Merge pull request #1074 from pi-hole/development

[RELEASE] Pi-hole Core 2.11

.github/ISSUE_TEMPLATE.md

@@ -6,16 +6,7 @@
 
 **How familiar are you with the codebase?:**
 
-- [] 1 (very unfamiliar)
-- [] 2
-- [] 3
-- [] 4
-- [] 5
-- [] 6
-- [] 7
-- [] 8
-- [] 9
-- [] 10 (very familiar)
+_{replace this text with a number from 1 to 10, with 1 being not familiar, and 10 being very familiar}_
 
 ---
 **[FEATURE REQUEST | QUESTION | OTHER]:**

.github/PULL_REQUEST_TEMPLATE.md

@@ -10,16 +10,7 @@
 
 **How familiar are you with the codebase?:**
 
-- [] 1 (very unfamiliar)
-- [] 2
-- [] 3
-- [] 4
-- [] 5
-- [] 6
-- [] 7
-- [] 8
-- [] 9
-- [] 10 (very familiar)
+_{replace this text with a number from 1 to 10, with 1 being not familiar, and 10 being very familiar}_
 
 ---
 _{replace this line with your pull request content}_

.idea/codeStyleSettings.xml

@@ -15,8 +15,11 @@
             <option name="USE_RELATIVE_INDENTS" value="false" />
           </value>
         </option>
+        <MarkdownNavigatorCodeStyleSettings>
+          <option name="RIGHT_MARGIN" value="72" />
+        </MarkdownNavigatorCodeStyleSettings>
       </value>
     </option>
     <option name="USE_PER_PROJECT_SETTINGS" value="true" />
   </component>
-</project>
+</project>

README.md

@@ -10,7 +10,7 @@
 
 ## The multi-platform, network-wide ad blocker
 
-Block ads for **all** your devices _without_ the need to install client-side software.  The Pi-hole blocks ads the DNS-level, so all your devices are protected.
+Block ads for **all** your devices _without_ the need to install client-side software.  The Pi-hole blocks ads at the DNS-level, so all your devices are protected.
 
