1 fi +# Source pihole-FTL from install script +pihole_FTL="${piholeDir}/pihole-FTL.conf" +if [[ -f "${pihole_FTL}" ]]; then + source "${pihole_FTL}" + if [[ -z "${BLOCKINGMODE}" ]] ; then + BLOCKINGMODE="Default (NULL)" + fi +else + BLOCKINGMODE="Default (NULL)" +fi + # Determine if superseded pihole.conf exists if [[ -r "${piholeDir}/pihole.conf" ]]; then echo -e " ${COL_LIGHT_RED}Ignoring overrides specified within pihole.conf! ${COL_NC}" @@ -216,20 +227,31 @@ gravity_DownloadBlocklistFromUrl() { str="Status:" echo -ne " ${INFO} ${str} Pending..." - # Determine if the domain is blocked by Pi-hole - if [ `dig $domain +short | grep 0.0.0.0 -c` -ge 1 ]; then - # If the domain is blocked by Pi-hole, use an alternate dns server to lookup the ip adres - ip=`dig @1.1.1.1 +short $domain` - # Determine the port to be used by curl. If "https://" is not present, port 80 is asumed - if [ `echo $url | awk -F '://' '{print $1}'` = "https" ]; then + blocked=false + case $BLOCKINGMODE in + "IP-NODATA-AAAA"|"IP") + if [ $(dig "${domain}" +short | grep "${IPV4_ADDRESS}" -c) -ge 1 ]; then + blocked=true + fi;; + "NXDOMAIN") + if [ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]; then + blocked=true + fi;; + "NULL"|"Default (NULL)"|*) + if [ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]; then + blocked=true + fi;; + esac + + if [ "${blocked}" = true ]; then + ip=$(dig "@${CONDITIONAL_FORWARDING_IP}" +short "${domain}") + if [ $(echo "${url}" | awk -F '://' '{print $1}') = "https" ]; then port=443; - else - port=80 + else port=80 fi - # Print some extra info - echo -e "${OVER} ${CROSS} ${str} ${domain} is currently blocked by pi-hole. Circumventing pi-hole and trying again"; + bad_list=$(pihole -q -adlist hosts-file.net | head -n1 | awk -F 'Match found in ' '{print $2}') + echo -e "${OVER} ${CROSS} ${str} ${domain} is blocked by ${bad_list%:} on Pi-hole. Using DNS on ${CONDITIONAL_FORWARDING_IP} to download ${url}"; echo -ne " ${INFO} ${str} Pending..." - # Add extra options to $cmd_ext cmd_ext="--resolve $domain:$port:$ip $cmd_ext" fi # shellcheck disable=SC2086 From 1c6c35f86161cee290f4ce8b67605feb6294456d Mon Sep 17 00:00:00 2001 From: Gusher123 <31935813+Gusher123@users.noreply.github.com> Date: Sun, 12 Aug 2018 01:50:23 +0200 Subject: [PATCH 4/8] Using double brackets --- gravity.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gravity.sh b/gravity.sh index 03df870b..433e85b0 100755 --- a/gravity.sh +++ b/gravity.sh @@ -230,15 +230,15 @@ gravity_DownloadBlocklistFromUrl() { blocked=false case $BLOCKINGMODE in "IP-NODATA-AAAA"|"IP") - if [ $(dig "${domain}" +short | grep "${IPV4_ADDRESS}" -c) -ge 1 ]; then + if [[ $(dig "${domain}" +short | grep "${IPV4_ADDRESS}" -c) -ge 1 ]]; then blocked=true fi;; "NXDOMAIN") - if [ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]; then + if [[ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]]; then blocked=true fi;; "NULL"|"Default (NULL)"|*) - if [ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]; then + if [[ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]]; then blocked=true fi;; esac From fe46dee19435e23154d04309b4fc1c6316920f09 Mon Sep 17 00:00:00 2001 From: Gusher123 <31935813+Gusher123@users.noreply.github.com> Date: Sun, 12 Aug 2018 02:06:32 +0200 Subject: [PATCH 5/8] Mode double brackets --- gravity.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gravity.sh b/gravity.sh index 433e85b0..2bd8d371 100755 --- a/gravity.sh +++ b/gravity.sh @@ -243,9 +243,9 @@ gravity_DownloadBlocklistFromUrl() { fi;; esac - if [ "${blocked}" = true ]; then + if [[ "${blocked}" = true ]]; then ip=$(dig "@${CONDITIONAL_FORWARDING_IP}" +short "${domain}") - if [ $(echo "${url}" | awk -F '://' '{print $1}') = "https" ]; then + if [[ $(echo "${url}" | awk -F '://' '{print $1}') = "https" ]]; then port=443; else port=80 fi From 03a9d3bc5b5edb033aeed62bf46fb66e44e52e9b Mon Sep 17 00:00:00 2001 From: Gusher123 <31935813+Gusher123@users.noreply.github.com> Date: Sun, 12 Aug 2018 01:15:42 +0200 Subject: [PATCH 6/8] Not hardcoding dns and covering all blockingmodes Using double brackets Mode double brackets --- gravity.sh | 44 +++++++++++++++++++++++++++++++++----------- 1 file changed, 33 insertions(+), 11 deletions(-) diff --git a/gravity.sh b/gravity.sh index 6338f1dc..2bd8d371 100755 --- a/gravity.sh +++ b/gravity.sh @@ -68,6 +68,17 @@ else exit 1 fi +# Source pihole-FTL from install script +pihole_FTL="${piholeDir}/pihole-FTL.conf" +if [[ -f "${pihole_FTL}" ]]; then + source "${pihole_FTL}" + if [[ -z "${BLOCKINGMODE}" ]] ; then + BLOCKINGMODE="Default (NULL)" + fi +else + BLOCKINGMODE="Default (NULL)" +fi + # Determine if superseded pihole.conf exists if [[ -r "${piholeDir}/pihole.conf" ]]; then echo -e " ${COL_LIGHT_RED}Ignoring overrides specified within pihole.conf! ${COL_NC}" @@ -216,20 +227,31 @@ gravity_DownloadBlocklistFromUrl() { str="Status:" echo -ne " ${INFO} ${str} Pending..." - # Determine if the domain is blocked by Pi-hole - if [ `dig $domain +short | grep 0.0.0.0 -c` -ge 1 ]; then - # If the domain is blocked by Pi-hole, use an alternate dns server to lookup the ip adres - ip=`dig @1.1.1.1 +short $domain` - # Determine the port to be used by curl. If "https://" is not present, port 80 is asumed - if [ `echo $url | awk -F '://' '{print $1}'` = "https" ]; then + blocked=false + case $BLOCKINGMODE in + "IP-NODATA-AAAA"|"IP") + if [[ $(dig "${domain}" +short | grep "${IPV4_ADDRESS}" -c) -ge 1 ]]; then + blocked=true + fi;; + "NXDOMAIN") + if [[ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]]; then + blocked=true + fi;; + "NULL"|"Default (NULL)"|*) + if [[ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]]; then + blocked=true + fi;; + esac + + if [[ "${blocked}" = true ]]; then + ip=$(dig "@${CONDITIONAL_FORWARDING_IP}" +short "${domain}") + if [[ $(echo "${url}" | awk -F '://' '{print $1}') = "https" ]]; then port=443; - else - port=80 + else port=80 fi - # Print some extra info - echo -e "${OVER} ${CROSS} ${str} ${domain} is currently blocked by pi-hole. Circumventing pi-hole and trying again"; + bad_list=$(pihole -q -adlist hosts-file.net | head -n1 | awk -F 'Match found in ' '{print $2}') + echo -e "${OVER} ${CROSS} ${str} ${domain} is blocked by ${bad_list%:} on Pi-hole. Using DNS on ${CONDITIONAL_FORWARDING_IP} to download ${url}"; echo -ne " ${INFO} ${str} Pending..." - # Add extra options to $cmd_ext cmd_ext="--resolve $domain:$port:$ip $cmd_ext" fi # shellcheck disable=SC2086 From 2feb5f22cc3ac17b494da95c6808b3b3083e91d9 Mon Sep 17 00:00:00 2001 From: Gusher123 <31935813+Gusher123@users.noreply.github.com> Date: Sun, 12 Aug 2018 10:05:58 +0200 Subject: [PATCH 7/8] Signed-off-by This is my commit message Signed-off-by: Gusher123 --- gravity.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gravity.sh b/gravity.sh index 2bd8d371..e5152fe5 100755 --- a/gravity.sh +++ b/gravity.sh @@ -243,7 +243,7 @@ gravity_DownloadBlocklistFromUrl() { fi;; esac - if [[ "${blocked}" = true ]]; then + if [[ "${blocked}" == true ]]; then ip=$(dig "@${CONDITIONAL_FORWARDING_IP}" +short "${domain}") if [[ $(echo "${url}" | awk -F '://' '{print $1}') = "https" ]]; then port=443; From 0131055ec9856b16a9a145d01710dbd1cb2fc743 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 30 Sep 2018 20:00:06 +0100 Subject: [PATCH 8/8] Submission stale, addressing @mcat12's comments Signed-off-by: Adam Warner --- gravity.sh | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/gravity.sh b/gravity.sh index e5152fe5..3468110d 100755 --- a/gravity.sh +++ b/gravity.sh @@ -72,11 +72,10 @@ fi pihole_FTL="${piholeDir}/pihole-FTL.conf" if [[ -f "${pihole_FTL}" ]]; then source "${pihole_FTL}" - if [[ -z "${BLOCKINGMODE}" ]] ; then - BLOCKINGMODE="Default (NULL)" - fi -else - BLOCKINGMODE="Default (NULL)" +fi + +if [[ -z "${BLOCKINGMODE}" ]] ; then + BLOCKINGMODE="NULL" fi # Determine if superseded pihole.conf exists @@ -237,20 +236,20 @@ gravity_DownloadBlocklistFromUrl() { if [[ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]]; then blocked=true fi;; - "NULL"|"Default (NULL)"|*) + "NULL"|*) if [[ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]]; then blocked=true fi;; esac - if [[ "${blocked}" == true ]]; then - ip=$(dig "@${CONDITIONAL_FORWARDING_IP}" +short "${domain}") + if [[ "${blocked}" == true ]]; then + ip=$(dig "@${PIHOLE_DNS_1}" +short "${domain}") if [[ $(echo "${url}" | awk -F '://' '{print $1}') = "https" ]]; then port=443; else port=80 fi bad_list=$(pihole -q -adlist hosts-file.net | head -n1 | awk -F 'Match found in ' '{print $2}') - echo -e "${OVER} ${CROSS} ${str} ${domain} is blocked by ${bad_list%:} on Pi-hole. Using DNS on ${CONDITIONAL_FORWARDING_IP} to download ${url}"; + echo -e "${OVER} ${CROSS} ${str} ${domain} is blocked by ${bad_list%:}. Using DNS on ${PIHOLE_DNS_1} to download ${url}"; echo -ne " ${INFO} ${str} Pending..." cmd_ext="--resolve $domain:$port:$ip $cmd_ext" fi