Merge pull request #1158 from pi-hole/development

[RELEASE] Pi-hole Core 2.12
Merge pull request #1178 from pi-hole/fix/validation
2017-01-28 19:19:18 -05:00 · 2017-01-28 22:14:02 +01:00 · 2017-01-28 21:49:31 +01:00 · 2017-01-28 21:48:19 +01:00 · 2017-01-28 10:40:31 -08:00 · 2017-01-27 22:06:48 -08:00
22 changed files with 1457 additions and 635 deletions
--- a/.idea/codeStyleSettings.xml
+++ b/.idea/codeStyleSettings.xml
@@ -15,8 +15,11 @@
            <option name="USE_RELATIVE_INDENTS" value="false" />
          </value>
        </option>
+        <MarkdownNavigatorCodeStyleSettings>
+          <option name="RIGHT_MARGIN" value="72" />
+        </MarkdownNavigatorCodeStyleSettings>
      </value>
    </option>
    <option name="USE_PER_PROJECT_SETTINGS" value="true" />
  </component>
-</project>
+</project>
--- a/README.md
+++ b/README.md
@@ -42,7 +42,7 @@ _If you wish to read over the script before running it, run `nano basic-install.

 ```
 git clone --depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole
-cd Pi-hole/automated_installer/
+cd Pi-hole/automated\ install/
 bash basic-install.sh
 ```

@@ -55,17 +55,11 @@ bash basic-install.sh

 Once installed, [configure your router to have **DHCP clients use the Pi as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) and then any device that connects to your network will have ads blocked without any further configuration. Alternatively, you can manually set each device to [use the Raspberry Pi as its DNS server](http://pi-hole.net/faq/how-do-i-use-the-pi-hole-as-my-dns-server/).

-## Installing the Pi-hole (Click to Watch!)
+## What is Pi-hole and how do I install it?
 <p align="center">
-<a href=https://www.youtube.com/watch?v=TzFLJqUeirA><img src="https://assets.pi-hole.net/static/global.png"></a>
+<a href=https://www.youtube.com/watch?v=vKWjx1AQYgs><img src="https://assets.pi-hole.net/static/global.png"></a>
 </p>

-## Would you like to know more?
-
-**Watch the 60-second video below to get a quick overview**
-<p align="center">
-<a href=https://youtu.be/9Eti3xibiho><img src="https://assets.pi-hole.net/static/blackhole_web.png"></a>
-</p>

 ## Get Help Or Connect With Us On The Web

@@ -101,7 +95,7 @@ The [Web interface](https://github.com/pi-hole/AdminLTE#pi-hole-admin-dashboard)

 ### Whitelist and blacklist

-Domains can be whitelisted and blacklisted using either the web interface or the command line. See [the wiki page](https://github.com/pi-hole/pi-hole/wiki/Whitelisting-and-Blacklisting) for more details 
+Domains can be whitelisted and blacklisted using either the web interface or the command line. See [the wiki page](https://github.com/pi-hole/pi-hole/wiki/Whitelisting-and-Blacklisting) for more details
 <p align="center">
 <a href=https://github.com/pi-hole/pi-hole/wiki/Whitelisting-and-Blacklisting><img src="https://assets.pi-hole.net/static/controlpanel.png"></a>
 </p>
@@ -128,7 +122,7 @@ You can view [real-time stats](http://pi-hole.net/faq/install-the-real-time-lcd-
 ## Pi-hole Projects

 -   [Pi-hole stats in your Mac's menu bar](https://getbitbar.com/plugins/Network/pi-hole.1m.py)
-   [Get LED alerts for each blocked ad](http://www.stinebaugh.info/get-led-alerts-for-each-blocked-ad-using-pi-hole/)
+-   [Get LED alerts for each blocked ad](http://thetimmy.silvernight.org/pages/endisbutton/)
 -   [Pi-hole on Ubuntu 14.04 on VirtualBox](http://hbalagtas.blogspot.com/2016/02/adblocking-with-pi-hole-and-ubuntu-1404.html)
 -   [Docker Pi-hole container (x86 and ARM)](https://hub.docker.com/r/diginc/pi-hole/)
 -   [Splunk: Pi-hole Visualizser](https://splunkbase.splunk.com/app/3023/)
--- a/adlists.default
+++ b/adlists.default
@@ -37,7 +37,7 @@ https://hosts-file.net/ad_servers.txt
 #http://securemecca.com/Downloads/hosts.txt

 # Quidsup's tracker list
-https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt
+#https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt

 # Block the BBC News website Breaking News banner
 #https://raw.githubusercontent.com/BreakingTheNews/BreakingTheNews.github.io/master/hosts
--- a/advanced/Scripts/chronometer.sh
+++ b/advanced/Scripts/chronometer.sh
@@ -17,56 +17,21 @@ gravity="/etc/pihole/gravity.list"

 . /etc/pihole/setupVars.conf

-CalcBlockedDomains() {
-	if [ -e "${gravity}" ]; then
-		# if BOTH IPV4 and IPV6 are in use, then we need to divide total domains by 2.
-		if [[ -n "${IPV4_ADDRESS}" && -n "${IPV6_ADDRESS}" ]]; then
-			blockedDomainsTotal=$(wc -l /etc/pihole/gravity.list | awk '{print $1/2}')
-		else
-			# only one is set.
-			blockedDomainsTotal=$(wc -l /etc/pihole/gravity.list | awk '{print $1}')
-		fi
-	else
-		blockedDomainsTotal="Err."
-	fi
-}
-
-CalcQueriesToday() {
-	if [ -e "${piLog}" ]; then
-		queriesToday=$(awk '/query\[/ {print $6}' < "${piLog}" | wc -l)
-	else
-		queriesToday="Err."
-	fi
-}
-
-CalcblockedToday() {
-	if [ -e "${piLog}" ] && [ -e "${gravity}" ];then
-		blockedToday=$(awk '/\/etc\/pihole\/gravity.list/ && !/address/ {print $6}' < "${piLog}" | wc -l)
-	else
-		blockedToday="Err."
-	fi
-}
-
-CalcPercentBlockedToday() {
-	if [ "${queriesToday}" != "Err." ] && [ "${blockedToday}" != "Err." ]; then
-		if [ "${queriesToday}" != 0 ]; then #Fixes divide by zero error :)
-			#scale 2 rounds the number down, so we'll do scale 4 and then trim the last 2 zeros
-			percentBlockedToday=$(echo "scale=4; ${blockedToday}/${queriesToday}*100" | bc)
-			percentBlockedToday=$(sed 's/.\{2\}$//' <<< "${percentBlockedToday}")
-		else
-			percentBlockedToday=0
-		fi
-	fi
+# Borrowed/modified from https://gist.github.com/cjus/1047794
+function GetJSONValue {
+    retVal=$(echo $1 | sed 's/\\\\\//\//g' | \
+                       sed 's/[{}]//g' | \
+                       awk -v k="text" '{n=split($0,a,","); for (i=1; i<=n; i++) print a[i]}' | \
+                       sed 's/\"\:\"/\|/g' | \
+                       sed 's/[\,]/ /g' | \
+                       sed 's/\"//g' | \
+                       grep -w $2)
+    echo ${retVal##*|}
 }

 outputJSON() {
-	CalcQueriesToday
-	CalcblockedToday
-	CalcPercentBlockedToday
-
-	CalcBlockedDomains
-
-	printf '{"domains_being_blocked":"%s","dns_queries_today":"%s","ads_blocked_today":"%s","ads_percentage_today":"%s"}\n' "$blockedDomainsTotal" "$queriesToday" "$blockedToday" "$percentBlockedToday"
+	json=$(curl -s -X GET http://127.0.0.1/admin/api.php?summaryRaw)
+	echo ${json}
 }

 normalChrono() {
@@ -87,22 +52,17 @@ normalChrono() {
 		# Uncomment to continually read the log file and display the current domain being blocked
 		#tail -f /var/log/pihole.log | awk '/\/etc\/pihole\/gravity.list/ {if ($7 != "address" && $7 != "name" && $7 != "/etc/pihole/gravity.list") print $7; else;}'

-		#uncomment next 4 lines to use original query count calculation
-		#today=$(date "+%b %e")
-		#todaysQueryCount=$(cat /var/log/pihole.log | grep "$today" | awk '/query/ {print $7}' | wc -l)
-		#todaysQueryCountV4=$(cat /var/log/pihole.log | grep "$today" | awk '/query/ && /\[A\]/ {print $7}' | wc -l)
-		#todaysQueryCountV6=$(cat /var/log/pihole.log | grep "$today" | awk '/query/ && /\[AAAA\]/ {print $7}' | wc -l)
+		json=$(curl -s -X GET http://127.0.0.1/admin/api.php?summaryRaw)

+    domains=$(printf "%'.f" $(GetJSONValue ${json} "domains_being_blocked")) #add commas in
+    queries=$(printf "%'.f" $(GetJSONValue ${json} "dns_queries_today"))
+    blocked=$(printf "%'.f" $(GetJSONValue ${json} "ads_blocked_today"))
+    LC_NUMERIC=C percentage=$(printf "%0.2f\n" $(GetJSONValue ${json} "ads_percentage_today")) #2 decimal places

-		CalcQueriesToday
-		CalcblockedToday
-		CalcPercentBlockedToday
+		echo "Blocking:      ${domains}"
+		echo "Queries:       ${queries}"