 - Web Browsers
 - Cell Phones
@@ -53,7 +53,7 @@ wget -O basic-install.sh https://install.pi-hole.net
 bash basic-install.sh
 ```
 
-Once installed, [configure your router to have **DHCP clients use the Pi as their DNS server**](http://pi-hole.net/faq/can-i-set-the-pi-hole-to-be-the-dns-server-at-my-router-so-i-dont-have-to-change-settings-for-my-devices/) and then any device that connects to your network will have ads blocked without any further configuration. Alternatively, you can manually set each device to [use the Raspberry Pi as its DNS server](http://pi-hole.net/faq/how-do-i-use-the-pi-hole-as-my-dns-server/).
+Once installed, [configure your router to have **DHCP clients use the Pi as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) and then any device that connects to your network will have ads blocked without any further configuration. Alternatively, you can manually set each device to [use the Raspberry Pi as its DNS server](http://pi-hole.net/faq/how-do-i-use-the-pi-hole-as-my-dns-server/).
 
 ## Installing the Pi-hole (Click to Watch!)
 <p align="center">

adlists.default

@@ -37,7 +37,7 @@ https://hosts-file.net/ad_servers.txt
 #http://securemecca.com/Downloads/hosts.txt
 
 # Quidsup's tracker list
-https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt
+#https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt
 
 # Block the BBC News website Breaking News banner
 #https://raw.githubusercontent.com/BreakingTheNews/BreakingTheNews.github.io/master/hosts

advanced/Scripts/chronometer.sh

@@ -15,8 +15,6 @@
 piLog="/var/log/pihole.log"
 gravity="/etc/pihole/gravity.list"
 
-today=$(date "+%b %e")
-
 . /etc/pihole/setupVars.conf
 
 CalcBlockedDomains() {
@@ -35,7 +33,7 @@ CalcBlockedDomains() {
 
 CalcQueriesToday() {
 	if [ -e "${piLog}" ]; then
-		queriesToday=$(cat "${piLog}" | grep "${today}" | awk '/query/ {print $6}' | wc -l)
+		queriesToday=$(awk '/query\[/ {print $6}' < "${piLog}" | wc -l)
 	else
 		queriesToday="Err."
 	fi
@@ -43,7 +41,7 @@ CalcQueriesToday() {
 
 CalcblockedToday() {
 	if [ -e "${piLog}" ] && [ -e "${gravity}" ];then
-		blockedToday=$(cat ${piLog} | awk '/\/etc\/pihole\/gravity.list/ && !/address/ {print $6}' | wc -l)
+		blockedToday=$(awk '/\/etc\/pihole\/gravity.list/ && !/address/ {print $6}' < "${piLog}" | wc -l)
 	else
 		blockedToday="Err."
 	fi
@@ -104,7 +102,7 @@ normalChrono() {
 
 		echo "Blocking:      ${blockedDomainsTotal}"
 		echo "Queries:       ${queriesToday}" #same total calculation as dashboard
-	  echo "Pi-holed:      ${blockedToday} (${percentBlockedToday}%)"
+		echo "Pi-holed:      ${blockedToday} (${percentBlockedToday}%)"
 
 		sleep 5
 	done

advanced/Scripts/update.sh

@@ -22,9 +22,15 @@ readonly PI_HOLE_FILES_DIR="/etc/.pihole"
 is_repo() {
   # Use git to check if directory is currently under VCS, return the value
   local directory="${1}"
+  local curdir
+  local rc
 
-  git -C "${directory}" status --short &> /dev/null
-  return
+  curdir="${PWD}"
+  cd "${directory}" &> /dev/null || return 1
+  git status --short &> /dev/null
+  rc=$?
+  cd "${curdir}" &> /dev/null || return 1
+  return "${rc}"
 }
 
 prep_repo() {
@@ -40,22 +46,24 @@ make_repo() {
   local remoteRepo="${2}"
   local directory="${1}"
 
-  (prep_repo "${directory}" && git clone -q --depth 1 "${remoteRepo}" "${directory}" > /dev/null)
+  (prep_repo "${directory}" && git clone -q --depth 1 "${remoteRepo}" "${directory}")
      return
 }
 
 update_repo() {
   local directory="${1}"
-  local retVal=0
-  # Pull the latest commits
+  local curdir
 
+  curdir="${PWD}"
+  cd "${directory}" &> /dev/null || return 1
+  # Pull the latest commits
   # Stash all files not tracked for later retrieval
-  git -C "${directory}" stash --all --quiet &> /dev/null || ${retVal}=1
+  git stash --all --quiet
   # Force a clean working directory for cloning
-  git -C "${directory}" clean --force -d &> /dev/null || ${retVal}=1
+  git clean --force -d
   # Fetch latest changes and apply
-  git -C "${directory}" pull --quiet &> /dev/null || ${retVal}=1
-  return ${retVal}
+  git pull --quiet
+  cd "${curdir}" &> /dev/null || return 1
 }
 
 getGitFiles() {
@@ -76,33 +84,59 @@ getGitFiles() {
   fi
 }
 
+GitCheckUpdateAvail() {
+  local directory="${1}"
+  curdir=$PWD;
+  cd "${directory}"
+
+  # Fetch latest changes in this repo
+  git fetch --quiet origin
+  status="$(git status -sb)"
+
+  # Change back to original directory
+  cd "${curdir}"
+
+  if [[ $status == *"behind"* ]]; then
+    # Local branch is behind remote branch -> Update
+    return 0
+  else
+    # Local branch is up-to-date or in a situation
+    # where this updater cannot be used (like on a
+    # branch that exists only locally)
+    return 1
+  fi
+}
+
 main() {
   local pihole_version_current
-  local pihole_version_latest
   local web_version_current
-  local web_version_latest
 
-  if ! is_repo "${PI_HOLE_FILES_DIR}" || ! is_repo "${ADMIN_INTERFACE_DIR}" ; then #This is unlikely
+  #This is unlikely
+  if ! is_repo "${PI_HOLE_FILES_DIR}" || ! is_repo "${ADMIN_INTERFACE_DIR}" ; then
     echo "::: Critical Error: One or more Pi-Hole repos are missing from system!"
     echo "::: Please re-run install script from https://github.com/pi-hole/pi-hole"
     exit 1;
   fi
 
   echo "::: Checking for updates..."
-  # Checks Pi-hole version string in format vX.X.X
-  pihole_version_current="$(/usr/local/bin/pihole version --pihole --current)"
-  pihole_version_latest="$(/usr/local/bin/pihole version --pihole --latest)"
-  web_version_current="$(/usr/local/bin/pihole version --admin --current)"
-  web_version_latest="$(/usr/local/bin/pihole version --admin --latest)"
 
-  if [[ "${pihole_version_latest}" == "-1" || "${web_version_latest}" == "-1" ]]; then
-    echo "*** Unable to contact GitHub for latest version. Please try again later, contact support if this continues."
-    exit 1
+  if GitCheckUpdateAvail "${PI_HOLE_FILES_DIR}" ; then
+    core_update=true
+    echo "::: Pi-hole Core:   update available"
+  else
+    core_update=false
+    echo "::: Pi-hole Core:   up to date"
+  fi
+
+  if GitCheckUpdateAvail "${ADMIN_INTERFACE_DIR}" ; then
+    web_update=true
+    echo "::: Web Interface:  update available"
+  else
+    web_update=false
+    echo "::: Web Interface:  up to date"
   fi
 
   # Logic
-  # If latest versions are blank - we've probably hit Github rate limit (stop running `pihole -up so often!):
-  #            Update anyway
   # If Core up to date AND web up to date:
   #            Do nothing
   # If Core up to date AND web NOT up to date:
@@ -112,46 +146,40 @@ main() {
   # if Core NOT up to date AND web NOT up to date:
   #            pull pihole repo run install --unattended
 
-  if [[ "${pihole_version_current}" == "${pihole_version_latest}" ]] && [[ "${web_version_current}" == "${web_version_latest}" ]]; then
-    echo ":::"
-    echo "::: Pi-hole version is $pihole_version_current"
-    echo "::: Web Admin version is $web_version_current"
+  if ! ${core_update} && ! ${web_update} ; then
     echo ":::"
     echo "::: Everything is up to date!"
     exit 0
 
-  elif [[ "${pihole_version_current}" == "${pihole_version_latest}" ]] && [[ "${web_version_current}" < "${web_version_latest}" ]]; then
+  elif ! ${core_update} && ${web_update} ; then
     echo ":::"
     echo "::: Pi-hole Web Admin files out of date"
     getGitFiles "${ADMIN_INTERFACE_DIR}" "${ADMIN_INTERFACE_GIT_URL}"
 
-    web_updated=true
-
-  elif [[ "${pihole_version_current}" < "${pihole_version_latest}" ]] && [[ "${web_version_current}" == "${web_version_latest}" ]]; then
+  elif ${core_update} && ! ${web_update} ; then
+    echo ":::"
     echo "::: Pi-hole core files out of date"
     getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}"
     /etc/.pihole/automated\ install/basic-install.sh --reconfigure --unattended || echo "Unable to complete update, contact Pi-hole" && exit 1
-    core_updated=true
 
-  elif [[ "${pihole_version_current}" < "${pihole_version_latest}" ]] && [[ "${web_version_current}" < "${web_version_latest}" ]]; then
+  elif ${core_update} && ${web_update} ; then
+    echo ":::"
     echo "::: Updating Everything"
     getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}"
     /etc/.pihole/automated\ install/basic-install.sh --unattended || echo "Unable to complete update, contact Pi-hole" && exit 1
-    web_updated=true
-    core_updated=true
   else
     echo "*** Update script has malfunctioned, fallthrough reached. Please contact support"
     exit 1
   fi
 
-  if [[ "${web_updated}" == true ]]; then
+  if [[ "${web_update}" == true ]]; then
     web_version_current="$(/usr/local/bin/pihole version --admin --current)"
     echo ":::"
     echo "::: Web Admin version is now at ${web_version_current}"
     echo "::: If you had made any changes in '/var/www/html/admin/', they have been stashed using 'git stash'"
   fi
 
-  if [[ "${core_updated}" == true ]]; then
+  if [[ "${core_update}" == true ]]; then
     pihole_version_current="$(/usr/local/bin/pihole version --pihole --current)"
     echo ":::"
     echo "::: Pi-hole version is now at ${pihole_version_current}"

advanced/Scripts/webpage.sh

@@ -9,7 +9,9 @@
 # the Free Software Foundation, either version 2 of the License, or
 # (at your option) any later version.
 
-args=("$@")
+readonly setupVars="/etc/pihole/setupVars.conf"
+readonly dnsmasqconfig="/etc/dnsmasq.d/01-pihole.conf"
+readonly dhcpconfig="/etc/dnsmasq.d/02-pihole-dhcp.conf"
 
 helpFunc() {
 	cat << EOM
