With a very minor code change, individuals can now implement restrictions on dangers, disturbing, or otherwise adult oriented content without the need for managed restrictions.
This is a fairly non-invasive change and will benefit users who intend to use VPN for home or small business uses where access to such material may be undesirable.
- Some formatting tweaks to the `start_service` `stop_`service` `disable_service` and `enable_service` commands
Signed-off-by: Adam Warner <adamw@rner.email>
- Check if downloaded binary file can resolve queries, if so stop and disable dnsmasq
- Add service_disable function
- Add dependency libcap2-bin on debian to enable setcap. Need to check other distos
-Always download FTL binary if /etc/pihole/ftlbranch does not contain "master"
- Change some strings/variables that reference dnsmasq and change them to pihole/pihole-FTL
Signed-off-by: Adam Warner <adamw@rner.email>
Do not expect CIDR format IP addresses in /etc/sysconfig/network-scripts/ifcfg-* files as it is not a requirement.
Expect only:
IPADDR=10.10.10.10
Do not expect:
IPADDR=10.10.10.10/24
* Print newline on error message
* Output last three lines of error if update fails
* Consistent error messages & housekeeping
* Add shellcheck directive to ignore COL_TABLE
* Quoted and braced variables for codebase consistency
* Escaped newlines correctly
* Made error messages consistent (indenting and wording)
* Removed consecutive echos
* Conditional formatting consistency
* Braced, quoted and used [[ on conditionals
* Fix specific ShellCheck issues
* Fixed issues that could be safely changed without extensive testing
* Update SELinux whiptail behaviour & more
* Colourised some strings
* Fixed multiple line string indenting
* Made output consistent with existing codebase
* Removed sequential echos
* Make SELinux whiptail use "--defaultno", and change text wording
* Add help text for hostrecord, and colourise output
* this should fix the tests...
Signed-off-by: Adam Warner <adamw@rner.email>
* revert changes to `update_package_cache()` to prove tests
Signed-off-by: Adam Warner <adamw@rner.email>
* Always process DNS and DHCP settings in installer
* Make sure dnsmasq config exists before modifying it
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
* Make sure the dnsmasq config directory exists
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
* Only remove the DHCP config if it exists (fixes tests, hopefully)
Signed-off-by: Mcat12 <newtoncat12@yahoo.com>
* Always process DNS and DHCP settings in installer
* change where finalExports is called and where LIGHTTPD_ENABLED is set.
Signed-off-by: Adam Warner <adamw@rner.email>
* this may or may not work. If it does, can be functionised to reduce code duping
Signed-off-by: Adam Warner <adamw@rner.email>
* This will fix the tests, but break the patch
Signed-off-by: Adam Warner <adamw@rner.email>
* Do not activate disabled lighttpd upon update
* Fixes#1362
* Use systemctl when available
* Move `finalexports` to the very end of the install script
set value of LIGHTTPD_ENABLED to 1 or 0 depending on whether or not lighttpd is enabled or disabled.
actually save LIGHTTPD_ENABLED value to setupvars.conf
Signed-off-by: Adam Warner <adamw@rner.email>
* add [[ -z "${LIGHTTPD_ENABLED}" ]] back in!
Signed-off-by: Adam Warner <adamw@rner.email>
* Ensure "Loaded:" is the line being checked
* Colourise disabled lighttpd message
* Prevent disabled lighttpd triggering error
* change of plan, don't need that [[ -z "${LIGHTTPD_ENABLED}" ]]
Signed-off-by: Adam Warner <adamw@rner.email>
This will probably break some tests. I'll work that out in a bit
Signed-off-by: Adam Warner <adamw@rner.email>
Signed-off-by: Adam Warner <adamw@rner.email>
* Define colours within COL_TABLE
* Do not output colours for non-terminal instances
* Removed ":::"
* Fixed indenting & spacing
* Made output consistent throughout project
* Reworded text to fit on standard 80 char wide Terminal screen
* Made 'sudo raspi-config' warning (insufficient disk space) only show on RPi
* Make "Installation/Update Complete" the final msg
* Remove redundant messages
* Simplify update available message
* Confirm user would like to begin uninstall
* If "git pull" string says "Already up-to-date.", place [i] before it
* Colour Temp/Interface output
* Made `pihole disable 5z` invalid
* Added error fallback if invalid argument (not s/m) is detected
* Quoted "$2" for consistency
* Updated help text
* L185/286: Replaced echo with redirect
* User agents for adblock.mahakala.is/adaway.org unnecessary
* Print newline on confirmation of repository reset
* Add output to admin-related dnsmasq restarts
* Return error message for "pihole -q"
* Imply default checkout behaviour with y/N
* Fix uninstall failing to remove pihole user
* Print checkout 'git remote show origin' STDERR on new line
* Replaced checkout "AdminLTE" wording with "Web Admin"
* Fix handling of wildcard help text
* Rewrite help text for better handling of params
* Replace misleading letter variable
* stash changes on branch switch, else it fails if any changes have been made.