-		CalcBlockedDomains
-
-		echo "Blocking:      ${blockedDomainsTotal}"
-		echo "Queries:       ${queriesToday}" #same total calculation as dashboard
-		echo "Pi-holed:      ${blockedToday} (${percentBlockedToday}%)"
+		echo "Pi-holed:      ${blocked} (${percentage}%)"

 		sleep 5
 	done
--- a/advanced/Scripts/list.sh
+++ b/advanced/Scripts/list.sh
@@ -15,6 +15,7 @@ basename=pihole
 piholeDir=/etc/${basename}
 whitelist=${piholeDir}/whitelist.txt
 blacklist=${piholeDir}/blacklist.txt
+readonly wildcardlist="/etc/dnsmasq.d/03-pihole-wildcard.conf"
 reload=false
 addmode=true
 verbose=true
@@ -47,13 +48,17 @@ helpFunc() {
 :::  -h, --help				Show this help dialog
 :::  -l, --list				Display your ${word}listed domains
 EOM
+if [[ "${letter}" == "b" ]]; then
+	echo ":::  -wild, --wildcard		Add whitecard entry (only blacklist)"
+fi
 	exit 0
 }

 EscapeRegexp() {
    # This way we may safely insert an arbitrary
    # string in our regular expressions
-    echo $* | sed "s/[]\\.|$(){}?+*^]/\\\\&/g" | sed "s/\\//\\\\\//g"
+    # Also remove leading "." if present
+    echo $* | sed 's/^\.*//' | sed "s/[]\.|$(){}?+*^]/\\\\&/g" | sed "s/\\//\\\\\//g"
 }

 HandleOther(){
@@ -61,7 +66,7 @@ HandleOther(){
 	domain=$(sed -e "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/" <<< "$1")

 	#check validity of domain
-	validDomain=$(perl -ne "print if /\b((?=[a-z0-9-]{1,63}\.)(xn--)?[a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,63}\b/" <<< "$domain")
+	validDomain=$(echo "${domain}" | perl -lne 'print if /^(?!.*[^a-z0-9-\.].*)\b((?=[a-z0-9-]{1,63}\.)(xn--)?[a-z0-9]+(-[a-z0-9]+)*\.)*[a-z]{2,63}\b/')
 	if [ -z "${validDomain}" ]; then
 		echo "::: $1 is not a valid argument or domain name"
 	else
@@ -89,22 +94,51 @@ AddDomain() {
 	list="$2"
    domain=$(EscapeRegexp "$1")

-	bool=true
-	#Is the domain in the list we want to add it to?
-	grep -Ex -q "${domain}" ${list} > /dev/null 2>&1 || bool=false
+    if [[ "${list}" == "${whitelist}" || "${list}" == "${blacklist}" ]]; then

-	if [[ "${bool}" == false ]]; then
-	  #domain not found in the whitelist file, add it!
-	  if [[ "${verbose}" == true ]]; then
-		echo "::: Adding $1 to $list..."
-	  fi
-	  reload=true
-	  # Add it to the list we want to add it to
-	  echo "$1" >> ${list}
-	else
-        if [[ "${verbose}" == true ]]; then
-            echo "::: ${1} already exists in ${list}, no need to add!"
-        fi
+		bool=true
+		#Is the domain in the list we want to add it to?
+		grep -Ex -q "${domain}" "${list}" > /dev/null 2>&1 || bool=false
+
+		if [[ "${bool}" == false ]]; then
+		  #domain not found in the whitelist file, add it!
+		  if [[ "${verbose}" == true ]]; then
+			echo "::: Adding $1 to $list..."
+		  fi
+		  reload=true
+		  # Add it to the list we want to add it to
+		  echo "$1" >> "${list}"
+		else
+	        if [[ "${verbose}" == true ]]; then
+	            echo "::: ${1} already exists in ${list}, no need to add!"
+	        fi
+		fi
+
+	elif [[ "${list}" == "${wildcardlist}" ]]; then
+
+		source "${piholeDir}/setupVars.conf"
+		#Remove the /* from the end of the IPv4addr.
+		IPV4_ADDRESS=${IPV4_ADDRESS%/*}
+		IPV6_ADDRESS=${IPV6_ADDRESS}
+
+		bool=true
+		#Is the domain in the list?
+		grep -e "address=\/${domain}\/" "${wildcardlist}" > /dev/null 2>&1 || bool=false
+
+		if [[ "${bool}" == false ]]; then
+		  if [[ "${verbose}" == true ]]; then
+			echo "::: Adding $1 to wildcard blacklist..."
+		  fi
+		  reload=true
+		  echo "address=/$1/${IPV4_ADDRESS}" >> "${wildcardlist}"
+		  if [[ ${#IPV6_ADDRESS} > 0 ]] ; then
+		    echo "address=/$1/${IPV6_ADDRESS}" >> "${wildcardlist}"
+		  fi
+		else
+	        if [[ "${verbose}" == true ]]; then
+	            echo "::: ${1} already exists in wildcard blacklist, no need to add!"
+	        fi
+		fi
 	fi
 }

@@ -112,18 +146,38 @@ RemoveDomain() {
    list="$2"
    domain=$(EscapeRegexp "$1")

-    bool=true
-    #Is it in the list? Logic follows that if its whitelisted it should not be blacklisted and vice versa
-    grep -Ex -q "${domain}" ${list} > /dev/null 2>&1 || bool=false
-    if [[ "${bool}" == true ]]; then
-        # Remove it from the other one
-        echo "::: Removing $1 from $list..."
-        # /I flag: search case-insensitive
-        sed -i "/${domain}/Id" ${list}
-        reload=true
-    else
-        if [[ "${verbose}" == true ]]; then
-            echo "::: ${1} does not exist in ${list}, no need to remove!"
+    if [[ "${list}" == "${whitelist}" || "${list}" == "${blacklist}" ]]; then
+
+        bool=true
+        #Is it in the list? Logic follows that if its whitelisted it should not be blacklisted and vice versa
+        grep -Ex -q "${domain}" "${list}" > /dev/null 2>&1 || bool=false
+        if [[ "${bool}" == true ]]; then
+            # Remove it from the other one
+            echo "::: Removing $1 from $list..."
+            # /I flag: search case-insensitive
+            sed -i "/${domain}/Id" "${list}"
+            reload=true
+        else
+            if [[ "${verbose}" == true ]]; then
+                echo "::: ${1} does not exist in ${list}, no need to remove!"
+            fi
+        fi
+
+    elif [[ "${list}" == "${wildcardlist}" ]]; then
+
+        bool=true
+        #Is it in the list?
+        grep -e "address=\/${domain}\/" "${wildcardlist}" > /dev/null 2>&1 || bool=false
+        if [[ "${bool}" == true ]]; then
+            # Remove it from the other one
+            echo "::: Removing $1 from $list..."
+            # /I flag: search case-insensitive
+            sed -i "/address=\/${domain}/Id" "${list}"
+            reload=true
+        else
+            if [[ "${verbose}" == true ]]; then
+                echo "::: ${1} does not exist in ${list}, no need to remove!"
+            fi
        fi
    fi
 }
@@ -153,6 +207,7 @@ for var in "$@"; do
 	case "${var}" in
 	    "-w" | "whitelist"   ) listMain="${whitelist}"; listAlt="${blacklist}";;
 	    "-b" | "blacklist"   ) listMain="${blacklist}"; listAlt="${whitelist}";;
+		"-wild" | "wildcard" ) listMain="${wildcardlist}";;
 		"-nr"| "--noreload"  ) reload=false;;
 		"-d" | "--delmode"   ) addmode=false;;
 		"-f" | "--force"     ) force=true;;
--- a/advanced/Scripts/piholeDebug.sh
+++ b/advanced/Scripts/piholeDebug.sh
@@ -122,6 +122,13 @@ version_check() {
 	&& log_echo -r "${light_ver}" || (log_echo "lighttpd not installed." && error_found=1)
 	local php_ver="$(php -v |& head -n1)" \
 	&& log_echo -r "${php_ver}" || (log_echo "PHP not installed." && error_found=1)
+
+	(local pi_hole_branch="$(cd /etc/.pihole/ && git rev-parse --abbrev-ref HEAD)" && log_echo -r "Pi-hole branch:  ${pi_hole_branch}") || log_echo "Unable to obtain Pi-hole branch"
+	(local pi_hole_rev="$(cd /etc/.pihole/ && git describe --long --dirty --tags)" && log_echo -r "Pi-hole rev:     ${pi_hole_rev}") || log_echo "Unable to obtain Pi-hole revision"
+
+	(local admin_branch="$(cd /var/www/html/admin && git rev-parse --abbrev-ref HEAD)" && log_echo -r "AdminLTE branch: ${admin_branch}") || log_echo "Unable to obtain AdminLTE branch"
+	(local admin_rev="$(cd /var/www/html/admin && git describe --long --dirty --tags)" && log_echo -r "AdminLTE rev:    ${admin_rev}") || log_echo "Unable to obtain AdminLTE revision"
+
 	return "${error_found}"
 }

@@ -354,10 +361,21 @@ files_check "${ADLISTFILE}"

 header_write "Analyzing gravity.list"

-	gravity_length=$(wc -l "${GRAVITYFILE}") \
+	gravity_length=$(grep -c ^ "${GRAVITYFILE}") \
 	&& log_write "${GRAVITYFILE} is ${gravity_length} lines long." \
 	|| log_echo "Warning: No gravity.list file found!"