@@ -27,12 +29,34 @@ EOM
 	exit 0
 }
 
+add_setting() {
+	echo "${1}=${2}" >> "${setupVars}"
+}
+
+delete_setting() {
+	sed -i "/${1}/d" "${setupVars}"
+}
+
+change_setting() {
+	delete_setting "${1}"
+	add_setting "${1}" "${2}"
+}
+
+add_dnsmasq_setting() {
+	if [[ "${2}" != "" ]]; then
+		echo "${1}=${2}" >> "${dnsmasqconfig}"
+	else
+		echo "${1}" >> "${dnsmasqconfig}"
+	fi
+}
+
+delete_dnsmasq_setting() {
+	sed -i "/${1}/d" "${dnsmasqconfig}"
+}
+
 SetTemperatureUnit(){
 
-	# Remove setting from file (create backup setupVars.conf.bak)
-	sed -i.bak '/TEMPERATUREUNIT/d' /etc/pihole/setupVars.conf
-	# Save setting to file
-	echo "TEMPERATUREUNIT=${unit}" >> /etc/pihole/setupVars.conf
+	change_setting "TEMPERATUREUNIT" "${unit}"
 
 }
 
@@ -50,65 +74,70 @@ SetWebPassword(){
 		exit 1
 	fi
 
-	# Remove password from file (create backup setupVars.conf.bak)
-	sed -i.bak '/WEBPASSWORD/d' /etc/pihole/setupVars.conf
 	# Set password only if there is one to be set
 	if (( ${#args[2]} > 0 )) ; then
 		# Compute password hash twice to avoid rainbow table vulnerability
 		hash=$(echo -n ${args[2]} | sha256sum | sed 's/\s.*$//')
 		hash=$(echo -n ${hash} | sha256sum | sed 's/\s.*$//')
 		# Save hash to file
-		echo "WEBPASSWORD=${hash}" >> /etc/pihole/setupVars.conf
+		change_setting "WEBPASSWORD" "${hash}"
 		echo "New password set"
 	else
+		change_setting "WEBPASSWORD" ""
 		echo "Password removed"
 	fi
 
 }
 
+ProcessDNSSettings() {
+	source "${setupVars}"
+
+	delete_dnsmasq_setting "server="
+	add_dnsmasq_setting "server" "${PIHOLE_DNS_1}"
+
+	if [[ "${PIHOLE_DNS_2}" != "" ]]; then
+		add_dnsmasq_setting "server" "${PIHOLE_DNS_2}"
+	fi
+
+	delete_dnsmasq_setting "domain-needed"
+
+	if [[ "${DNS_FQDN_REQUIRED}" == true ]]; then
+		add_dnsmasq_setting "domain-needed"
+	fi
+
+	delete_dnsmasq_setting "bogus-priv"
+
+	if [[ "${DNS_BOGUS_PRIV}" == true ]]; then
+		add_dnsmasq_setting "bogus-priv"
+	fi
+
+}
+
 SetDNSServers(){
 
-	# Remove setting from file (create backup setupVars.conf.bak)
-	sed -i.bak '/PIHOLE_DNS_1/d;/PIHOLE_DNS_2/d;/DNS_FQDN_REQUIRED/d;' /etc/pihole/setupVars.conf
 	# Save setting to file
-	echo "PIHOLE_DNS_1=${args[2]}" >> /etc/pihole/setupVars.conf
+	change_setting "PIHOLE_DNS_1" "${args[2]}"
+
 	if [[ "${args[3]}" != "none" ]]; then
-		echo "PIHOLE_DNS_2=${args[3]}" >> /etc/pihole/setupVars.conf
+		change_setting "PIHOLE_DNS_2" "${args[3]}"
 	else
-		echo "PIHOLE_DNS_2=" >> /etc/pihole/setupVars.conf
+		change_setting "PIHOLE_DNS_2" ""
 	fi
 
-	# Replace within actual dnsmasq config file
-	sed -i '/server=/d;' /etc/dnsmasq.d/01-pihole.conf
-	echo "server=${args[2]}" >> /etc/dnsmasq.d/01-pihole.conf
-	if [[ "${args[3]}" != "none" ]]; then
-		echo "server=${args[3]}" >> /etc/dnsmasq.d/01-pihole.conf
-	fi
-
-	# Remove domain-needed entry
-	sed -i '/domain-needed/d;' /etc/dnsmasq.d/01-pihole.conf
-
-	# Readd it if required
 	if [[ "${args[4]}" == "domain-needed" ]]; then
-		echo "domain-needed" >> /etc/dnsmasq.d/01-pihole.conf
-		echo "DNS_FQDN_REQUIRED=true" >> /etc/pihole/setupVars.conf
+		change_setting "DNS_FQDN_REQUIRED" "true"
 	else
-		# Leave it deleted if not wanted
-		echo "DNS_FQDN_REQUIRED=false" >> /etc/pihole/setupVars.conf
+		change_setting "DNS_FQDN_REQUIRED" "false"
 	fi
 
-	# Remove bogus-priv entry
-	sed -i '/bogus-priv/d;' /etc/dnsmasq.d/01-pihole.conf
-
-	# Readd it if required
-	if [[ "${args[5]}" == "bogus-priv" ]]; then
-		echo "bogus-priv" >> /etc/dnsmasq.d/01-pihole.conf
-		echo "DNS_BOGUS_PRIV=true" >> /etc/pihole/setupVars.conf
+	if [[ "${args[4]}" == "bogus-priv" || "${args[5]}" == "bogus-priv" ]]; then
+		change_setting "DNS_BOGUS_PRIV" "true"
 	else
-		# Leave it deleted if not wanted
-		echo "DNS_BOGUS_PRIV=false" >> /etc/pihole/setupVars.conf
+		change_setting "DNS_BOGUS_PRIV" "false"
 	fi
 
+	ProcessDnsmasqSettings
+
 	# Restart dnsmasq to load new configuration
 	RestartDNS
 
@@ -116,18 +145,14 @@ SetDNSServers(){
 
 SetExcludeDomains(){
 
-	# Remove setting from file (create backup setupVars.conf.bak)
-	sed -i.bak '/API_EXCLUDE_DOMAINS/d;' /etc/pihole/setupVars.conf
-	# Save setting to file
-	echo "API_EXCLUDE_DOMAINS=${args[2]}" >> /etc/pihole/setupVars.conf
+	change_setting "API_EXCLUDE_DOMAINS" "${args[2]}"
+
 }
 
 SetExcludeClients(){
 
-	# Remove setting from file (create backup setupVars.conf.bak)
-	sed -i.bak '/API_EXCLUDE_CLIENTS/d;' /etc/pihole/setupVars.conf
-	# Save setting to file
-	echo "API_EXCLUDE_CLIENTS=${args[2]}" >> /etc/pihole/setupVars.conf
+	change_setting "API_EXCLUDE_CLIENTS" "${args[2]}"
+
 }
 
 Reboot(){
@@ -148,95 +173,146 @@ RestartDNS(){
 
 SetQueryLogOptions(){
 
-	# Remove setting from file (create backup setupVars.conf.bak)
-	sed -i.bak '/API_QUERY_LOG_SHOW/d;' /etc/pihole/setupVars.conf
-	# Save setting to file
-	echo "API_QUERY_LOG_SHOW=${args[2]}" >> /etc/pihole/setupVars.conf
+	change_setting "API_QUERY_LOG_SHOW" "${args[2]}"
+
+}
+
+ProcessDHCPSettings() {
+
+	if [[ "${DHCP_ACTIVE}" == "true" ]]; then
+
+	source "${setupVars}"
+	interface=$(grep 'PIHOLE_INTERFACE=' /etc/pihole/setupVars.conf | sed "s/.*=//")
+
+	# Use eth0 as fallback interface
+	if [ -z ${interface} ]; then
+		interface="eth0"
+	fi
+
+	if [[ "${PIHOLE_DOMAIN}" == "" ]]; then
+		PIHOLE_DOMAIN="local"
+		change_setting "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}"
+	fi
+
+	if [[ "${DHCP_LEASETIME}" == "0" ]]; then
+		leasetime="infinite"
+	elif [[ "${DHCP_LEASETIME}" == "" ]]; then
+		leasetime="24h"
+		change_setting "DHCP_LEASETIME" "${leasetime}"
+	else
+		leasetime="${DHCP_LEASETIME}h"
+	fi
+
+	# Write settings to file
+	echo "###############################################################################
+#  DHCP SERVER CONFIG FILE AUTOMATICALLY POPULATED BY PI-HOLE WEB INTERFACE.  #
+#            ANY CHANGES MADE TO THIS FILE WILL BE LOST ON CHANGE             #
+###############################################################################
+dhcp-authoritative
+dhcp-range=${DHCP_START},${DHCP_END},${leasetime}
+dhcp-option=option:router,${DHCP_ROUTER}
+dhcp-leasefile=/etc/pihole/dhcp.leases
+domain=${PIHOLE_DOMAIN}
+#quiet-dhcp
+#quiet-dhcp6
+#enable-ra
+dhcp-option=option6:dns-server,[::]
+dhcp-range=::100,::1ff,constructor:${interface},ra-names,slaac,${leasetime}
+ra-param=*,0,0
+" > "${dhcpconfig}"
+
+	else
+		rm "${dhcpconfig}"
+	fi
 }
 
 EnableDHCP(){
 
-	# Remove setting from file (create backup setupVars.conf.bak)
-	sed -i.bak '/DHCP_/d;' /etc/pihole/setupVars.conf
-	echo "DHCP_ACTIVE=true" >> /etc/pihole/setupVars.conf
-	echo "DHCP_START=${args[2]}" >> /etc/pihole/setupVars.conf
-	echo "DHCP_END=${args[3]}" >> /etc/pihole/setupVars.conf
-	echo "DHCP_ROUTER=${args[4]}" >> /etc/pihole/setupVars.conf
+	change_setting "DHCP_ACTIVE" "true"
+	change_setting "DHCP_START" "${args[2]}"
+	change_setting "DHCP_END" "${args[3]}"
+	change_setting "DHCP_ROUTER" "${args[4]}"
+	change_setting "DHCP_LEASETIME" "${args[5]}"
+	change_setting "PIHOLE_DOMAIN" "${args[6]}"
 
-	# Remove setting from file
-	sed -i '/dhcp-/d;/quiet-dhcp/d;' /etc/dnsmasq.d/01-pihole.conf
-	# Save setting to file
-	echo "dhcp-range=${args[2]},${args[3]},infinite" >> /etc/dnsmasq.d/01-pihole.conf
-	echo "dhcp-option=option:router,${args[4]}" >> /etc/dnsmasq.d/01-pihole.conf
-	# Changes the behaviour from strict RFC compliance so that DHCP requests on unknown leases from unknown hosts are not ignored. This allows new hosts to get a lease without a tedious timeout under all circumstances. It also allows dnsmasq to rebuild its lease database without each client needing to reacquire a lease, if the database is lost.
-	echo "dhcp-authoritative" >> /etc/dnsmasq.d/01-pihole.conf
-	# Use the specified file to store DHCP lease information
-	echo "dhcp-leasefile=/etc/pihole/dhcp.leases" >> /etc/dnsmasq.d/01-pihole.conf
-	# Suppress logging of the routine operation of these protocols. Errors and problems will still be logged, though.
-	echo "quiet-dhcp" >> /etc/dnsmasq.d/01-pihole.conf
-	echo "quiet-dhcp6" >> /etc/dnsmasq.d/01-pihole.conf
+	# Remove possible old setting from file
+	delete_dnsmasq_setting "dhcp-"
+	delete_dnsmasq_setting "quiet-dhcp"
+
+	ProcessDHCPSettings
 
 	RestartDNS
 }
 
 DisableDHCP(){
 
-	# Remove setting from file (create backup setupVars.conf.bak)
-	sed -i.bak '/DHCP_ACTIVE/d;' /etc/pihole/setupVars.conf
-	echo "DHCP_ACTIVE=false" >> /etc/pihole/setupVars.conf
+	change_setting "DHCP_ACTIVE" "false"
 
-	# Remove setting from file
-	sed -i '/dhcp-/d;/quiet-dhcp/d;' /etc/dnsmasq.d/01-pihole.conf
+	# Remove possible old setting from file
+	delete_dnsmasq_setting "dhcp-"
+	delete_dnsmasq_setting "quiet-dhcp"
+
+	ProcessDHCPSettings
 
 	RestartDNS
 }
 
 SetWebUILayout(){
 
-	# Remove setting from file (create backup setupVars.conf.bak)
-	sed -i.bak '/WEBUIBOXEDLAYOUT/d;' /etc/pihole/setupVars.conf
-	echo "WEBUIBOXEDLAYOUT=${args[2]}" >> /etc/pihole/setupVars.conf
+	change_setting "WEBUIBOXEDLAYOUT" "${args[2]}"
 
 }
 
-SetDNSDomainName(){
+SetPrivacyMode(){
 
-	# Remove setting from file (create backup setupVars.conf.bak)
-	sed -i.bak '/PIHOLE_DOMAIN/d;' /etc/pihole/setupVars.conf
-	# Save setting to file
-	echo "PIHOLE_DOMAIN=${args[2]}" >> /etc/pihole/setupVars.conf
-
-	# Replace within actual dnsmasq config file
-	sed -i '/domain=/d;' /etc/dnsmasq.d/01-pihole.conf
-	echo "domain=${args[2]}" >> /etc/dnsmasq.d/01-pihole.conf
-
-	# Restart dnsmasq to load new configuration
-	RestartDNS
+	if [[ "${args[2]}" == "true" ]] ; then
+		change_setting "API_PRIVACY_MODE" "true"
+	else