* Make changes according to comment in #1384
* Update queryFunc()
* Allow scanList() to search files using a wildcard by removing quotes wrapped around `${list}`
* scanList() will not provide a domain ouput on each string if exact is specified (`grep -l`)
* Remove unused processWildcards() function
* Return a message if no domain is specified
* IDN domains are converted to punycode when running a `pihole -q` search if the `python` package is available, otherwise will revert to current behaviour
* Scan Blacklist & Wildcards first, exiting from search if a match is found (Fixes#1330)
* Use one `grep` subshell to search for all "*.domains" lists at once (opposed to looping to get every matching file name, and then spawning a `grep` instance for every matching file)
* queryFunc() will not return "(0 results)" output from files where no match is found
* Sort results based off list number
* Return a message if no results are found
* Update basic-install.sh
* Update block page. Allow for setupVars setting of CUSTOMBLOCKPAGE (bool) to prevent it being overwritten
* simplify
* further simplify
* fix inteliJ IDEA complaints
* even further simplify
* tidy up output
* revert line, looks tidyer
* clarify
* Revert "Ensure any changes to blocking page are updated."
* We test for dpkg lock on line 830 directly, no need for the check also
in the template section.
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
* Display FTL version & version.sh rewrite
While testing to make sure `pihole -v` would output `pihole-FTL version`, I noticed some options didn't work how I expected them to. For example, if I use `pihole -v -p`, I would expect to see the version output of Pi-hole Core. Instead, I'm informed that it's an invalid option.
I've had the following things in mind while rewriting this:
* I'm operating under the assumption that FTL is only installed if the Admin Console is (Line 113 exit 0)
* I have modified the help text to only output with `pihole -v --help`
* I have modified all output to be more similar to the output style of `grep` and `curl` (Ditching ":::")
Testing output:
```
w3k@MCT:~$ pihole -v
Pi-hole version is v3.0.1-14-ga928cd3 (Latest: v3.0.1)
Admin Console version is v3.0-9-g3760482 (Latest: v3.0.1)
FTL version is v2.6.2 (Latest: v2.6.2)
w3k@MCT:~$ pihole -v -c
Current Pi-hole version is v3.0.1-14-ga928cd3
Current Admin Console version is v3.0-9-g3760482
Current FTL version is v2.6.2
w3k@MCT:~$ pihole -v -l
Latest Pi-hole version is v3.0.1
Latest Admin Console version is v3.0.1
Latest FTL version is v2.6.2
w3k@MCT:~$ pihole -v -p --hash
Current Pi-hole hash is a928cd3
w3k@MCT:~$ pihole -v -a --hash
Current Admin Console hash is 3760482
w3k@MCT:~$ pihole -v --help
Usage: pihole -v [REPO | OPTION] [OPTION]
Show Pi-hole, Web Admin & FTL versions
<Shows all Repositories and Options>
w3k@MCT:~$ pihole -v -foo
Invalid Option!
```
* Update -h to work as --hash
Also provide error output as per https://github.com/pi-hole/pi-hole/pull/1447#issuecomment-300600093
* Perform EXACT searches on HOSTS lists correctly
`\s` on the end may be overkill, but it is the existing scanList() behaviour.
* Fixed indentation
* Minimise string duplication & other minor changes
Instead of duplicating output strings, rewrite core/web/ftlOutput() into one neat versionOutput().