+header_write "Analyzing pihole.log"
+
+  pihole_length=$(grep -c ^ "${PIHOLELOG}") \
+  && log_write "${PIHOLELOG} is ${pihole_length} lines long." \
+  || log_echo "Warning: No pihole.log file found!"
+
+  pihole_size=$(du -h "${PIHOLELOG}" | awk '{ print $1 }') \
+  && log_write "${PIHOLELOG} is ${pihole_size}." \
+  || log_echo "Warning: No pihole.log file found!"
+
+
 # Continuously append the pihole.log file to the pihole_debug.log file
 dumpPiHoleLog() {
 	trap '{ echo -e "\n::: Finishing debug write from interrupt... Quitting!" ; exit 1; }' INT
--- a/advanced/Scripts/piholeLogFlush.sh
+++ b/advanced/Scripts/piholeLogFlush.sh
@@ -11,5 +11,10 @@
 # (at your option) any later version.

 echo -n "::: Flushing /var/log/pihole.log ..."
-echo " " > /var/log/pihole.log
+# Test if logrotate is available on this system
+if command -v /usr/sbin/logrotate &> /dev/null; then
+  /usr/sbin/logrotate --force /etc/pihole/logrotate
+else
+  echo " " > /var/log/pihole.log
+fi
 echo "... done!"
--- a/advanced/Scripts/update.sh
+++ b/advanced/Scripts/update.sh
@@ -22,9 +22,15 @@ readonly PI_HOLE_FILES_DIR="/etc/.pihole"
 is_repo() {
  # Use git to check if directory is currently under VCS, return the value
  local directory="${1}"
+  local curdir
+  local rc

-  git -C "${directory}" status --short &> /dev/null
-  return
+  curdir="${PWD}"
+  cd "${directory}" &> /dev/null || return 1
+  git status --short &> /dev/null
+  rc=$?
+  cd "${curdir}" &> /dev/null || return 1
+  return "${rc}"
 }

 prep_repo() {
@@ -40,22 +46,24 @@ make_repo() {
  local remoteRepo="${2}"
  local directory="${1}"

-  (prep_repo "${directory}" && git clone -q --depth 1 "${remoteRepo}" "${directory}" > /dev/null)
+  (prep_repo "${directory}" && git clone -q --depth 1 "${remoteRepo}" "${directory}")
     return
 }

 update_repo() {
  local directory="${1}"
-  local retVal=0
-  # Pull the latest commits
+  local curdir

+  curdir="${PWD}"
+  cd "${directory}" &> /dev/null || return 1
+  # Pull the latest commits
  # Stash all files not tracked for later retrieval
-  git -C "${directory}" stash --all --quiet &> /dev/null || ${retVal}=1
+  git stash --all --quiet
  # Force a clean working directory for cloning
-  git -C "${directory}" clean --force -d &> /dev/null || ${retVal}=1
+  git clean --force -d
  # Fetch latest changes and apply
-  git -C "${directory}" pull --quiet &> /dev/null || ${retVal}=1
-  return ${retVal}
+  git pull --quiet
+  cd "${curdir}" &> /dev/null || return 1
 }

 getGitFiles() {
@@ -76,33 +84,84 @@ getGitFiles() {
  fi
 }

+GitCheckUpdateAvail() {
+  local directory="${1}"
+  curdir=$PWD;
+  cd "${directory}"
+
+  # Fetch latest changes in this repo
+  git fetch --quiet origin
+
+  # @ alone is a shortcut for HEAD. Older versions of git
+  # need @{0}
+  LOCAL="$(git rev-parse @{0})"
+
+  # The suffix @{upstream} to a branchname
+  # (short form <branchname>@{u}) refers
+  # to the branch that the branch specified
+  # by branchname is set to build on top of#
+  # (configured with branch.<name>.remote and
+  # branch.<name>.merge). A missing branchname
+  # defaults to the current one.
+  REMOTE="$(git rev-parse @{upstream})"
+
+  # Change back to original directory
+  cd "${curdir}"
+
+  if [[ ${#LOCAL} == 0 ]]; then
+    echo "::: Error: Local revision could not be optained, ask Pi-hole support."
+    echo "::: Additional debugging output:"
+    git status
+    exit
+  fi
+  if [[ ${#REMOTE} == 0 ]]; then
+    echo "::: Error: Remote revision could not be optained, ask Pi-hole support."
+    echo "::: Additional debugging output:"
+    git status
+    exit
+  fi
+
+  if [[ "${LOCAL}" != "${REMOTE}" ]]; then
+    # Local branch is behind remote branch -> Update
+    return 0
+  else
+    # Local branch is up-to-date or in a situation
+    # where this updater cannot be used (like on a
+    # branch that exists only locally)
+    return 1
+  fi
+}
+
 main() {
  local pihole_version_current
-  local pihole_version_latest
  local web_version_current
-  local web_version_latest

-  if ! is_repo "${PI_HOLE_FILES_DIR}" || ! is_repo "${ADMIN_INTERFACE_DIR}" ; then #This is unlikely
+  #This is unlikely
+  if ! is_repo "${PI_HOLE_FILES_DIR}" || ! is_repo "${ADMIN_INTERFACE_DIR}" ; then
    echo "::: Critical Error: One or more Pi-Hole repos are missing from system!"
    echo "::: Please re-run install script from https://github.com/pi-hole/pi-hole"
    exit 1;
  fi

  echo "::: Checking for updates..."
-  # Checks Pi-hole version string in format vX.X.X
-  pihole_version_current="$(/usr/local/bin/pihole version --pihole --current)"
-  pihole_version_latest="$(/usr/local/bin/pihole version --pihole --latest)"
-  web_version_current="$(/usr/local/bin/pihole version --admin --current)"
-  web_version_latest="$(/usr/local/bin/pihole version --admin --latest)"

-  if [[ "${pihole_version_latest}" == "-1" || "${web_version_latest}" == "-1" ]]; then
-    echo "*** Unable to contact GitHub for latest version. Please try again later, contact support if this continues."
-    exit 1
+  if GitCheckUpdateAvail "${PI_HOLE_FILES_DIR}" ; then
+    core_update=true
+    echo "::: Pi-hole Core:   update available"
+  else
+    core_update=false
+    echo "::: Pi-hole Core:   up to date"
+  fi
+
+  if GitCheckUpdateAvail "${ADMIN_INTERFACE_DIR}" ; then
+    web_update=true
+    echo "::: Web Interface:  update available"
+  else
+    web_update=false
+    echo "::: Web Interface:  up to date"
  fi

  # Logic
-  # If latest versions are blank - we've probably hit Github rate limit (stop running `pihole -up so often!):
-  #            Update anyway
  # If Core up to date AND web up to date:
  #            Do nothing
  # If Core up to date AND web NOT up to date:
@@ -112,46 +171,40 @@ main() {
  # if Core NOT up to date AND web NOT up to date:
  #            pull pihole repo run install --unattended

-  if [[ "${pihole_version_current}" == "${pihole_version_latest}" ]] && [[ "${web_version_current}" == "${web_version_latest}" ]]; then
-    echo ":::"
-    echo "::: Pi-hole version is $pihole_version_current"
-    echo "::: Web Admin version is $web_version_current"
+  if ! ${core_update} && ! ${web_update} ; then
    echo ":::"
    echo "::: Everything is up to date!"
    exit 0

-  elif [[ "${pihole_version_current}" == "${pihole_version_latest}" ]] && [[ "${web_version_current}" < "${web_version_latest}" ]]; then
+  elif ! ${core_update} && ${web_update} ; then
    echo ":::"
    echo "::: Pi-hole Web Admin files out of date"
    getGitFiles "${ADMIN_INTERFACE_DIR}" "${ADMIN_INTERFACE_GIT_URL}"

-    web_updated=true
-
-  elif [[ "${pihole_version_current}" < "${pihole_version_latest}" ]] && [[ "${web_version_current}" == "${web_version_latest}" ]]; then
+  elif ${core_update} && ! ${web_update} ; then
+    echo ":::"
    echo "::: Pi-hole core files out of date"
    getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}"
    /etc/.pihole/automated\ install/basic-install.sh --reconfigure --unattended || echo "Unable to complete update, contact Pi-hole" && exit 1
-    core_updated=true

-  elif [[ "${pihole_version_current}" < "${pihole_version_latest}" ]] && [[ "${web_version_current}" < "${web_version_latest}" ]]; then
+  elif ${core_update} && ${web_update} ; then
+    echo ":::"
    echo "::: Updating Everything"
    getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}"
    /etc/.pihole/automated\ install/basic-install.sh --unattended || echo "Unable to complete update, contact Pi-hole" && exit 1
-    web_updated=true
-    core_updated=true
  else
    echo "*** Update script has malfunctioned, fallthrough reached. Please contact support"
    exit 1
  fi

-  if [[ "${web_updated}" == true ]]; then
+  if [[ "${web_update}" == true ]]; then
    web_version_current="$(/usr/local/bin/pihole version --admin --current)"
    echo ":::"
    echo "::: Web Admin version is now at ${web_version_current}"
    echo "::: If you had made any changes in '/var/www/html/admin/', they have been stashed using 'git stash'"
  fi

-  if [[ "${core_updated}" == true ]]; then
+  if [[ "${core_update}" == true ]]; then
    pihole_version_current="$(/usr/local/bin/pihole version --pihole --current)"
    echo ":::"
    echo "::: Pi-hole version is now at ${pihole_version_current}"
--- a/advanced/Scripts/version.sh
+++ b/advanced/Scripts/version.sh
--- a/advanced/Scripts/webpage.sh
+++ b/advanced/Scripts/webpage.sh
@@ -9,7 +9,9 @@
 # the Free Software Foundation, either version 2 of the License, or
 # (at your option) any later version.