+		change_setting "API_PRIVACY_MODE" "false"
+	fi
 
 }
 
-case "${args[1]}" in
-	"-p" | "password"   ) SetWebPassword;;
-	"-c" | "celsius"    ) unit="C"; SetTemperatureUnit;;
-	"-f" | "fahrenheit" ) unit="F"; SetTemperatureUnit;;
-	"-k" | "kelvin"     ) unit="K"; SetTemperatureUnit;;
-	"setdns"            ) SetDNSServers;;
-	"setexcludedomains" ) SetExcludeDomains;;
-	"setexcludeclients" ) SetExcludeClients;;
-	"reboot"            ) Reboot;;
-	"restartdns"        ) RestartDNS;;
-	"setquerylog"       ) SetQueryLogOptions;;
-	"enabledhcp"        ) EnableDHCP;;
-	"disabledhcp"       ) DisableDHCP;;
-	"layout"            ) SetWebUILayout;;
-	"-h" | "--help"     ) helpFunc;;
-	"domainname"        ) SetDNSDomainName;;
-	*                   ) helpFunc;;
-esac
+ResolutionSettings() {
 
-shift
+	typ="${args[2]}"
+	state="${args[3]}"
 
-if [[ $# = 0 ]]; then
-	helpFunc
-fi
+	if [[ "${typ}" == "forward" ]]; then
+		change_setting "API_GET_UPSTREAM_DNS_HOSTNAME" "${state}"
+	elif [[ "${typ}" == "clients" ]]; then
+		change_setting "API_GET_CLIENT_HOSTNAME" "${state}"
+	fi
+}
 
+main() {
+
+	args=("$@")
+
+	case "${args[1]}" in
+		"-p" | "password"   ) SetWebPassword;;
+		"-c" | "celsius"    ) unit="C"; SetTemperatureUnit;;
+		"-f" | "fahrenheit" ) unit="F"; SetTemperatureUnit;;
+		"-k" | "kelvin"     ) unit="K"; SetTemperatureUnit;;
+		"setdns"            ) SetDNSServers;;
+		"setexcludedomains" ) SetExcludeDomains;;
+		"setexcludeclients" ) SetExcludeClients;;
+		"reboot"            ) Reboot;;
+		"restartdns"        ) RestartDNS;;
+		"setquerylog"       ) SetQueryLogOptions;;
+		"enabledhcp"        ) EnableDHCP;;
+		"disabledhcp"       ) DisableDHCP;;
+		"layout"            ) SetWebUILayout;;
+		"-h" | "--help"     ) helpFunc;;
+		"privacymode"       ) SetPrivacyMode;;
+		"resolve"           ) ResolutionSettings;;
+		*                   ) helpFunc;;
+	esac
+
+	shift
+
+	if [[ $# = 0 ]]; then
+		helpFunc
+	fi
+
+}

advanced/blockingpage.css

@@ -0,0 +1,136 @@
+/* CSS Reset */
+html, body, div, span, applet, object, iframe, h1, h2, h3, h4, h5, h6, p, blockquote, pre, a, abbr, acronym, address, big, cite, code, del, dfn, em, img, ins, kbd, q, s, samp, small, strike, strong, sub, sup, tt, var, b, u, i, center, dl, dt, dd, ol, ul, li, fieldset, form, label, legend, table, caption, tbody, tfoot, thead, tr, th, td, article, aside, canvas, details, embed, figure, figcaption, footer, header, hgroup, menu, nav, output, ruby, section, summary, time, mark, audio, video { margin: 0; padding: 0; border: 0; font-size: 100%; font: inherit; vertical-align: baseline; }
+article, aside, details, figcaption, figure, footer, header, hgroup, menu, nav, section { display: block; }
+body { line-height: 1; }
+ol, ul { list-style: none; }
+blockquote, q { quotes: none; }
+blockquote:before, blockquote:after, q:before, q:after { content: ''; content: none; }
+table { border-collapse: collapse; border-spacing: 0; }
+html { height: 100%; overflow-x: hidden; }
+
+/* General Style */
+a	{ color: rgba(0,60,120,0.95); text-decoration: none; } /* 1E3C5A */
+a:hover { color: rgba(210,120,0,0.95); transition-duration: .2s; } /* 255, 128, 0 */
+divs a		{ border-bottom: 1px dashed rgba(30,60,90,0.3); }
+b	{ font-weight: bold; }
+i	{ font-style: italic; }
+
+footer, pre, td { font-family: monospace; padding-left: 15px; }
+/*body, header { background: #E1E1E1; }*/
+
+body {
+	background-image: -webkit-linear-gradient(top, rgba(240,240,240,0.95), rgba(190,190,190,0.95));
+	background-image: linear-gradient(to bottom, rgba(240,240,240,0.95), rgba(190,190,190,0.95));
+	background-attachment: fixed;
+	color: rgba(64,64,64,0.95);
+	font: 14px, sans-serif;
+	line-height: 1em;
+}
+
+header {
+	min-width: 320px;
+	width: 100%;
+	text-shadow: 0 1px rgba(255,255,255,0.6);
+	display: table;
+	table-layout: fixed;
+	border: 1px solid rgba(0,0,0,0.25);
+	border-top-color: rgba(255,255,255,0.85);
+	border-style: solid none;
+	background-image: -webkit-linear-gradient(top, rgba(240,240,240,0.95), rgba(220,220,220,0.95));
+	background-image: linear-gradient(to bottom, rgba(240,240,240,0.95), rgba(220,220,220,0.95));
+	box-shadow:  0 0 1px 1px rgba(0,0,0,0.04);
+}
+
+header h1, header div {
+	display: table-cell;
+	color: inherit;
+	font-weight: bold;
+	vertical-align: middle;
+	white-space: nowrap;
+	overflow: hidden;
+	box-sizing: border-box;
+}
+
+header h1 {
+	font-size: 22px;
+	font-weight: bold;
+	width: 100%;
+	padding: 8px 0;
+	text-indent: 32px;
+	background: url("http://pi.hole/admin/img/logo.svg") left no-repeat;
+	background-size: 30px 22px;
+}
+
+header h1 a, h1 a:hover { color: inherit; }
+header .alt { width: 85px; font-size: 0.8em; padding-right: 4px; text-align: right; line-height: 1.25em; }
+.active { color: green; }
+.inactive { color: red; }
+
+main {
+	display: block;
+	width: 80%;
+	padding: 10px;
+	font-size: 1em;
+	background-color: rgba(255,255,255,0.85);
+	margin: 8px auto;
+	box-sizing: border-box;
+	border: 1px solid rgba(0,0,0,0.25);
+	box-shadow:  4px 4px rgba(0,0,0,0.1);
+	line-height: 1.2em;
+	border-radius: 8px;
+}
+
+h2 { /* Rgba is shared with .transparent th */
+	font: 1.15em sans-serif;
+	background-color: rgba(255,0,0,0.4);
+	text-shadow: none;
+	line-height: 1.1em;
+	padding-bottom: 1px;
+	margin-top: 8px;
+	margin-bottom: 4px;
+	background: -webkit-linear-gradient(left, rgba(0,0,0,0.25), transparent 80%) no-repeat;
+	background: linear-gradient(to right, rgba(0,0,0,0.25), transparent 80%) no-repeat;
+	background-size: 100% 1px;
+	background-position: 0 17px;
+}
+
+h2:first-child { margin-top: 0; }
+h2 ~ *:not(h2) { margin-left: 4px; }
+li { padding: 2px 0; }
+li::before { content: "\00BB\00a0"; }
+li a { position: relative; top: 1px; } /* Center bullet-point arrows */
+
+/* Button Style */
+.buttons a, button, input, .transparent th a { /* Swapped rgba is shared with input[type='url'] */
+	display: inline-block;
+	color: rgba(32,32,32,0.9);
+	font-weight: bold;
+	text-align: center;
+	cursor: pointer;
+	text-shadow: 0 1px rgba(255,255,255,0.2);
+	line-height: 0.86em;
+	font-size: 1em;
+	padding: 4px 8px;
+	background: #FAFAFA;
+	background-image: -webkit-linear-gradient(top, rgba(255,255,255,0.05), rgba(0,0,0,0.05));
+	background-image: linear-gradient(to bottom, rgba(255,255,255,0.05), rgba(0,0,0,0.05));
+	border: 1px solid rgba(0,0,0,0.25);
+	border-radius: 4px;
+	box-shadow: 0 1px 0 rgba(0,0,0,0.04);
+}
+
+.buttons { white-space: nowrap; width: 100%; display: table; }
+.buttons33 { white-space: nowrap; width: 33.333%; display: table; text-align: center; margin-left: 33.333% }
+.mini a { width: 50%; }
+a.safe { background-color: rgba(0,220,0,0.5); }
+button.safe { background-color: rgba(0,220,0,0.5); }
+a.warn { background-color: rgba(220,0,0,0.5); }
+
+.blocked a, .mini a { display: table-cell; }
+.blocked a.safe50 { width: 50%; background-color: rgba(0,220,0,0.5); }
+.blocked a.safe33 { width: 33.333%; background-color: rgba(0,220,0,0.5); }
+
+/* Types of text */
+.msg { white-space: pre; overflow: auto; -webkit-overflow-scrolling: touch; display: block; line-height: 1.2em; font-weight: bold; font-size: 1.15em; margin: 4px 8px 8px 8px; white-space: pre-line; }
+
+footer { font-size: 0.8em; text-align: center; width: 87%; margin: 4px auto; }

advanced/dphys-swapfile

@@ -1,12 +0,0 @@
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2015, 2016 by Jacob Salmela
-# Network-wide ad blocking via your Raspberry Pi
-# http://pi-hole.net
-# Swap file config
-#
-# Pi-hole is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 2 of the License, or
-# (at your option) any later version.
-
-CONF_SWAPSIZE=500

advanced/index.html

@@ -1,7 +0,0 @@
-<html>
-<head>
-<script>window.close();</script>
-</head>
-<body>
-</body>
-</html>

advanced/index.php

@@ -0,0 +1,162 @@
+<?php
+/* Detailed Pi-Hole Block Page: Show "Website Blocked" if user browses to site, but not to image/file requests based on the work of WaLLy3K for DietPi & Pi-Hole */
+
+$uri = escapeshellcmd($_SERVER['REQUEST_URI']);
+$serverName = escapeshellcmd($_SERVER['SERVER_NAME']);
+
+// Retrieve server URI extension (EG: jpg, exe, php)
+$uriExt = pathinfo($uri, PATHINFO_EXTENSION);
+
+// Define which URL extensions get rendered as "Website Blocked"
+$webExt = array('asp', 'htm', 'html', 'php', 'rss', 'xml');
+
+if(in_array($uriExt, $webExt) || empty($uriExt))
+{
+	// Requested resource has an extension listed in $webExt
+	// or no extension (index access to some folder incl. the root dir)
+	$showPage = true;
+}
+else
+{
+	// Something else
+	$showPage = false;
+}
+
+// Handle incoming URI types
+if (!$showPage)
+{
+?>
+<html>
+<head>
+<script>window.close();</script></head>
+<body>
+<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7">
+</body>
+</html>
+<?php
+	die();
+}
+
+// Get Pi-Hole version
+$piHoleVersion = exec('cd /etc/.pihole/ && git describe --tags --abbrev=0');
+
+// Don't show the URI if it is the root directory
+if($uri == "/")
+{
+	$uri = "";
+}
+
+?>
+<!DOCTYPE html>
+<head>
+	<meta charset='UTF-8'/>
+	<title>Website Blocked</title>
+	<link rel='stylesheet' href='http://pi.hole/pihole/blockingpage.css'/>
+	<link rel='shortcut icon' href='http://pi.hole/admin/img/favicon.png' type='image/png'/>
+	<meta name='viewport' content='width=device-width,initial-scale=1.0,maximum-scale=1.0, user-scalable=no'/>
+	<meta name='robots' content='noindex,nofollow'/>
+</head>
+<body id="body">
+<header>
+	<h1><a href='/'>Website Blocked</a></h1>
+</header>
+<main>
+	<div>Access to the following site has been blocked:<br/>