* Modified syntax to be valid for Shellcheck
* Log and echo gateway responses
* Update queryFunc() to search Whitelist
If there is a match in Whitelist/Blacklist/Wildcards, `[ ! -t 1 ]` will cause the search to end if the terminal is closed when the script is called. This has the intended effect of allowing a user to search for a W/B/W domain (as well as all the adlists it's found in) using `pihole -q` via Terminal, but the script will stop searching after a W/B/W match when called by the block page.
* Wrap in double brackets
* Provide remote hashes for version.sh
* Provide remote hashes for comparison
* Use double braces for all conditions (for consistency)
* Suppress potential "cd" error output
* Provide "not applicable" output upon any hash request for FTL
* whitelist on website blocked doesnt work (#1452)
Since Pi-hole redirects ad domains to itself, accessing the script via de.ign.com is the same as pi.hole in this case. The fix should be as simple as adding a / before admin on this line.
* Solve piholeLogFlush.sh having to be issued 2 x to clear logs (#1460)
Simplified the command -v syntax, and added a sleep 3 timer to the first execution of the log rotation. The second execution was being issued while the first was still running, thus it would fail and you would have to issue the "Flush Logs" command a second time.
* Use `echo "ABC" | pihole tricorder` to upload to Pi-hole's medical tricorder. Uses SSL if available.
* Update list.sh
I believe this has feature parity with `sed /foo/ Id` but also supports busybox, and my alpine docker ;)
* Document `sed` substitution for user readability
Comment the oneliner with explanations of what each step does.
* Update Help Output (#1467)
* File consistency
* Tabs to 2 spaces
* Corrected indenting
* Double braced conditionals
* Quoted variables within conditionals
* Standardise core help text
* Added help text for disable command
* Added help text for logging command
* Clean up
* Fixed certain new lines and spaces
* Sync with development branch
* Formatting consistency
* Tabs to 2 spaces
* Corrected indenting
* Double braced conditionals
* Quoted variables within conditionals
* Fixed certain newlines and spaces
* Admin help text
* Added help text for interface command
* Sync with development branch
* Formatting consistency
* Tabs to 2 spaces
* Fixed some wording
* Fixed certain spaces
* Formatting consistency
* Minor wording changes
* Tabs to 2 spaces
* Corrected indenting
* Double braced conditionals
* Quoted variables within conditionals
* Fixed certain newlines and spaces
* Blacklist help text
* Formatting consistency
* Tabs to 2 spaces
* Corrected indenting
* Cronometer help text
* Formatting consistency
* Fixed certain newlines and spaces
* Corrected indenting
* Checkout warning alteration
* Add checkout help text
* Corrected help output
* Show help for "pihole -a -i --help"
* Fix "pihole disable --help" and "pihole -l --help"
* Show help for "pihole -v -h"
* Indent output text
* Minor help text change
* Show help for "pihole checkout --help"
* Tricorder: Insecure Opt-out
* Check to see if Tricorder is being called directly
* Provide opt-out for insecure transmission of debug log
* Remove mention of internal function from help menu
* 🌮 is the new :shipit: squirrel
* Wording changes and bug fix
* Fix wildcard help text
* -wild is not a valid option since we're already using -wild
* Fix logrotation: manual flushing should be done twice, but automated rotation at midnight should only be done *once*!
* Print echos only when manual flushing is requested
* Add "quiet" mode + update comments in the cron file
* Confirm Tricorder is online
* Scan port 9998 to confirm the availability of "tricorder.pi-hole.net"
* Exit codes for upload process
* Formatting consistency
* Add link to Windows DNS Swapper
See #1400
* Install loopback firewall rules for FTL (#1419)
* Install loopback firewall rules for FTL
* FirewallD FTL ports
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
* Remove firewallD FTL local rules.
Local rules should not be blocked in firewallD, not requred for internal service FTD>
* Reinstate https rules, and delete FTL rules
Fixes earlier commit.