-args=("$@")
+readonly setupVars="/etc/pihole/setupVars.conf"
+readonly dnsmasqconfig="/etc/dnsmasq.d/01-pihole.conf"
+readonly dhcpconfig="/etc/dnsmasq.d/02-pihole-dhcp.conf"

 helpFunc() {
 	cat << EOM
@@ -27,12 +29,34 @@ EOM
 	exit 0
 }

+add_setting() {
+	echo "${1}=${2}" >> "${setupVars}"
+}
+
+delete_setting() {
+	sed -i "/${1}/d" "${setupVars}"
+}
+
+change_setting() {
+	delete_setting "${1}"
+	add_setting "${1}" "${2}"
+}
+
+add_dnsmasq_setting() {
+	if [[ "${2}" != "" ]]; then
+		echo "${1}=${2}" >> "${dnsmasqconfig}"
+	else
+		echo "${1}" >> "${dnsmasqconfig}"
+	fi
+}
+
+delete_dnsmasq_setting() {
+	sed -i "/${1}/d" "${dnsmasqconfig}"
+}
+
 SetTemperatureUnit(){

-	# Remove setting from file (create backup setupVars.conf.bak)
-	sed -i.bak '/TEMPERATUREUNIT/d' /etc/pihole/setupVars.conf
-	# Save setting to file
-	echo "TEMPERATUREUNIT=${unit}" >> /etc/pihole/setupVars.conf
+	change_setting "TEMPERATUREUNIT" "${unit}"

 }

@@ -50,65 +74,89 @@ SetWebPassword(){
 		exit 1
 	fi

-	# Remove password from file (create backup setupVars.conf.bak)
-	sed -i.bak '/WEBPASSWORD/d' /etc/pihole/setupVars.conf
 	# Set password only if there is one to be set
 	if (( ${#args[2]} > 0 )) ; then
 		# Compute password hash twice to avoid rainbow table vulnerability
 		hash=$(echo -n ${args[2]} | sha256sum | sed 's/\s.*$//')
 		hash=$(echo -n ${hash} | sha256sum | sed 's/\s.*$//')
 		# Save hash to file
-		echo "WEBPASSWORD=${hash}" >> /etc/pihole/setupVars.conf
+		change_setting "WEBPASSWORD" "${hash}"
 		echo "New password set"
 	else
+		change_setting "WEBPASSWORD" ""
 		echo "Password removed"
 	fi

 }

+ProcessDNSSettings() {
+	source "${setupVars}"
+
+	delete_dnsmasq_setting "server"
+
+	COUNTER=1
+	while [[ 1 ]]; do
+		var=PIHOLE_DNS_${COUNTER}
+		if [ -z "${!var}" ]; then
+			break;
+		fi
+		add_dnsmasq_setting "server" "${!var}"
+		let COUNTER=COUNTER+1
+	done
+
+	delete_dnsmasq_setting "domain-needed"
+
+	if [[ "${DNS_FQDN_REQUIRED}" == true ]]; then
+		add_dnsmasq_setting "domain-needed"
+	fi
+
+	delete_dnsmasq_setting "bogus-priv"
+
+	if [[ "${DNS_BOGUS_PRIV}" == true ]]; then
+		add_dnsmasq_setting "bogus-priv"
+	fi
+
+	delete_dnsmasq_setting "dnssec"
+	delete_dnsmasq_setting "trust-anchor="
+
+	if [[ "${DNSSEC}" == true ]]; then
+		echo "dnssec
+trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
+" >> "${dnsmasqconfig}"
+	fi
+
+}
+
 SetDNSServers(){

-	# Remove setting from file (create backup setupVars.conf.bak)
-	sed -i.bak '/PIHOLE_DNS_1/d;/PIHOLE_DNS_2/d;/DNS_FQDN_REQUIRED/d;/DNS_BOGUS_PRIV/d;' /etc/pihole/setupVars.conf
 	# Save setting to file
-	echo "PIHOLE_DNS_1=${args[2]}" >> /etc/pihole/setupVars.conf
-	if [[ "${args[3]}" != "none" ]]; then
-		echo "PIHOLE_DNS_2=${args[3]}" >> /etc/pihole/setupVars.conf
+	delete_setting "PIHOLE_DNS"
+	IFS=',' read -r -a array <<< "${args[2]}"
+	for index in "${!array[@]}"
+	do
+		add_setting "PIHOLE_DNS_$((index+1))" "${array[index]}"
+	done
+
+	if [[ "${args[3]}" == "domain-needed" ]]; then
+		change_setting "DNS_FQDN_REQUIRED" "true"
 	else
-		echo "PIHOLE_DNS_2=" >> /etc/pihole/setupVars.conf
+		change_setting "DNS_FQDN_REQUIRED" "false"
 	fi

-	# Replace within actual dnsmasq config file
-	sed -i '/server=/d;' /etc/dnsmasq.d/01-pihole.conf
-	echo "server=${args[2]}" >> /etc/dnsmasq.d/01-pihole.conf
-	if [[ "${args[3]}" != "none" ]]; then
-		echo "server=${args[3]}" >> /etc/dnsmasq.d/01-pihole.conf
-	fi
-
-	# Remove domain-needed entry
-	sed -i '/domain-needed/d;' /etc/dnsmasq.d/01-pihole.conf
-
-	# Readd it if required
-	if [[ "${args[4]}" == "domain-needed" ]]; then
-		echo "domain-needed" >> /etc/dnsmasq.d/01-pihole.conf
-		echo "DNS_FQDN_REQUIRED=true" >> /etc/pihole/setupVars.conf
+	if [[ "${args[4]}" == "bogus-priv" ]]; then
+		change_setting "DNS_BOGUS_PRIV" "true"
 	else
-		# Leave it deleted if not wanted
-		echo "DNS_FQDN_REQUIRED=false" >> /etc/pihole/setupVars.conf
+		change_setting "DNS_BOGUS_PRIV" "false"
 	fi

-	# Remove bogus-priv entry
-	sed -i '/bogus-priv/d;' /etc/dnsmasq.d/01-pihole.conf
-
-	# Readd it if required
-	if [[ "${args[5]}" == "bogus-priv" ]]; then
-		echo "bogus-priv" >> /etc/dnsmasq.d/01-pihole.conf
-		echo "DNS_BOGUS_PRIV=true" >> /etc/pihole/setupVars.conf
+	if [[ "${args[5]}" == "dnssec" ]]; then
+		change_setting "DNSSEC" "true"
 	else
-		# Leave it deleted if not wanted
-		echo "DNS_BOGUS_PRIV=false" >> /etc/pihole/setupVars.conf
+		change_setting "DNSSEC" "false"
 	fi

+	ProcessDNSSettings
+
 	# Restart dnsmasq to load new configuration
 	RestartDNS

@@ -116,18 +164,14 @@ SetDNSServers(){

 SetExcludeDomains(){

-	# Remove setting from file (create backup setupVars.conf.bak)
-	sed -i.bak '/API_EXCLUDE_DOMAINS/d;' /etc/pihole/setupVars.conf
-	# Save setting to file
-	echo "API_EXCLUDE_DOMAINS=${args[2]}" >> /etc/pihole/setupVars.conf
+	change_setting "API_EXCLUDE_DOMAINS" "${args[2]}"
+
 }

 SetExcludeClients(){

-	# Remove setting from file (create backup setupVars.conf.bak)
-	sed -i.bak '/API_EXCLUDE_CLIENTS/d;' /etc/pihole/setupVars.conf
-	# Save setting to file
-	echo "API_EXCLUDE_CLIENTS=${args[2]}" >> /etc/pihole/setupVars.conf
+	change_setting "API_EXCLUDE_CLIENTS" "${args[2]}"
+
 }

 Reboot(){
@@ -148,110 +192,155 @@ RestartDNS(){

 SetQueryLogOptions(){

-	# Remove setting from file (create backup setupVars.conf.bak)
-	sed -i.bak '/API_QUERY_LOG_SHOW/d;' /etc/pihole/setupVars.conf
-	# Save setting to file
-	echo "API_QUERY_LOG_SHOW=${args[2]}" >> /etc/pihole/setupVars.conf
+	change_setting "API_QUERY_LOG_SHOW" "${args[2]}"
+
+}
+
+ProcessDHCPSettings() {
+
+	source "${setupVars}"
+
+	if [[ "${DHCP_ACTIVE}" == "true" ]]; then
+
+	interface=$(grep 'PIHOLE_INTERFACE=' /etc/pihole/setupVars.conf | sed "s/.*=//")
+
+	# Use eth0 as fallback interface
+	if [ -z ${interface} ]; then
+		interface="eth0"
+	fi
+
+	if [[ "${PIHOLE_DOMAIN}" == "" ]]; then
+		PIHOLE_DOMAIN="local"
+		change_setting "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}"
+	fi
+
+	if [[ "${DHCP_LEASETIME}" == "0" ]]; then
+		leasetime="infinite"
+	elif [[ "${DHCP_LEASETIME}" == "" ]]; then
+		leasetime="24h"
+		change_setting "DHCP_LEASETIME" "${leasetime}"
+	else
+		leasetime="${DHCP_LEASETIME}h"
+	fi
+
+	# Write settings to file
+	echo "###############################################################################
+#  DHCP SERVER CONFIG FILE AUTOMATICALLY POPULATED BY PI-HOLE WEB INTERFACE.  #
+#            ANY CHANGES MADE TO THIS FILE WILL BE LOST ON CHANGE             #
+###############################################################################
+dhcp-authoritative
+dhcp-range=${DHCP_START},${DHCP_END},${leasetime}
+dhcp-option=option:router,${DHCP_ROUTER}
+dhcp-leasefile=/etc/pihole/dhcp.leases
+#quiet-dhcp
+" > "${dhcpconfig}"
+
+if [[ "${PIHOLE_DOMAIN}" != "none" ]]; then
+	echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}"
+fi
+
+	if [[ "${DHCP_IPv6}" == "true" ]]; then
+echo "#quiet-dhcp6
+#enable-ra
+dhcp-option=option6:dns-server,[::]
+dhcp-range=::100,::1ff,constructor:${interface},ra-names,slaac,${leasetime}
+ra-param=*,0,0
+" >> "${dhcpconfig}"
+	fi
+
+	else
+		rm "${dhcpconfig}" &> /dev/null
+	fi
 }