+	<span class='pre msg'><?php echo $serverName.$uri; ?></span></div>
+	<div>If you have an ongoing use for this website, please ask the owner of the Pi-hole in your network to have it whitelisted.</div>
+	<input id="domain" type="hidden" value="<?php echo $serverName; ?>">
+	<input id="quiet" type="hidden" value="yes">
+	<button id="btnSearch" class="buttons blocked" type="button" style="visibility: hidden;"></button>
+	This page is blocked because it is explicitly contained within the following block list(s):
+	<pre id="output" style="width: 100%; height: 100%;" hidden="true"></pre><br/>
+	<div class='buttons blocked'>
+		<a class='safe33' href='javascript:history.back()'>Go back</a>
+		<a class='safe33' id="whitelisting">Whitelist this page</a>
+		<a class='safe33' href='javascript:window.close()'>Close window</a>
+	</div>
+		<div style="width: 98%; text-align: center; padding: 10px;" hidden="true" id="whitelistingform">Password required!<br/>
+		<form>
+			<input name="list" type="hidden" value="white"><br/>
+			Domain:<br/>
+			<input name="domain" value="<?php echo $serverName ?>" disabled><br/><br/>
+			Password:<br/>
+			<input type="password" id="pw" name="pw"><br/><br/>
+			<button class="buttons33 safe" id="btnAdd" type="button">Whitelist</button>
+		</form><br/>
+		<pre id="whitelistingoutput" style="width: 100%; height: 100%; padding: 5px;" hidden="true"></pre><br/>
+		</div>
+</main>
+<footer>Generated <?php echo date('D g:i A, M d'); ?> by Pi-hole <?php echo $piHoleVersion; ?></footer>
+<script src="http://pi.hole/admin/scripts/vendor/jquery.min.js"></script>
+<script src="http://pi.hole/admin/scripts/pi-hole/js/queryads.js"></script>
+<script>
+function inIframe () {
+    try {
+        return window.self !== window.top;
+    } catch (e) {
+        return true;
+    }
+}
+
+// Try to detect if page is loaded within iframe
+if(inIframe())
+{
+    // Within iframe
+    // hide content of page
+    $('#body').hide();
+    // remove background
+    document.body.style.backgroundImage = "none";
+}
+else
+{
+    // Query adlists
+    $( "#btnSearch" ).click();
+}
+
+$( "#whitelisting" ).on( "click", function(){ $( "#whitelistingform" ).removeAttr( "hidden" ); });
+
+function add() {
+	var domain = $("#domain");
+	var pw = $("#pw");
+	if(domain.val().length === 0){
+		return;
+	}
+
+	$.ajax({
+		url: "admin/scripts/pi-hole/php/add.php",
+		method: "post",
+		data: {"domain":domain.val(), "list":"white", "pw":pw.val()},
+		success: function(response) {
+			$( "#whitelistingoutput" ).removeAttr( "hidden" );
+			if(response.indexOf("Pi-hole blocking") !== -1)
+			{
+				// Reload page after 5 seconds
+				setTimeout(function(){window.location.reload(1);}, 5000);
+				$( "#whitelistingoutput" ).html("---> Success <---<br/>You may have to flush your DNS cache");
+			}
+			else
+			{
+				$( "#whitelistingoutput" ).html("---> "+response+" <---");
+			}
+
+		},
+		error: function(jqXHR, exception) {
+			$( "#whitelistingoutput" ).removeAttr( "hidden" );
+			$( "#whitelistingoutput" ).html("---> Unknown Error <---");
+		}
+	});
+}
+// Handle enter button for adding domains
+$(document).keypress(function(e) {
+    if(e.which === 13 && $("#pw").is(":focus")) {
+        add();
+    }
+});
+
+// Handle buttons
+$("#btnAdd").on("click", function() {
+    add();
+});
+</script>
+</body>
+</html>

advanced/lighttpd.conf.debian

@@ -21,7 +21,7 @@ server.modules = (
 )
 
 server.document-root        = "/var/www/html"
-server.error-handler-404	= "pihole/index.html"
+server.error-handler-404	= "pihole/index.php"
 server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
 server.errorlog             = "/var/log/lighttpd/error.log"
 server.pid-file             = "/var/run/lighttpd.pid"

advanced/lighttpd.conf.fedora

@@ -22,7 +22,7 @@ server.modules = (
 )
 
 server.document-root        = "/var/www/html"
-server.error-handler-404	= "pihole/index.html"
+server.error-handler-404	= "pihole/index.php"
 server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
 server.errorlog             = "/var/log/lighttpd/error.log"
 server.pid-file             = "/var/run/lighttpd.pid"

advanced/pihole.sudo

@@ -9,4 +9,3 @@
 # the Free Software Foundation, either version 2 of the License, or
 # (at your option) any later version.
 
-www-data ALL=NOPASSWD: /usr/local/bin/pihole

advanced/selinux/pihole.te

@@ -1,87 +0,0 @@
-module pihole 1.0;
-
-require {
-        type var_log_t;
-        type unconfined_t;
-        type init_t;
-        type auditd_t;
-        type syslogd_t;
-        type NetworkManager_t;
-        type mdadm_t;
-        type tuned_t;
-        type avahi_t;
-        type irqbalance_t;
-        type system_dbusd_t;
-        type kernel_t;
-        type httpd_sys_script_t;
-        type systemd_logind_t;
-        type httpd_t;
-        type policykit_t;
-        type dnsmasq_t;
-        type udev_t;
-        type postfix_pickup_t;
-        type sshd_t;
-        type crond_t;
-        type getty_t;
-        type lvm_t;
-        type postfix_qmgr_t;
-        type postfix_master_t;
-        class dir { getattr search };
-        class file { read open setattr };
-}
-
-#============= dnsmasq_t ==============
-allow dnsmasq_t var_log_t:file { open setattr };
-
-#============= httpd_t ==============
-allow httpd_t var_log_t:file { read open };
-
-#============= httpd_sys_script_t (class: dir) ==============
-allow httpd_sys_script_t NetworkManager_t:dir { getattr search };
-allow httpd_sys_script_t auditd_t:dir { getattr search };
-allow httpd_sys_script_t avahi_t:dir { getattr search };
-allow httpd_sys_script_t crond_t:dir { getattr search };
-allow httpd_sys_script_t dnsmasq_t:dir { getattr search };
-allow httpd_sys_script_t getty_t:dir { getattr search };
-allow httpd_sys_script_t httpd_t:dir { getattr search };
-allow httpd_sys_script_t init_t:dir { getattr search };
-allow httpd_sys_script_t irqbalance_t:dir { getattr search };
-allow httpd_sys_script_t kernel_t:dir { getattr search };
-allow httpd_sys_script_t lvm_t:dir { getattr search };
-allow httpd_sys_script_t mdadm_t:dir { getattr search };
-allow httpd_sys_script_t policykit_t:dir { getattr search };
-allow httpd_sys_script_t postfix_master_t:dir { getattr search };
-allow httpd_sys_script_t postfix_pickup_t:dir { getattr search };
-allow httpd_sys_script_t postfix_qmgr_t:dir { getattr search };
-allow httpd_sys_script_t sshd_t:dir { getattr search };
-allow httpd_sys_script_t syslogd_t:dir { getattr search };
-allow httpd_sys_script_t system_dbusd_t:dir { getattr search };
-allow httpd_sys_script_t systemd_logind_t:dir { getattr search };
-allow httpd_sys_script_t tuned_t:dir { getattr search };
-allow httpd_sys_script_t udev_t:dir { getattr search };
-allow httpd_sys_script_t unconfined_t:dir { getattr search };
-
-#============= httpd_sys_script_t (class: file) ==============
-allow httpd_sys_script_t NetworkManager_t:file { read open };
-allow httpd_sys_script_t auditd_t:file { read open };
-allow httpd_sys_script_t avahi_t:file { read open };
-allow httpd_sys_script_t crond_t:file { read open };
-allow httpd_sys_script_t dnsmasq_t:file { read open };
-allow httpd_sys_script_t getty_t:file { read open };
-allow httpd_sys_script_t httpd_t:file { read open };
-allow httpd_sys_script_t init_t:file { read open };
-allow httpd_sys_script_t irqbalance_t:file { read open };
-allow httpd_sys_script_t kernel_t:file { read open };
-allow httpd_sys_script_t lvm_t:file { read open };
-allow httpd_sys_script_t mdadm_t:file { read open };
-allow httpd_sys_script_t policykit_t:file { read open };
-allow httpd_sys_script_t postfix_master_t:file { read open };
-allow httpd_sys_script_t postfix_pickup_t:file { read open };
-allow httpd_sys_script_t postfix_qmgr_t:file { read open };
-allow httpd_sys_script_t sshd_t:file { read open };
-allow httpd_sys_script_t syslogd_t:file { read open };
-allow httpd_sys_script_t system_dbusd_t:file { read open };
-allow httpd_sys_script_t systemd_logind_t:file { read open };
-allow httpd_sys_script_t tuned_t:file { read open };
-allow httpd_sys_script_t udev_t:file { read open };
-allow httpd_sys_script_t unconfined_t:file { read open };

automated install/basic-install.sh

@@ -21,6 +21,7 @@ set -e
 tmpLog=/tmp/pihole-install.log
 instalLogLoc=/etc/pihole/install.log
 setupVars=/etc/pihole/setupVars.conf
+lighttpdConfig=/etc/lighttpd/lighttpd.conf
 
 webInterfaceGitUrl="https://github.com/pi-hole/AdminLTE.git"
 webInterfaceDir="/var/www/html/admin"
@@ -35,8 +36,8 @@ QUERY_LOGGING=true
 
 # Find the rows and columns will default to 80x24 is it can not be detected
 screen_size=$(stty size 2>/dev/null || echo 24 80)
-rows=$(echo $screen_size | awk '{print $1}')
-columns=$(echo $screen_size | awk '{print $2}')
+rows=$(echo "${screen_size}" | awk '{print $1}')
+columns=$(echo "${screen_size}" | awk '{print $2}')
 
 # Divide by two so the dialogs take up half of the screen, which looks nice.
 r=$(( rows / 2 ))
@@ -50,35 +51,12 @@ skipSpaceCheck=false
 reconfigure=false
 runUnattended=false
 
-######## FIRST CHECK ########
-# Must be root to install
-echo ":::"
-if [[ ${EUID} -eq 0 ]]; then
-  echo "::: You are root."
-else
-  echo "::: Script called with non-root privileges. The Pi-hole installs server packages and configures"
-  echo "::: system networking, it requires elevated rights. Please check the contents of the script for"
-  echo "::: any concerns with this requirement. Please be sure to download this script from a trusted source."