* Retrieve local repos on repair (#1481)
* Retrieve local repos on repair
* Change conditional to check for repair
* Change wording of Update/Reconfigure message
* Fixed indenting
* Perform "git reset --hard" on reconfigure
* Change directory before trying to reset repository. Fixes#1489
* No need to `cd $PWD` as it doesn't affect flow of caller script.
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
* Refine output of password status in basic-install.sh:displayFinalMessage(). Fixes#1488 (#1490)
* Rewrite Chronometer to output more stats
* Fix output IPv4 addr when removing CIDR notation (#1498)
* Move wildcards file if blocking is disabled (#1495)
* Move wildcards file if blocking is diabled
* Delete newline
* Roll back merge #1417 (#1494)
* Update ISSUE_TEMPLATE.md
* Remove Question option
* Prefer ULA over GUA addresses [IPv6] (#1508)
* On installs with GUA and ULA's we should prefer ULA's as it's been demonstrated that GUA's can and often are rotated by ISPs. Fixes#1473
* Add test for link-local address detection
* Add ULA-only and GUA-only tests
* Add test_IPv6_GUA_ULA_test and test_IPv6_ULA_GUA_test
* Add ""
* Add mock_command_2 command that can mock a command with more than one argument (as "ip -6 address") and result multiple lines of results
* Make mock_command_2 more similar to the original mock_command
* Correct comments
* Fixed remaining comments
* Fixed one last comment...
* Fixed a comment...
* Add weekly logrotation of FTL's log (#1509)
* Update LICENSE of the project to EUPL v1.2
* Make clear that NO is the default if the user just hits return (#1514)
* Add tricorderFunc back as usable function (#1515)
As per #1464
* Don't update FTL when there is a core update (as this will update FTL a second time). Fixes#1516
* Add FTL tests to the test suite (#1510)
* Add first version of FTL tests
* Wait one second to allow FTL to start up and analyze our mock log
* Add test_FTL_telnet_statistics
* Added test_FTL_telnet_top_clients
* Add test_FTL_telnet_top_domains
* Revert "Add FTL tests to the test suite (#1510)" (#1519)
This reverts commit cf6a1ac9ad.
* Trim version output when update is successful (#1527)
* Change ownership of /etc/pihole to user/group pihole. Fixes#1529 (#1530)
* Delete temporary files after installing the FTL binary. Fixes#1525
* Change from admin to approvers teams
* Introduce new file black.list for blacklist content
* Add "pihole -g -b" to *only* update black.list (saves a bunch of time when adding/changing only blacklisted files - won'tdownload lal lists, but only processes the blacklist and restars dnsmasq)
* Remove useless cat
* Improve displayed messages and overall logic
* Disable black.list on "pihole disable"
* cp + rm === mv (well, almost)
* On installs with GUA and ULA's we should prefer ULA's as it's been demonstrated that GUA's can and often are rotated by ISPs. Fixes#1473
* Add test for link-local address detection
* Add ULA-only and GUA-only tests
* Add test_IPv6_GUA_ULA_test and test_IPv6_ULA_GUA_test
* Add ""
* Add mock_command_2 command that can mock a command with more than one argument (as "ip -6 address") and result multiple lines of results
* Make mock_command_2 more similar to the original mock_command
* Correct comments
* Fixed remaining comments
* Fixed one last comment...
* Fixed a comment...
* Retrieve local repos on repair
* Change conditional to check for repair
* Change wording of Update/Reconfigure message
* Fixed indenting
* Perform "git reset --hard" on reconfigure
* Install loopback firewall rules for FTL
* FirewallD FTL ports
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
* Remove firewallD FTL local rules.
Local rules should not be blocked in firewallD, not requred for internal service FTD>
* Reinstate https rules, and delete FTL rules
Fixes earlier commit.
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
`"${pw}"`
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
Absolute path for pihole
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
Debian PKG_INSTALL as array
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
Take out some whiptail subshells that aren't needed.
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
default rule DROP or REJECT as last rule.
Regex the conditions to make sure we are getting the right conditions.
Reframe the logic to simplify the chains and rules
Reframe the logic to simplify the chains and rules
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
Modify Fedora dependency installer
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
Fedora now installs and arrays only non-installed packages. Fedora also noops the cache update, since it updates at every dnf call anyays.
Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net>