 EnableDHCP(){

-	# Remove setting from file (create backup setupVars.conf.bak)
-	sed -i.bak '/DHCP_/d;' /etc/pihole/setupVars.conf
-	echo "DHCP_ACTIVE=true" >> /etc/pihole/setupVars.conf
-	echo "DHCP_START=${args[2]}" >> /etc/pihole/setupVars.conf
-	echo "DHCP_END=${args[3]}" >> /etc/pihole/setupVars.conf
-	echo "DHCP_ROUTER=${args[4]}" >> /etc/pihole/setupVars.conf
+	change_setting "DHCP_ACTIVE" "true"
+	change_setting "DHCP_START" "${args[2]}"
+	change_setting "DHCP_END" "${args[3]}"
+	change_setting "DHCP_ROUTER" "${args[4]}"
+	change_setting "DHCP_LEASETIME" "${args[5]}"
+	change_setting "PIHOLE_DOMAIN" "${args[6]}"
+	change_setting "DHCP_IPv6" "${args[7]}"

-	# Remove setting from file
-	sed -i '/dhcp-/d;/quiet-dhcp/d;' /etc/dnsmasq.d/01-pihole.conf
-	# Save setting to file
-	echo "dhcp-range=${args[2]},${args[3]},infinite" >> /etc/dnsmasq.d/01-pihole.conf
-	echo "dhcp-option=option:router,${args[4]}" >> /etc/dnsmasq.d/01-pihole.conf
-	# Changes the behaviour from strict RFC compliance so that DHCP requests on unknown leases from unknown hosts are not ignored. This allows new hosts to get a lease without a tedious timeout under all circumstances. It also allows dnsmasq to rebuild its lease database without each client needing to reacquire a lease, if the database is lost.
-	echo "dhcp-authoritative" >> /etc/dnsmasq.d/01-pihole.conf
-	# Use the specified file to store DHCP lease information
-	echo "dhcp-leasefile=/etc/pihole/dhcp.leases" >> /etc/dnsmasq.d/01-pihole.conf
-	# Suppress logging of the routine operation of these protocols. Errors and problems will still be logged, though.
-	echo "quiet-dhcp" >> /etc/dnsmasq.d/01-pihole.conf
-	echo "quiet-dhcp6" >> /etc/dnsmasq.d/01-pihole.conf
+	# Remove possible old setting from file
+	delete_dnsmasq_setting "dhcp-"
+	delete_dnsmasq_setting "quiet-dhcp"
+
+	ProcessDHCPSettings

 	RestartDNS
 }

 DisableDHCP(){

-	# Remove setting from file (create backup setupVars.conf.bak)
-	sed -i.bak '/DHCP_ACTIVE/d;' /etc/pihole/setupVars.conf
-	echo "DHCP_ACTIVE=false" >> /etc/pihole/setupVars.conf
+	change_setting "DHCP_ACTIVE" "false"

-	# Remove setting from file
-	sed -i '/dhcp-/d;/quiet-dhcp/d;' /etc/dnsmasq.d/01-pihole.conf
+	# Remove possible old setting from file
+	delete_dnsmasq_setting "dhcp-"
+	delete_dnsmasq_setting "quiet-dhcp"
+
+	ProcessDHCPSettings

 	RestartDNS
 }

 SetWebUILayout(){

-	# Remove setting from file (create backup setupVars.conf.bak)
-	sed -i.bak '/WEBUIBOXEDLAYOUT/d;' /etc/pihole/setupVars.conf
-	echo "WEBUIBOXEDLAYOUT=${args[2]}" >> /etc/pihole/setupVars.conf
+	change_setting "WEBUIBOXEDLAYOUT" "${args[2]}"

 }

-SetDNSDomainName(){
+SetPrivacyMode(){

-	# Remove setting from file (create backup setupVars.conf.bak)
-	sed -i.bak '/PIHOLE_DOMAIN/d;' /etc/pihole/setupVars.conf
-	# Save setting to file
-	echo "PIHOLE_DOMAIN=${args[2]}" >> /etc/pihole/setupVars.conf
-
-	# Replace within actual dnsmasq config file
-	sed -i '/domain=/d;' /etc/dnsmasq.d/01-pihole.conf
-	echo "domain=${args[2]}" >> /etc/dnsmasq.d/01-pihole.conf
-
-	# Restart dnsmasq to load new configuration
-	RestartDNS
+	if [[ "${args[2]}" == "true" ]] ; then
+		change_setting "API_PRIVACY_MODE" "true"
+	else
+		change_setting "API_PRIVACY_MODE" "false"
+	fi

 }

 ResolutionSettings() {

-	typ=${args[2]}
-	state=${args[3]}
+	typ="${args[2]}"
+	state="${args[3]}"

 	if [[ "${typ}" == "forward" ]]; then
-		sed -i.bak '/API_GET_UPSTREAM_DNS_HOSTNAME/d;' /etc/pihole/setupVars.conf
-		echo "API_GET_UPSTREAM_DNS_HOSTNAME=${state}" >> /etc/pihole/setupVars.conf
+		change_setting "API_GET_UPSTREAM_DNS_HOSTNAME" "${state}"
 	elif [[ "${typ}" == "clients" ]]; then
-		sed -i.bak '/API_GET_CLIENT_HOSTNAME/d;' /etc/pihole/setupVars.conf
-		echo "API_GET_CLIENT_HOSTNAME=${state}" >> /etc/pihole/setupVars.conf
+		change_setting "API_GET_CLIENT_HOSTNAME" "${state}"
 	fi
 }

-case "${args[1]}" in
-	"-p" | "password"   ) SetWebPassword;;
-	"-c" | "celsius"    ) unit="C"; SetTemperatureUnit;;
-	"-f" | "fahrenheit" ) unit="F"; SetTemperatureUnit;;
-	"-k" | "kelvin"     ) unit="K"; SetTemperatureUnit;;
-	"setdns"            ) SetDNSServers;;
-	"setexcludedomains" ) SetExcludeDomains;;
-	"setexcludeclients" ) SetExcludeClients;;
-	"reboot"            ) Reboot;;
-	"restartdns"        ) RestartDNS;;
-	"setquerylog"       ) SetQueryLogOptions;;
-	"enabledhcp"        ) EnableDHCP;;
-	"disabledhcp"       ) DisableDHCP;;
-	"layout"            ) SetWebUILayout;;
-	"-h" | "--help"     ) helpFunc;;
-	"domainname"        ) SetDNSDomainName;;
-	"resolve"           ) ResolutionSettings;;
-	*                   ) helpFunc;;
-esac
+main() {

-shift
+	args=("$@")

-if [[ $# = 0 ]]; then
-	helpFunc
-fi
+	case "${args[1]}" in
+		"-p" | "password"   ) SetWebPassword;;
+		"-c" | "celsius"    ) unit="C"; SetTemperatureUnit;;
+		"-f" | "fahrenheit" ) unit="F"; SetTemperatureUnit;;
+		"-k" | "kelvin"     ) unit="K"; SetTemperatureUnit;;
+		"setdns"            ) SetDNSServers;;
+		"setexcludedomains" ) SetExcludeDomains;;
+		"setexcludeclients" ) SetExcludeClients;;
+		"reboot"            ) Reboot;;
+		"restartdns"        ) RestartDNS;;
+		"setquerylog"       ) SetQueryLogOptions;;
+		"enabledhcp"        ) EnableDHCP;;
+		"disabledhcp"       ) DisableDHCP;;
+		"layout"            ) SetWebUILayout;;
+		"-h" | "--help"     ) helpFunc;;
+		"privacymode"       ) SetPrivacyMode;;
+		"resolve"           ) ResolutionSettings;;
+		*                   ) helpFunc;;
+	esac