-  echo ":::"
-  echo "::: Detecting the presence of the sudo utility for continuation of this install..."
-
-  if [ -x "$(command -v sudo)" ]; then
-    echo "::: Utility sudo located."
-    exec curl -sSL https://install.pi-hole.net | sudo bash "$@"
-    exit $?
-  else
-    echo "::: sudo is needed for the Web interface to run pihole commands.  Please run this script as root and it will be automatically installed."
-    exit 1
-  fi
-fi
-
 # Compatibility
 
-if [[ $(command -v apt-get) ]]; then
+if command -v apt-get &> /dev/null; then
   #Debian Family
   #############################################
   PKG_MANAGER="apt-get"
-  PKG_CACHE="/var/lib/apt/lists/"
   UPDATE_PKG_CACHE="${PKG_MANAGER} update"
   PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install"
   # grep -c will return 1 retVal on 0 matches, block this throwing the set -e with an OR TRUE
@@ -97,35 +75,29 @@ if [[ $(command -v apt-get) ]]; then
   LIGHTTPD_CFG="lighttpd.conf.debian"
   DNSMASQ_USER="dnsmasq"
 
-  package_check_install() {
-    dpkg-query -W -f='${Status}' "${1}" 2>/dev/null | grep -c "ok installed" || ${PKG_INSTALL} "${1}"
-  }
-elif [ $(command -v rpm) ]; then
+elif command -v rpm &> /dev/null; then
   # Fedora Family
-  if [ $(command -v dnf) ]; then
+  if command -v dnf &> /dev/null; then
     PKG_MANAGER="dnf"
   else
     PKG_MANAGER="yum"
   fi
-  PKG_CACHE="/var/cache/${PKG_MANAGER}"
-  UPDATE_PKG_CACHE="${PKG_MANAGER} check-update"
+
+# Fedora and family update cache on every PKG_INSTALL call, no need for a separate update.
+  UPDATE_PKG_CACHE=":"
   PKG_INSTALL="${PKG_MANAGER} install -y"
   PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l"
   INSTALLER_DEPS=(git iproute net-tools newt procps-ng)
-  PIHOLE_DEPS=(bc bind-utils cronie curl dnsmasq epel-release findutils lighttpd lighttpd-fastcgi nmap-ncat php php-common php-cli sudo unzip wget)
+  PIHOLE_DEPS=(bc bind-utils cronie curl dnsmasq findutils lighttpd lighttpd-fastcgi nmap-ncat php php-common php-cli sudo unzip wget)
 
-  if grep -q 'Fedora' /etc/redhat-release; then
-    remove_deps=(epel-release);
-    PIHOLE_DEPS=( ${PIHOLE_DEPS[@]/$remove_deps} );
+  if ! grep -q 'Fedora' /etc/redhat-release; then
+    INSTALLER_DEPS=("${INSTALLER_DEPS[@]}" "epel-release");
   fi
     LIGHTTPD_USER="lighttpd"
     LIGHTTPD_GROUP="lighttpd"
     LIGHTTPD_CFG="lighttpd.conf.fedora"
     DNSMASQ_USER="nobody"
 
-    package_check_install() {
-      rpm -qa | grep ^"${1}"- > /dev/null || ${PKG_INSTALL} "${1}"
-    }
 else
   echo "OS distribution not supported"
   exit
@@ -133,30 +105,51 @@ fi
 
 ####### FUNCTIONS ##########
 is_repo() {
-  # Use git to check if directory is currently under VCS, return the value
+  # Use git to check if directory is currently under VCS, return the value 128
+  # if directory is not a repo. Return 1 if directory does not exist.
   local directory="${1}"
-  git -C "${directory}" status --short &> /dev/null
-  return
+  local curdir
+  local rc
+
+  curdir="${PWD}"
+  if [[ -d "${directory}" ]]; then
+    # git -C is not used here to support git versions older than 1.8.4
+    cd "${directory}"
+    git status --short &> /dev/null || rc=$?
+  else
+    # non-zero return code if directory does not exist
+    rc=1
+  fi
+  cd "${curdir}"
+  return "${rc:-0}"
 }
 
 make_repo() {
   local directory="${1}"
   local remoteRepo="${2}"
-  # Remove the non-repod interface and clone the interface
-  echo -n ":::    Cloning $remoteRepo into $directory..."
-  rm -rf "${directory}"
-  git clone -q --depth 1 "${remoteRepo}" "${directory}" &> /dev/null
+
+  echo -n ":::    Cloning ${remoteRepo} into ${directory}..."
+  # Clean out the directory if it exists for git to clone into
+  if [[ -d "${directory}" ]]; then
+    rm -rf "${directory}"
+  fi
+  git clone -q --depth 1 "${remoteRepo}" "${directory}" &> /dev/null || return $?
   echo " done!"
+  return 0
 }
 
 update_repo() {
   local directory="${1}"
+
   # Pull the latest commits
-  echo -n ":::     Updating repo in $1..."
-  cd "${directory}" || exit 1
-  git stash -q &> /dev/null
-  git pull -q &> /dev/null
-  echo " done!"
+  echo -n ":::    Updating repo in ${1}..."
+  if [[ -d "${directory}" ]]; then
+    cd "${directory}"
+    git stash -q &> /dev/null || true # Okay for stash failure
+    git pull -q &> /dev/null || return $?
+    echo " done!"
+  fi
+  return 0
 }
 
 getGitFiles() {
@@ -167,22 +160,23 @@ getGitFiles() {
   echo ":::"
   echo "::: Checking for existing repository..."
   if is_repo "${directory}"; then
-    update_repo "${directory}"
+    update_repo "${directory}" || return 1
   else
-    make_repo "${directory}" "${remoteRepo}"
+    make_repo "${directory}" "${remoteRepo}" || return 1
   fi
+  return 0
 }
 
 find_IPv4_information() {
   # Find IP used to route to outside world
   IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}')
-  IPV4_ADDRESS=$(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}')
+  IPV4_ADDRESS=$(ip route get 8.8.8.8| awk '{print $7}')
   IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}')
 }
 
 get_available_interfaces() {
-  # Get available interfaces. Consider only getting UP interfaces in the future, and leaving DOWN interfaces out of list.
-  availableInterfaces=$(ip -o link | awk '{print $2}' | grep -v "lo" | cut -d':' -f1 | cut -d'@' -f1)
+  # Get available UP interfaces.
+  availableInterfaces=$(ip -o link | grep "state UP" | awk '{print $2}' | cut -d':' -f1 | cut -d'@' -f1)
 }
 
 welcomeDialogs() {
@@ -241,6 +235,11 @@ chooseInterface() {
   # Loop sentinel variable
   local firstLoop=1
 
+  if [[ $(echo ${availableInterfaces} | wc -l) -eq 1 ]]; then
+      PIHOLE_INTERFACE=${availableInterfaces}
+      return
+  fi
+
   while read -r line; do
     mode="OFF"
     if [[ ${firstLoop} -eq 1 ]]; then
@@ -267,8 +266,11 @@ chooseInterface() {
 
 useIPv6dialog() {
   # Show the IPv6 address used for blocking
-  IPV6_ADDRESS=$(ip -6 route get 2001:4860:4860::8888 | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "src") print $(i+1) }')
-  whiptail --msgbox --backtitle "IPv6..." --title "IPv6 Supported" "$IPV6_ADDRESS will be used to block ads." ${r} ${c}
+  IPV6_ADDRESS=$(ip -6 route get 2001:4860:4860::8888 | grep -v "unreachable" | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "src") print $(i+1) }')
+
+  if [[ ! -z "${IPV6_ADDRESS}" ]]; then
+    whiptail --msgbox --backtitle "IPv6..." --title "IPv6 Supported" "$IPV6_ADDRESS will be used to block ads." ${r} ${c}
+  fi
 }
 
 
@@ -406,7 +408,7 @@ setStaticIPv4() {
         echo "USERCTL=no"
       }> "${IFCFG_FILE}"
       ip addr replace dev "${PIHOLE_INTERFACE}" "${IPV4_ADDRESS}"
-      if [ -x "$(command -v nmcli)" ];then
+      if command -v nmcli &> /dev/null;then
         # Tell NetworkManager to read our new sysconfig file
         nmcli con load "${IFCFG_FILE}" > /dev/null
       fi
@@ -534,7 +536,7 @@ setLogging() {
   local LogChoices
 
   LogToggleCommand=(whiptail --separate-output --radiolist "Do you want to log queries?\n (Disabling will render graphs on the Admin page useless):" ${r} ${c} 6)
-  LogChooseOptions=("On (Reccomended)" "" on
+  LogChooseOptions=("On (Recommended)" "" on
       Off "" off)
   LogChoices=$("${LogToggleCommand[@]}" "${LogChooseOptions[@]}" 2>&1 >/dev/tty) || (echo "::: Cancel selected. Exiting..." && exit 1)
     case ${LogChoices} in
@@ -628,6 +630,7 @@ installScripts() {
   # Install files from local core repository
   if is_repo "${PI_HOLE_LOCAL_REPO}"; then
     cd "${PI_HOLE_LOCAL_REPO}"
+    install -o "${USER}" -Dm755 -d /opt/pihole
     install -o "${USER}" -Dm755 -t /opt/pihole/ gravity.sh
     install -o "${USER}" -Dm755 -t /opt/pihole/ ./advanced/Scripts/*.sh
     install -o "${USER}" -Dm755 -t /opt/pihole/ ./automated\ install/uninstall.sh
@@ -665,7 +668,7 @@ stop_service() {
   # Can softfail, as process may not be installed when this is called
   echo ":::"
   echo -n "::: Stopping ${1} service..."
-  if [ -x "$(command -v systemctl)" ]; then
+  if command -v systemctl &> /dev/null; then
     systemctl stop "${1}" &> /dev/null || true
   else
     service "${1}" stop &> /dev/null || true
@@ -678,7 +681,7 @@ start_service() {
   # This should not fail, it's an error if it does
   echo ":::"
   echo -n "::: Starting ${1} service..."
-  if [ -x "$(command -v systemctl)" ]; then
+  if command -v systemctl &> /dev/null; then
     systemctl restart "${1}" &> /dev/null
   else
     service "${1}" restart &> /dev/null
@@ -690,7 +693,7 @@ enable_service() {
   # Enable service so that it will start with next reboot
   echo ":::"
   echo -n "::: Enabling ${1} service to start on reboot..."
-  if [ -x "$(command -v systemctl)" ]; then
+  if command -v systemctl &> /dev/null; then
     systemctl enable "${1}" &> /dev/null
   else
     update-rc.d "${1}" defaults &> /dev/null
@@ -702,19 +705,13 @@ update_pacakge_cache() {
   #Running apt-get update/upgrade with minimal output can cause some issues with
   #requiring user input (e.g password for phpmyadmin see #218)
 
-  #Check to see if apt-get update has already been run today
-  #it needs to have been run at least once on new installs!
-  timestamp=$(stat -c %Y ${PKG_CACHE})
-  timestampAsDate=$(date -d @"${timestamp}" "+%b %e")
-  today=$(date "+%b %e")
+  #Update package cache on apt based OSes. Do this every time since
+  #it's quick and packages can be updated at any time.
 
-  if [ ! "${today}" == "${timestampAsDate}" ]; then
-    #update package lists
-    echo ":::"