+	shift
+
+	if [[ $# = 0 ]]; then
+		helpFunc
+	fi
+
+}
--- a/advanced/blockingpage.css
+++ b/advanced/blockingpage.css
@@ -0,0 +1,136 @@
+/* CSS Reset */
+html, body, div, span, applet, object, iframe, h1, h2, h3, h4, h5, h6, p, blockquote, pre, a, abbr, acronym, address, big, cite, code, del, dfn, em, img, ins, kbd, q, s, samp, small, strike, strong, sub, sup, tt, var, b, u, i, center, dl, dt, dd, ol, ul, li, fieldset, form, label, legend, table, caption, tbody, tfoot, thead, tr, th, td, article, aside, canvas, details, embed, figure, figcaption, footer, header, hgroup, menu, nav, output, ruby, section, summary, time, mark, audio, video { margin: 0; padding: 0; border: 0; font-size: 100%; font: inherit; vertical-align: baseline; }
+article, aside, details, figcaption, figure, footer, header, hgroup, menu, nav, section { display: block; }
+body { line-height: 1; }
+ol, ul { list-style: none; }
+blockquote, q { quotes: none; }
+blockquote:before, blockquote:after, q:before, q:after { content: ''; content: none; }
+table { border-collapse: collapse; border-spacing: 0; }
+html { height: 100%; overflow-x: hidden; }
+
+/* General Style */
+a	{ color: rgba(0,60,120,0.95); text-decoration: none; } /* 1E3C5A */
+a:hover { color: rgba(210,120,0,0.95); transition-duration: .2s; } /* 255, 128, 0 */
+divs a		{ border-bottom: 1px dashed rgba(30,60,90,0.3); }
+b	{ font-weight: bold; }
+i	{ font-style: italic; }
+
+footer, pre, td { font-family: monospace; padding-left: 15px; }
+/*body, header { background: #E1E1E1; }*/
+
+body {
+	background-image: -webkit-linear-gradient(top, rgba(240,240,240,0.95), rgba(190,190,190,0.95));
+	background-image: linear-gradient(to bottom, rgba(240,240,240,0.95), rgba(190,190,190,0.95));
+	background-attachment: fixed;
+	color: rgba(64,64,64,0.95);
+	font: 14px, sans-serif;
+	line-height: 1em;
+}
+
+header {
+	min-width: 320px;
+	width: 100%;
+	text-shadow: 0 1px rgba(255,255,255,0.6);
+	display: table;
+	table-layout: fixed;
+	border: 1px solid rgba(0,0,0,0.25);
+	border-top-color: rgba(255,255,255,0.85);
+	border-style: solid none;
+	background-image: -webkit-linear-gradient(top, rgba(240,240,240,0.95), rgba(220,220,220,0.95));
+	background-image: linear-gradient(to bottom, rgba(240,240,240,0.95), rgba(220,220,220,0.95));
+	box-shadow:  0 0 1px 1px rgba(0,0,0,0.04);
+}
+
+header h1, header div {
+	display: table-cell;
+	color: inherit;
+	font-weight: bold;
+	vertical-align: middle;
+	white-space: nowrap;
+	overflow: hidden;
+	box-sizing: border-box;
+}
+
+header h1 {
+	font-size: 22px;
+	font-weight: bold;
+	width: 100%;
+	padding: 8px 0;
+	text-indent: 32px;
+	background: url("http://pi.hole/admin/img/logo.svg") left no-repeat;
+	background-size: 30px 22px;
+}
+
+header h1 a, h1 a:hover { color: inherit; }
+header .alt { width: 85px; font-size: 0.8em; padding-right: 4px; text-align: right; line-height: 1.25em; }
+.active { color: green; }
+.inactive { color: red; }
+
+main {
+	display: block;
+	width: 80%;
+	padding: 10px;
+	font-size: 1em;
+	background-color: rgba(255,255,255,0.85);
+	margin: 8px auto;
+	box-sizing: border-box;
+	border: 1px solid rgba(0,0,0,0.25);
+	box-shadow:  4px 4px rgba(0,0,0,0.1);
+	line-height: 1.2em;
+	border-radius: 8px;
+}
+
+h2 { /* Rgba is shared with .transparent th */
+	font: 1.15em sans-serif;
+	background-color: rgba(255,0,0,0.4);
+	text-shadow: none;
+	line-height: 1.1em;
+	padding-bottom: 1px;
+	margin-top: 8px;
+	margin-bottom: 4px;
+	background: -webkit-linear-gradient(left, rgba(0,0,0,0.25), transparent 80%) no-repeat;
+	background: linear-gradient(to right, rgba(0,0,0,0.25), transparent 80%) no-repeat;
+	background-size: 100% 1px;
+	background-position: 0 17px;
+}
+
+h2:first-child { margin-top: 0; }
+h2 ~ *:not(h2) { margin-left: 4px; }
+li { padding: 2px 0; }
+li::before { content: "\00BB\00a0"; }
+li a { position: relative; top: 1px; } /* Center bullet-point arrows */
+
+/* Button Style */
+.buttons a, button, input, .transparent th a { /* Swapped rgba is shared with input[type='url'] */
+	display: inline-block;
+	color: rgba(32,32,32,0.9);
+	font-weight: bold;
+	text-align: center;
+	cursor: pointer;
+	text-shadow: 0 1px rgba(255,255,255,0.2);
+	line-height: 0.86em;
+	font-size: 1em;
+	padding: 4px 8px;
+	background: #FAFAFA;
+	background-image: -webkit-linear-gradient(top, rgba(255,255,255,0.05), rgba(0,0,0,0.05));
+	background-image: linear-gradient(to bottom, rgba(255,255,255,0.05), rgba(0,0,0,0.05));
+	border: 1px solid rgba(0,0,0,0.25);
+	border-radius: 4px;
+	box-shadow: 0 1px 0 rgba(0,0,0,0.04);
+}
+
+.buttons { white-space: nowrap; width: 100%; display: table; }
+.buttons33 { white-space: nowrap; width: 33.333%; display: table; text-align: center; margin-left: 33.333% }
+.mini a { width: 50%; }
+a.safe { background-color: rgba(0,220,0,0.5); }
+button.safe { background-color: rgba(0,220,0,0.5); }
+a.warn { background-color: rgba(220,0,0,0.5); }
+
+.blocked a, .mini a { display: table-cell; }
+.blocked a.safe50 { width: 50%; background-color: rgba(0,220,0,0.5); }
+.blocked a.safe33 { width: 33.333%; background-color: rgba(0,220,0,0.5); }
+
+/* Types of text */
+.msg { white-space: pre; overflow: auto; -webkit-overflow-scrolling: touch; display: block; line-height: 1.2em; font-weight: bold; font-size: 1.15em; margin: 4px 8px 8px 8px; white-space: pre-line; }
+
+footer { font-size: 0.8em; text-align: center; width: 87%; margin: 4px auto; }
--- a/advanced/dphys-swapfile
+++ b/advanced/dphys-swapfile
@@ -1,12 +0,0 @@
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2015, 2016 by Jacob Salmela
-# Network-wide ad blocking via your Raspberry Pi
-# http://pi-hole.net
-# Swap file config
-#
-# Pi-hole is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 2 of the License, or
-# (at your option) any later version.
-
-CONF_SWAPSIZE=500
--- a/advanced/index.html
+++ b/advanced/index.html
@@ -1,7 +0,0 @@
-<html>
-<head>
-<script>window.close();</script>
-</head>
-<body>
-</body>
-</html>
--- a/advanced/index.php
+++ b/advanced/index.php
@@ -0,0 +1,183 @@
+<?php
+/* Detailed Pi-Hole Block Page: Show "Website Blocked" if user browses to site, but not to image/file requests based on the work of WaLLy3K for DietPi & Pi-Hole */
+
+$uri = escapeshellcmd($_SERVER['REQUEST_URI']);
+$serverName = escapeshellcmd($_SERVER['SERVER_NAME']);
+
+// Retrieve server URI extension (EG: jpg, exe, php)
+$uriExt = pathinfo($uri, PATHINFO_EXTENSION);
+
+// Define which URL extensions get rendered as "Website Blocked"
+$webExt = array('asp', 'htm', 'html', 'php', 'rss', 'xml');
+
+if(in_array($uriExt, $webExt) || empty($uriExt))
+{
+	// Requested resource has an extension listed in $webExt
+	// or no extension (index access to some folder incl. the root dir)
+	$showPage = true;
+}
+else
+{
+	// Something else
+	$showPage = false;
+}
+
+// Handle incoming URI types
+if (!$showPage)
+{
+?>
+<html>
+<head>
+<script>window.close();</script></head>
+<body>
+<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7">
+</body>
+</html>
+<?php
+	die();
+}
+
+// Get Pi-Hole version
+$piHoleVersion = exec('cd /etc/.pihole/ && git describe --tags --abbrev=0');
+
+// Don't show the URI if it is the root directory
+if($uri == "/")
+{
+	$uri = "";
+}
+
+?>
+<!DOCTYPE html>
+<head>
+	<meta charset='UTF-8'/>
+	<title>Website Blocked</title>
+	<link rel='stylesheet' href='http://pi.hole/pihole/blockingpage.css'/>
+	<link rel='shortcut icon' href='http://pi.hole/admin/img/favicon.png' type='image/png'/>
+	<meta name='viewport' content='width=device-width,initial-scale=1.0,maximum-scale=1.0, user-scalable=no'/>
+	<meta name='robots' content='noindex,nofollow'/>
+</head>
+<body id="body">
+<header>
+	<h1><a href='/'>Website Blocked</a></h1>
+</header>
+<main>
+	<div>Access to the following site has been blocked:<br/>
+	<span class='pre msg'><?php echo $serverName.$uri; ?></span></div>
+	<div>If you have an ongoing use for this website, please ask the owner of the Pi-hole in your network to have it whitelisted.</div>
+	<input id="domain" type="hidden" value="<?php echo $serverName; ?>">
+	<input id="quiet" type="hidden" value="yes">
+	<button id="btnSearch" class="buttons blocked" type="button" style="visibility: hidden;"></button>
+	This page is blocked because it is explicitly contained within the following block list(s):
+	<pre id="output" style="width: 100%; height: 100%;" hidden="true"></pre><br/>
+	<div class='buttons blocked'>
+		<a class='safe33' href='javascript:history.back()'>Go back</a>
+		<a class='safe33' id="whitelisting">Whitelist this page</a>
+		<a class='safe33' href='javascript:window.close()'>Close window</a>
+	</div>
+		<div style="width: 98%; text-align: center; padding: 10px;" hidden="true" id="whitelistingform">
+			<p>Note that whitelisting domains which are blocked using the wildcard method won't work.</p>
+			<p>Password required!</p><br/>
+		<form>
+			<input name="list" type="hidden" value="white"><br/>
+			Domain:<br/>
+			<input name="domain" value="<?php echo $serverName ?>" disabled><br/><br/>
+			Password:<br/>
+			<input type="password" id="pw" name="pw"><br/><br/>
+			<button class="buttons33 safe" id="btnAdd" type="button">Whitelist</button>
+		</form><br/>
+		<pre id="whitelistingoutput" style="width: 100%; height: 100%; padding: 5px;" hidden="true"></pre><br/>
+		</div>
+</main>
+<footer>Generated <?php echo date('D g:i A, M d'); ?> by Pi-hole <?php echo $piHoleVersion; ?></footer>
+<script src="http://pi.hole/admin/scripts/vendor/jquery.min.js"></script>
+<script>
+// Create event for when the output is appended to
+(function($) {
+    var origAppend = $.fn.append;
+
+    $.fn.append = function () {
+        return origAppend.apply(this, arguments).trigger("append");
+    };
+})(jQuery);
+</script>
+<script src="http://pi.hole/admin/scripts/pi-hole/js/queryads.js"></script>
+<script>
+function inIframe () {
+    try {
+        return window.self !== window.top;
+    } catch (e) {
+        return true;
+    }
+}
+
+// Try to detect if page is loaded within iframe
+if(inIframe())
+{
+    // Within iframe
+    // hide content of page
+    $('#body').hide();
+    // remove background
+    document.body.style.backgroundImage = "none";
+}
+else
+{
+    // Query adlists
+    $( "#btnSearch" ).click();
+}
+
+$( "#whitelisting" ).on( "click", function(){ $( "#whitelistingform" ).removeAttr( "hidden" ); });
+
+// Remove whitelist functionality if the domain was blocked because of a wildcard
+$( "#output" ).bind("append", function(){
+	if($( "#output" ).contents()[0].data.indexOf("Wildcard blocking") !== -1)
+	{
+		$( "#whitelisting" ).hide();
+		$( "#whitelistingform" ).hide();
+	}
+});
+
+function add() {
+	var domain = $("#domain");
+	var pw = $("#pw");
+	if(domain.val().length === 0){
+		return;
+	}
+
+	$.ajax({
+		url: "admin/scripts/pi-hole/php/add.php",
+		method: "post",
+		data: {"domain":domain.val(), "list":"white", "pw":pw.val()},
+		success: function(response) {
+			$( "#whitelistingoutput" ).removeAttr( "hidden" );
+			if(response.indexOf("Pi-hole blocking") !== -1)
+			{
+				// Reload page after 5 seconds
+				setTimeout(function(){window.location.reload(1);}, 5000);
+				$( "#whitelistingoutput" ).html("---> Success <---<br/>You may have to flush your DNS cache");
+			}
+			else
+			{
+				$( "#whitelistingoutput" ).html("---> "+response+" <---");
+			}
+
+		},
+		error: function(jqXHR, exception) {
+			$( "#whitelistingoutput" ).removeAttr( "hidden" );
+			$( "#whitelistingoutput" ).html("---> Unknown Error <---");
+		}
+	});
+}
+// Handle enter button for adding domains
+$(document).keypress(function(e) {
+    if(e.which === 13 && $("#pw").is(":focus")) {
+        add();
+    }
+});
+
+// Handle buttons
+$("#btnAdd").on("click", function() {
+    add();
+});
+</script>
+</body>
+</html>
--- a/advanced/lighttpd.conf.debian
+++ b/advanced/lighttpd.conf.debian
@@ -21,7 +21,7 @@ server.modules = (
 )

 server.document-root        = "/var/www/html"
-server.error-handler-404	= "pihole/index.html"
+server.error-handler-404	= "pihole/index.php"
 server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
 server.errorlog             = "/var/log/lighttpd/error.log"
 server.pid-file             = "/var/run/lighttpd.pid"
--- a/advanced/lighttpd.conf.fedora
+++ b/advanced/lighttpd.conf.fedora
@@ -22,7 +22,7 @@ server.modules = (
 )

 server.document-root        = "/var/www/html"
-server.error-handler-404	= "pihole/index.html"
+server.error-handler-404	= "pihole/index.php"
 server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
 server.errorlog             = "/var/log/lighttpd/error.log"
 server.pid-file             = "/var/run/lighttpd.pid"
--- a/advanced/logrotate
+++ b/advanced/logrotate
@@ -0,0 +1,9 @@
+/var/log/pihole.log {
+	daily
+	copytruncate
+	rotate 5
+	compress
+	delaycompress
+	notifempty
+	nomail
+}
--- a/advanced/pihole.cron
+++ b/advanced/pihole.cron
@@ -13,15 +13,17 @@
 # scripts, any changes made to this file will be overwritten when the softare
 # is updated or re-installed. Please make any changes to the appropriate crontab
 # or other cron file snippets.
-PATH="$PATH:/usr/local/bin/"

 # Pi-hole: Update the ad sources once a week on Sunday at 01:59
 #          Download any updates from the adlists
-59 1    * * 7   root    pihole updateGravity
+59 1    * * 7   root    PATH="$PATH:/usr/local/bin/" pihole updateGravity

 # Pi-hole: Update Pi-hole! Uncomment to enable auto update
-#30 2    * * 7   root    pihole updatePihole
+#30 2    * * 7   root    PATH="$PATH:/usr/local/bin/" pihole updatePihole

 # Pi-hole: Flush the log daily at 00:00 so it doesn't get out of control
 #          Stats will be viewable in the Web interface thanks to the cron job above
-00 00   * * *   root    pihole flush
+#          The flush script will use logrotate if available
+00 00   * * *   root    PATH="$PATH:/usr/local/bin/" pihole flush
+
+@reboot root /usr/sbin/logrotate /etc/pihole/logrotate
--- a/install/basic-install.sh
+++ b/install/basic-install.sh
--- a/gravity.sh
+++ b/gravity.sh
@@ -76,7 +76,7 @@ gravity_collapse() {
 		#custom file found, use this instead of default
 		echo -n "::: Custom adList file detected. Reading..."
 		sources=()
-		while read -r line; do
+		while IFS= read -r line || [[ -n "$line" ]]; do
 			#Do not read commented out or blank lines
 			if [[ ${line} = \#* ]] || [[ ! ${line} ]]; then
 				echo "" > /dev/null
@@ -89,7 +89,7 @@ gravity_collapse() {
 		#no custom file found, use defaults!
 		echo -n "::: No custom adlist file detected, reading from default file..."
 		sources=()
-		while read -r line; do
+		while IFS= read -r line || [[ -n "$line" ]]; do
 			#Do not read commented out or blank lines
 			if [[ ${line} = \#* ]] || [[ ! ${line} ]]; then
 				echo "" > /dev/null
@@ -388,7 +388,7 @@ if [[ "${forceGrav}" == true ]]; then
 fi

 #Overwrite adlists.default from /etc/.pihole in case any changes have been made. Changes should be saved in /etc/adlists.list
-#cp /etc/.pihole/adlists.default /etc/pihole/adlists.default
+cp /etc/.pihole/adlists.default /etc/pihole/adlists.default
 gravity_collapse
 gravity_spinup
 if [[ "${skipDownload}" == false ]]; then
--- a/69
+++ b/69
@@ -11,6 +11,7 @@
 # (at your option) any later version.

 PI_HOLE_SCRIPT_DIR="/opt/pihole"
+readonly wildcardlist="/etc/dnsmasq.d/03-pihole-wildcard.conf"
 # Must be root to use this tool
 if [[ ! $EUID -eq 0 ]];then
  if [ -x "$(command -v sudo)" ];then
@@ -23,7 +24,8 @@ if [[ ! $EUID -eq 0 ]];then
 fi

 webpageFunc() {
-  /opt/pihole/webpage.sh "$@"
+  source /opt/pihole/webpage.sh
+  main "$@"
  exit 0
 }

@@ -37,6 +39,11 @@ blacklistFunc() {
  exit 0
 }

+wildcardFunc() {
+  "${PI_HOLE_SCRIPT_DIR}"/list.sh "$@"
+  exit 0
+}
+
 debugFunc() {
  "${PI_HOLE_SCRIPT_DIR}"/piholeDebug.sh
  exit 0
@@ -62,11 +69,6 @@ updateGravityFunc() {
  exit 0
 }

-setupLCDFunction() {
-  "${PI_HOLE_SCRIPT_DIR}"/setupLCD.sh
-  exit 0
-}
-
 scanList(){
  domain="${1}"
  list="${2}"
@@ -78,19 +80,52 @@ scanList(){
  fi
 }

+processWildcards() {
+  IFS="." read -r -a array <<< "${1}"
+  for (( i=${#array[@]}-1; i>=0; i-- )); do
+    ar=""
+    for (( j=${#array[@]}-1; j>${#array[@]}-i-2; j-- )); do
+      if [[ $j == $((${#array[@]}-1)) ]]; then
+        ar="${array[$j]}"
+      else
+        ar="${array[$j]}.${ar}"
+      fi
+    done
+    echo "${ar}"
+  done
+}
+
 queryFunc() {
  domain="${2}"
  method="${3}"
  lists=( /etc/pihole/list.* /etc/pihole/blacklist.txt)
  for list in ${lists[@]}; do
-    result=$(scanList ${domain} ${list} ${method})
+    if [ -e "${list}" ]; then
+      result=$(scanList ${domain} ${list} ${method})
+      # Remove empty lines before couting number of results
+      count=$(sed '/^\s*$/d' <<< "$result" | wc -l)
+      echo "::: ${list} (${count} results)"
+      if [[ ${count} > 0 ]]; then
+        echo "${result}"
+      fi
+      echo ""
+    else
+      echo "::: ${list} does not exist"
+      echo ""
+    fi
+  done
+
+  # Scan for possible wildcard matches
+  local wildcards=($(processWildcards "${domain}"))
+  for domain in ${wildcards[@]}; do
+    result=$(scanList "\/${domain}\/" ${wildcardlist})
    # Remove empty lines before couting number of results
    count=$(sed '/^\s*$/d' <<< "$result" | wc -l)
-    echo "::: ${list} (${count} results)"
    if [[ ${count} > 0 ]]; then
+      echo "::: Wildcard blocking ${domain} (${count} results)"
      echo "${result}"
+      echo ""
    fi
-    echo ""
  done
  exit 0
 }
@@ -185,6 +220,19 @@ piholeLogging() {
 }