-    echo -n "::: ${PKG_MANAGER} update has not been run today. Running now..."
-    ${UPDATE_PKG_CACHE} &> /dev/null
-    echo " done!"
-  fi
+  echo ":::"
+  echo -n "::: Updating local cache of available packages..."
+  ${UPDATE_PKG_CACHE} &> /dev/null
+  echo " done!"
 }
 
 notify_package_updates_available() {
@@ -725,12 +722,16 @@ notify_package_updates_available() {
   updatesToInstall=$(eval "${PKG_COUNT}")
   echo " done!"
   echo ":::"
-  if [[ ${updatesToInstall} -eq "0" ]]; then
-    echo "::: Your system is up to date! Continuing with Pi-hole installation..."
+  if [[ -d "/lib/modules/$(uname -r)" ]]; then
+    if [[ ${updatesToInstall} -eq "0" ]]; then
+      echo "::: Your system is up to date! Continuing with Pi-hole installation..."
+    else
+      echo "::: There are ${updatesToInstall} updates available for your system!"
+      echo "::: We recommend you update your OS after installing Pi-Hole! "
+      echo ":::"
+    fi
   else
-    echo "::: There are ${updatesToInstall} updates available for your system!"
-    echo "::: We recommend you update your OS after installing Pi-Hole! "
-    echo ":::"
+    echo "::: Kernel update detected, please reboot your system and try again if your installation fails."
   fi
 }
 
@@ -738,16 +739,45 @@ install_dependent_packages() {
   # Install packages passed in via argument array
   # No spinner - conflicts with set -e
   declare -a argArray1=("${!1}")
+  declare -a installArray
 
+  # Debian based package install - debconf will download the entire package list
+  # so we just create an array of packages not currently installed to cut down on the
+  # amount of download traffic.
+  # NOTE: We may be able to use this installArray in the future to create a list of package that were
+  # installed by us, and remove only the installed packages, and not the entire list.
   if command -v debconf-apt-progress &> /dev/null; then
-    debconf-apt-progress -- ${PKG_INSTALL} "${argArray1[@]}"
-  else
     for i in "${argArray1[@]}"; do
       echo -n ":::    Checking for $i..."
-      package_check_install "${i}" &> /dev/null
-      echo " installed!"
+      if dpkg-query -W -f='${Status}' "${i}" 2>/dev/null | grep "ok installed" &> /dev/null; then
+        echo " installed!"
+      else
+        echo " added to install list!"
+        installArray+=("${i}")
+      fi
     done
+    if [[ ${#installArray[@]} -gt 0 ]]; then
+      debconf-apt-progress -- ${PKG_INSTALL} "${installArray[@]}"
+      return
+    fi
+      return 0
   fi
+
+  #Fedora/CentOS
+  for i in "${argArray1[@]}"; do
+    echo -n ":::    Checking for $i..."
+    if ${PKG_MANAGER} -q list installed "${i}" &> /dev/null; then
+      echo " installed!"
+    else
+      echo " added to install list!"
+      installArray+=("${i}")
+    fi
+  done
+    if [[ ${#installArray[@]} -gt 0 ]]; then
+      ${PKG_INSTALL} "${installArray[@]}" &> /dev/null
+      return
+    fi
+    return 0
 }
 
 CreateLogFile() {
@@ -769,11 +799,11 @@ installPiholeWeb() {
   echo ":::"
   echo "::: Installing pihole custom index page..."
   if [ -d "/var/www/html/pihole" ]; then
-    if [ -f "/var/www/html/pihole/index.html" ]; then
-      echo ":::     Existing index.html detected, not overwriting"
+    if [ -f "/var/www/html/pihole/index.php" ]; then
+      echo ":::     Existing index.php detected, not overwriting"
     else
-      echo -n ":::     index.html missing, replacing... "
-      cp /etc/.pihole/advanced/index.html /var/www/html/pihole/
+      echo -n ":::     index.php missing, replacing... "
+      cp /etc/.pihole/advanced/index.php /var/www/html/pihole/
       echo " done!"
     fi
 
@@ -785,6 +815,14 @@ installPiholeWeb() {
       echo " done!"
     fi
 
+    if [ -f "/var/www/html/pihole/blockingpage.css" ]; then
+      echo ":::     Existing blockingpage.css detected, not overwriting"
+    else
+      echo -n ":::     index.css missing, replacing... "
+      cp /etc/.pihole/advanced/blockingpage.css /var/www/html/pihole
+      echo " done!"
+    fi
+
   else
     mkdir /var/www/html/pihole
     if [ -f /var/www/html/index.lighttpd.html ]; then
@@ -800,6 +838,15 @@ installPiholeWeb() {
   echo -n "::: Installing sudoer file..."
   mkdir -p /etc/sudoers.d/
   cp /etc/.pihole/advanced/pihole.sudo /etc/sudoers.d/pihole
+  # Add lighttpd user (OS dependent) to sudoers file
+  echo "${LIGHTTPD_USER} ALL=NOPASSWD: /usr/local/bin/pihole" >> /etc/sudoers.d/pihole
+
+  if [[ "$LIGHTTPD_USER" == "lighttpd" ]]; then
+    # Allow executing pihole via sudo with Fedora
+    # Usually /usr/local/bin is not permitted as directory for sudoable programms
+    echo "Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin" >> /etc/sudoers.d/pihole
+  fi
+
   chmod 0440 /etc/sudoers.d/pihole
   echo " done!"
 }
@@ -820,8 +867,12 @@ runGravity() {
     echo "::: Cleaning up previous install (preserving whitelist/blacklist)"
     rm /etc/pihole/list.*
   fi
+  # Test if /etc/pihole/adlists.default exists
+  if [[ ! -e /etc/pihole/adlists.default ]]; then
+    cp /etc/.pihole/adlists.default /etc/pihole/adlists.default
+  fi
   echo "::: Running gravity.sh"
-  /opt/pihole/gravity.sh
+  { /opt/pihole/gravity.sh; }
 }
 
 create_pihole_user() {
@@ -832,16 +883,23 @@ create_pihole_user() {
 
 configureFirewall() {
   # Allow HTTP and DNS traffic
-  if [ -x "$(command -v firewall-cmd)" ]; then
-    firewall-cmd --state &> /dev/null && ( echo "::: Configuring firewalld for httpd and dnsmasq.." && firewall-cmd --permanent --add-port=80/tcp && firewall-cmd --permanent --add-port=53/tcp \
-    && firewall-cmd --permanent --add-port=53/udp && firewall-cmd --reload) || echo "::: FirewallD not enabled"
-  elif [ -x "$(command -v iptables)" ]; then
-    echo "::: Configuring iptables for httpd and dnsmasq.."
-    iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-    iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-    iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
+  if firewall-cmd --state &> /dev/null; then
+    echo "::: Configuring FirewallD for httpd and dnsmasq.."
+    firewall-cmd --permanent --add-port=80/tcp --add-port=53/tcp --add-port=53/udp
+    firewall-cmd --reload
+  # Check for proper kernel modules to prevent failure
+  elif modinfo ip_tables &> /dev/null; then
+    # If chain Policy is not ACCEPT or last Rule is not ACCEPT
+    # then check and insert our Rules above the DROP/REJECT Rule.
+    if iptables -S INPUT | head -n1 | grep -qv '^-P.*ACCEPT$' || iptables -S INPUT | tail -n1 | grep -qv '^-\(A\|P\).*ACCEPT$'; then
+      # Check chain first, otherwise a new rule will duplicate old ones
+      echo "::: Configuring iptables for httpd and dnsmasq.."
+      iptables -C INPUT -p tcp -m tcp --dport 80 -j ACCEPT &> /dev/null || iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT
+      iptables -C INPUT -p tcp -m tcp --dport 53 -j ACCEPT &> /dev/null || iptables -I INPUT 1 -p tcp -m tcp --dport 53 -j ACCEPT
+      iptables -C INPUT -p udp -m udp --dport 53 -j ACCEPT &> /dev/null || iptables -I INPUT 1 -p udp -m udp --dport 53 -j ACCEPT
+    fi
   else
-    echo "::: No firewall detected.. skipping firewall configuration."
+    echo "::: No active firewall detected.. skipping firewall configuration."
   fi
 }
 
@@ -858,6 +916,18 @@ finalExports() {
   echo "PIHOLE_DNS_2=${PIHOLE_DNS_2}"
   echo "QUERY_LOGGING=${QUERY_LOGGING}"
     }>> "${setupVars}"
+
+  # Look for DNS server settings which would have to be reapplied
+  source "${setupVars}"
+  source "/etc/.pihole/advanced/Scripts/webpage.sh"
+
+  if [[ "${DNS_FQDN_REQUIRED}" != "" ]] ; then
+    ProcessDNSSettings
+  fi
+
+  if [[ "${DHCP_ACTIVE}" != "" ]] ; then
+    ProcessDHCPSettings
+  fi
 }
 
 installPihole() {
@@ -877,7 +947,6 @@ installPihole() {
   installScripts
   installConfigs
   CreateLogFile
-  configureSelinux
   installPiholeWeb
   installCron
   configureFirewall
@@ -908,7 +977,6 @@ updatePihole() {
   installScripts
   installConfigs
   CreateLogFile
-  configureSelinux
   installPiholeWeb
   installCron
   configureFirewall
@@ -916,50 +984,41 @@ updatePihole() {
   runGravity
 }
 
-configureSelinux() {
-  if [ -x "$(command -v getenforce)" ]; then
-    printf "\n::: SELinux Detected\n"
-    printf ":::\tChecking for SELinux policy development packages..."
-    package_check_install "selinux-policy-devel" > /dev/null
-    echo " installed!"
-    printf ":::\tEnabling httpd server side includes (SSI).. "
-    setsebool -P httpd_ssi_exec on &> /dev/null && echo "Success" || echo "SELinux not enabled"
-    printf "\n:::\tCompiling Pi-Hole SELinux policy..\n"
-    if ! [ -x "$(command -v systemctl)" ]; then
-      sed -i.bak '/systemd/d' /etc/.pihole/advanced/selinux/pihole.te
+
+
+checkSelinux() {
+  if command -v getenforce &> /dev/null; then
+    echo ":::"
+    echo -n "::: SELinux Support Detected... Mode: "
+    enforceMode=$(getenforce)
+    echo "${enforceMode}"
+    if [[ "${enforceMode}" == "Enforcing" ]]; then
+      if (whiptail --title "SELinux Enforcing Detected" --yesno "SELinux is being Enforced on your system!\n\nPi-hole currently does not support SELinux, but you may still continue with the installation.\n\nNote: Admin UI Will not function fully without setting your policies correctly\n\nContinue installing Pi-hole?" ${r} ${c}); then
+          echo ":::"
+          echo "::: Continuing installation with SELinux Enforcing."
+          echo "::: Please refer to official SELinux documentation to create a custom policy."
+      else
+          echo ":::"
+          echo "::: Not continuing install after SELinux Enforcing detected."
+          exit 1
+      fi
     fi
-    checkmodule -M -m -o /etc/pihole/pihole.mod /etc/.pihole/advanced/selinux/pihole.te
-    semodule_package -o /etc/pihole/pihole.pp -m /etc/pihole/pihole.mod
-    semodule -i /etc/pihole/pihole.pp
-    rm -f /etc/pihole/pihole.mod
-    semodule -l | grep pihole &> /dev/null && echo "::: Installed Pi-Hole SELinux policy" || echo "::: Warning: Pi-Hole SELinux policy did not install."
   fi
 }
 
 displayFinalMessage() {
-  if (( ${#1} > 0 )) ; then
   # Final completion message to user
   whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Configure your devices to use the Pi-hole as their DNS server using:
 
 IPv4:	${IPV4_ADDRESS%/*}
-IPv6:	${IPV6_ADDRESS}
+IPv6:	${IPV6_ADDRESS:-"Not Configured"}
 
 If you set a new IP address, you should restart the Pi.
 
 The install log is in /etc/pihole.
 View the web interface at http://pi.hole/admin or http://${IPV4_ADDRESS%/*}/admin
-The currently set password is ${1}" ${r} ${c}
-  else
-  whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Configure your devices to use the Pi-hole as their DNS server using:
 
-IPv4:	${IPV4_ADDRESS%/*}
-IPv6:	${IPV6_ADDRESS}
-
-If you set a new IP address, you should restart the Pi.
-
-The install log is in /etc/pihole.
-View the web interface at http://pi.hole/admin or http://${IPV4_ADDRESS%/*}/admin" ${r} ${c}
-  fi
+Your Admin Webpage login password is ${1:-"NOT SET"}" ${r} ${c}
 }
 
 update_dialogs() {
@@ -998,7 +1057,30 @@ update_dialogs() {
 }
 
 main() {
-# Check arguments for the undocumented flags
+
+  ######## FIRST CHECK ########
+  # Must be root to install
+  echo ":::"
+  if [[ ${EUID} -eq 0 ]]; then
+    echo "::: You are root."
+  else
+    echo "::: Script called with non-root privileges. The Pi-hole installs server packages and configures"
+    echo "::: system networking, it requires elevated rights. Please check the contents of the script for"
+    echo "::: any concerns with this requirement. Please be sure to download this script from a trusted source."
+    echo ":::"
+    echo "::: Detecting the presence of the sudo utility for continuation of this install..."
+
+    if command -v sudo &> /dev/null; then
+      echo "::: Utility sudo located."
+      exec curl -sSL https://install.pi-hole.net | sudo bash "$@"
+      exit $?
+    else
+      echo "::: sudo is needed for the Web interface to run pihole commands.  Please run this script as root and it will be automatically installed."
+      exit 1
+    fi
+  fi
+
+  # Check arguments for the undocumented flags
   for var in "$@"; do
     case "$var" in
       "--reconfigure"  ) reconfigure=true;;
@@ -1033,12 +1115,21 @@ main() {
   # Install packages used by this installation script
   install_dependent_packages INSTALLER_DEPS[@]
 
+   # Check if SELinux is Enforcing
+  checkSelinux
+
   if [[ "${reconfigure}" == true ]]; then
     echo "::: --reconfigure passed to install script. Not downloading/updating local repos"
   else
     # Get Git files for Core and Admin
-    getGitFiles ${PI_HOLE_LOCAL_REPO} ${piholeGitUrl}
-    getGitFiles ${webInterfaceDir} ${webInterfaceGitUrl}
+    getGitFiles ${PI_HOLE_LOCAL_REPO} ${piholeGitUrl} || \
+      { echo "!!! Unable to clone ${piholeGitUrl} into ${PI_HOLE_LOCAL_REPO}, unable to continue."; \
+        exit 1; \
+      }
+    getGitFiles ${webInterfaceDir} ${webInterfaceGitUrl} || \
+      { echo "!!! Unable to clone ${webInterfaceGitUrl} into ${webInterfaceDir}, unable to continue."; \
+        exit 1; \
+      }
   fi
 
   if [[ ${useUpdateVars} == false ]]; then
@@ -1053,10 +1144,10 @@ main() {
     get_available_interfaces
     # Find interfaces and let the user choose one
     chooseInterface
-    # Let the user decide if they want to block ads over IPv4 and/or IPv6
-    use4andor6
     # Decide what upstream DNS Servers to use
     setDNS
+    # Let the user decide if they want to block ads over IPv4 and/or IPv6
+    use4andor6
     # Let the user decide if they want query logging enabled...
     setLogging
 

gravity.sh

@@ -104,16 +104,30 @@ gravity_collapse() {
 # patternCheck - check to see if curl downloaded any new files.
 gravity_patternCheck() {
 	patternBuffer=$1
-	# check if the patternbuffer is a non-zero length file
-	if [[ -s "${patternBuffer}" ]]; then
-		# Some of the blocklists are copyright, they need to be downloaded
-		# and stored as is. They can be processed for content after they
-		# have been saved.
-		mv "${patternBuffer}" "${saveLocation}"
-		echo " List updated, transport successful!"
+	success=$2
+	error=$3
+	if [ $success = true ]; then
+		# check if download was successful but list has not been modified
+		if [ "${error}" == "304" ]; then
+			echo ":::   No changes detected, transport skipped!"
+		# check if the patternbuffer is a non-zero length file
+		elif [[ -s "${patternBuffer}" ]]; then
+			# Some of the blocklists are copyright, they need to be downloaded
+			# and stored as is. They can be processed for content after they
+			# have been saved.
+			mv "${patternBuffer}" "${saveLocation}"
+			echo ":::   List updated, transport successful!"
+		else
+			# Empty file -> use previously downloaded list
+			echo ":::   Received empty file, using cached one (list not updated!)"
+		fi
 	else
-		# curl didn't download any host files, probably because of the date check
-		echo " No changes detected, transport skipped!"
+		# check if cached list exists
+		if [[ -r "${saveLocation}" ]]; then
+			echo ":::   List download failed, using cached list (list not updated!)"
+		else
+			echo ":::   Download failed and no cached list available (list will not be considered)"
+		fi
 	fi
 }
 
@@ -132,9 +146,27 @@ gravity_transport() {
 	fi
 
 	# Silently curl url
-	curl -s -L ${cmd_ext} ${heisenbergCompensator} -A "${agent}" ${url} > ${patternBuffer}
-	# Check for list updates
-	gravity_patternCheck "${patternBuffer}"
+	err=$(curl -s -L ${cmd_ext} ${heisenbergCompensator} -w %{http_code} -A "${agent}" ${url} -o ${patternBuffer})
+
+	echo " done"
+	# Analyze http response
+	echo -n ":::   Status: "
+	case "$err" in
+		"200"  ) echo "Success (OK)"; success=true;;
+		"304"  ) echo "Not modified"; success=true;;
+		"403"  ) echo "Forbidden"; success=false;;
+		"404"  ) echo "Not found"; success=false;;
+		"408"  ) echo "Time-out"; success=false;;
+		"451"  ) echo "Unavailable For Legal Reasons"; success=false;;
+		"521"  ) echo "Web Server Is Down (Cloudflare)"; success=false;;
+		"522"  ) echo "Connection Timed Out (Cloudflare)"; success=false;;
+		"500"  ) echo "Internal Server Error"; success=false;;
+		*      ) echo "Status $err"; success=false;;
+	esac
+
+	# Process result
+	gravity_patternCheck "${patternBuffer}" ${success} "${err}"
+
 }
 
 # spinup - main gravity function
@@ -181,7 +213,10 @@ gravity_Schwarzchild() {
 	echo -n "::: Aggregating list of domains..."
 	truncate -s 0 ${piholeDir}/${matterAndLight}
 	for i in "${activeDomains[@]}"; do
-		cat "${i}" | tr -d '\r' >> ${piholeDir}/${matterAndLight}
+		# Only assimilate list if it is available (download might have faild permanently)
+		if [[ -r "${i}" ]]; then
+			cat "${i}" | tr -d '\r' >> ${piholeDir}/${matterAndLight}
+		fi
 	done
 	echo " done!"
 }
@@ -353,7 +388,7 @@ if [[ "${forceGrav}" == true ]]; then
 fi
 
 #Overwrite adlists.default from /etc/.pihole in case any changes have been made. Changes should be saved in /etc/adlists.list
-cp /etc/.pihole/adlists.default /etc/pihole/adlists.default
+#cp /etc/.pihole/adlists.default /etc/pihole/adlists.default
 gravity_collapse
 gravity_spinup
 if [[ "${skipDownload}" == false ]]; then

pihole

@@ -23,7 +23,8 @@ if [[ ! $EUID -eq 0 ]];then
 fi
 
 webpageFunc() {
-  /opt/pihole/webpage.sh "$@"
+  source /opt/pihole/webpage.sh
+  main "$@"
   exit 0
 }
 
@@ -72,9 +73,9 @@ scanList(){
   list="${2}"
   method="${3}"
   if [[ ${method} == "-exact" ]] ; then
-    grep -E "(^|\s)${domain}($|\s)" "${list}"
+    grep -i -E "(^|\s)${domain}($|\s)" "${list}"
   else
-    grep "${domain}" "${list}"
+    grep -i "${domain}" "${list}"
   fi
 }
 
@@ -185,6 +186,19 @@ piholeLogging() {
 }
 
 piholeStatus() {
+  if [[ $(netstat -plnt | grep -c ':53 ') > 0 ]]; then
+    if [[ "${1}" != "web" ]] ; then
+      echo "::: DNS service is running"
+    fi
+  else
+    if [[ "${1}" == "web" ]] ; then
+      echo "-1";
+    else
+      echo "::: DNS service is NOT running"
+    fi
+    return
+  fi
+
   if [[ $(grep -i "^#addn-hosts=/" /etc/dnsmasq.d/01-pihole.conf) ]] ; then
     #list is commented out
     if [[ "${1}" == "web" ]] ; then

test/test_automated_install.py

@@ -71,13 +71,11 @@ def test_configureFirewall_firewalld_no_errors(Pihole):
     source /opt/pihole/basic-install.sh
     configureFirewall
     ''')
-    expected_stdout = '::: Configuring firewalld for httpd and dnsmasq.'
+    expected_stdout = '::: Configuring FirewallD for httpd and dnsmasq.'
     assert expected_stdout in configureFirewall.stdout
     firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout
     assert 'firewall-cmd --state' in firewall_calls
-    assert 'firewall-cmd --permanent --add-port=80/tcp' in firewall_calls
-    assert 'firewall-cmd --permanent --add-port=53/tcp' in firewall_calls
-    assert 'firewall-cmd --permanent --add-port=53/udp' in firewall_calls
+    assert 'firewall-cmd --permanent --add-port=80/tcp --add-port=53/tcp --add-port=53/udp' in firewall_calls
     assert 'firewall-cmd --reload' in firewall_calls