 piholeStatus() {
+  if [[ $(netstat -plnt | grep -c ':53 ') > 0 ]]; then
+    if [[ "${1}" != "web" ]] ; then
+      echo "::: DNS service is running"
+    fi
+  else
+    if [[ "${1}" == "web" ]] ; then
+      echo "-1";
+    else
+      echo "::: DNS service is NOT running"
+    fi
+    return
+  fi
+
  if [[ $(grep -i "^#addn-hosts=/" /etc/dnsmasq.d/01-pihole.conf) ]] ; then
    #list is commented out
    if [[ "${1}" == "web" ]] ; then
@@ -234,7 +282,6 @@ helpFunc() {
 :::  -up, updatePihole        Update Pi-hole
 :::  -r, reconfigure          Reconfigure or Repair Pi-hole
 :::  -g, updateGravity        Update the list of ad-serving domains
-:::  -s, setupLCD             Automatically configures the Pi to use the 2.8 LCD screen to display stats on it
 :::  -c, chronometer          Calculates stats and displays to an LCD
 :::  -h, help                 Show this help dialog
 :::  -v, version              Show current versions
@@ -261,12 +308,12 @@ fi
 case "${1}" in
  "-w" | "whitelist"            ) whitelistFunc "$@";;
  "-b" | "blacklist"            ) blacklistFunc "$@";;
+  "-wild" | "wildcard"          ) wildcardFunc "$@";;
  "-d" | "debug"                ) debugFunc;;
  "-f" | "flush"                ) flushFunc;;
  "-up" | "updatePihole"        ) updatePiholeFunc;;
  "-r"  | "reconfigure"         ) reconfigurePiholeFunc;;
  "-g" | "updateGravity"        ) updateGravityFunc "$@";;
-  "-s" | "setupLCD"             ) setupLCDFunction;;
  "-c" | "chronometer"          ) chronometerFunc "$@";;
  "-h" | "help"                 ) helpFunc;;
  "-v" | "version"              ) versionFunc "$@";;
--- a/test/test_automated_install.py
+++ b/test/test_automated_install.py
@@ -64,37 +64,237 @@ def test_setupVars_saved_to_file(Pihole):
    for k,v in SETUPVARS.iteritems():
        assert "{}={}".format(k, v) in output

-def test_configureFirewall_firewalld_no_errors(Pihole):
-    ''' confirms firewalld rules are applied when appopriate '''
-    mock_command('firewall-cmd', '0', Pihole)
+def test_configureFirewall_firewalld_running_no_errors(Pihole):
+    ''' confirms firewalld rules are applied when firewallD is running '''
+    # firewallD returns 'running' as status
+    mock_command('firewall-cmd', {'*':('running', 0)}, Pihole)
+    # Whiptail dialog returns Ok for user prompt
+    mock_command('whiptail', {'*':('', 0)}, Pihole)
    configureFirewall = Pihole.run('''
    source /opt/pihole/basic-install.sh
    configureFirewall
    ''')
-    expected_stdout = '::: Configuring firewalld for httpd and dnsmasq.'
+    expected_stdout = 'Configuring FirewallD for httpd and dnsmasq.'
    assert expected_stdout in configureFirewall.stdout
    firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout
    assert 'firewall-cmd --state' in firewall_calls
-    assert 'firewall-cmd --permanent --add-port=80/tcp' in firewall_calls
-    assert 'firewall-cmd --permanent --add-port=53/tcp' in firewall_calls
-    assert 'firewall-cmd --permanent --add-port=53/udp' in firewall_calls
+    assert 'firewall-cmd --permanent --add-port=80/tcp --add-port=53/tcp --add-port=53/udp' in firewall_calls
    assert 'firewall-cmd --reload' in firewall_calls

+def test_configureFirewall_firewalld_disabled_no_errors(Pihole):
+    ''' confirms firewalld rules are not applied when firewallD is not running '''
+    # firewallD returns non-running status
+    mock_command('firewall-cmd', {'*':('not running', '1')}, Pihole)
+    configureFirewall = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    configureFirewall
+    ''')
+    expected_stdout = 'No active firewall detected.. skipping firewall configuration.'
+    assert expected_stdout in configureFirewall.stdout
+
+def test_configureFirewall_firewalld_enabled_declined_no_errors(Pihole):
+    ''' confirms firewalld rules are not applied when firewallD is running, user declines ruleset '''
+    # firewallD returns running status
+    mock_command('firewall-cmd', {'*':('running', 0)}, Pihole)
+    # Whiptail dialog returns Cancel for user prompt
+    mock_command('whiptail', {'*':('', 1)}, Pihole)
+    configureFirewall = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    configureFirewall
+    ''')
+    expected_stdout = 'Not installing firewall rulesets.'
+    assert expected_stdout in configureFirewall.stdout
+
+def test_configureFirewall_no_firewall(Pihole):
+    ''' confirms firewall skipped no daemon is running '''
+    configureFirewall = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    configureFirewall
+    ''')
+    expected_stdout = 'No active firewall detected'
+    assert expected_stdout in configureFirewall.stdout
+
+def test_configureFirewall_IPTables_enabled_declined_no_errors(Pihole):
+    ''' confirms IPTables rules are not applied when IPTables is running, user declines ruleset '''
+    # iptables command exists
+    mock_command('iptables', {'*':('', '0')}, Pihole)
+    # modinfo returns always true (ip_tables module check)
+    mock_command('modinfo', {'*':('', '0')}, Pihole)
+    # Whiptail dialog returns Cancel for user prompt
+    mock_command('whiptail', {'*':('', '1')}, Pihole)
+    configureFirewall = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    configureFirewall
+    ''')
+    expected_stdout = 'Not installing firewall rulesets.'
+    assert expected_stdout in configureFirewall.stdout
+
+def test_configureFirewall_IPTables_enabled_rules_exist_no_errors(Pihole):
+    ''' confirms IPTables rules are not applied when IPTables is running and rules exist '''
+    # iptables command exists and returns 0 on calls (should return 0 on iptables -C)
+    mock_command('iptables', {'-S':('-P INPUT DENY', '0')}, Pihole)
+    # modinfo returns always true (ip_tables module check)
+    mock_command('modinfo', {'*':('', '0')}, Pihole)
+    # Whiptail dialog returns Cancel for user prompt
+    mock_command('whiptail', {'*':('', '0')}, Pihole)
+    configureFirewall = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    configureFirewall
+    ''')
+    expected_stdout = 'Installing new IPTables firewall rulesets'
+    assert expected_stdout in configureFirewall.stdout
+    firewall_calls = Pihole.run('cat /var/log/iptables').stdout
+    assert 'iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT' not in firewall_calls
+    assert 'iptables -I INPUT 1 -p tcp -m tcp --dport 53 -j ACCEPT' not in firewall_calls
+    assert 'iptables -I INPUT 1 -p udp -m udp --dport 53 -j ACCEPT' not in firewall_calls
+
+def test_configureFirewall_IPTables_enabled_not_exist_no_errors(Pihole):
+    ''' confirms IPTables rules are applied when IPTables is running and rules do not exist '''
+    # iptables command and returns 0 on calls (should return 1 on iptables -C)
+    mock_command('iptables', {'-S':('-P INPUT DENY', '0'), '-C':('', 1), '-I':('', 0)}, Pihole)
+    # modinfo returns always true (ip_tables module check)
+    mock_command('modinfo', {'*':('', '0')}, Pihole)
+    # Whiptail dialog returns Cancel for user prompt
+    mock_command('whiptail', {'*':('', '0')}, Pihole)
+    configureFirewall = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    configureFirewall
+    ''')
+    expected_stdout = 'Installing new IPTables firewall rulesets'
+    assert expected_stdout in configureFirewall.stdout
+    firewall_calls = Pihole.run('cat /var/log/iptables').stdout
+    assert 'iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT' in firewall_calls
+    assert 'iptables -I INPUT 1 -p tcp -m tcp --dport 53 -j ACCEPT' in firewall_calls
+    assert 'iptables -I INPUT 1 -p udp -m udp --dport 53 -j ACCEPT' in firewall_calls
+
+def test_installPiholeWeb_fresh_install_no_errors(Pihole):
+    ''' confirms all web page assets from Core repo are installed on a fresh build '''
+    installWeb = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    installPiholeWeb
+    ''')
+    assert 'Installing pihole custom index page...' in installWeb.stdout
+    assert 'No default index.lighttpd.html file found... not backing up' in installWeb.stdout
+    web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
+    assert 'index.php' in web_directory
+    assert 'index.js' in web_directory
+    assert 'blockingpage.css' in web_directory
+
+def test_installPiholeWeb_empty_directory_no_errors(Pihole):
+    ''' confirms all web page assets from Core repo are installed in an emtpy directory '''
+    installWeb = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    mkdir -p /var/www/html/pihole
+    installPiholeWeb
+    ''')
+    assert 'Installing pihole custom index page...' in installWeb.stdout
+    assert 'No default index.lighttpd.html file found... not backing up' not in installWeb.stdout
+    assert 'index.php missing, replacing...' in installWeb.stdout
+    assert 'index.js missing, replacing...' in installWeb.stdout
+    assert 'blockingpage.css missing, replacing...' in installWeb.stdout
+    web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
+    assert 'index.php' in web_directory
+    assert 'index.js' in web_directory
+    assert 'blockingpage.css' in web_directory
+
+def test_installPiholeWeb_index_php_no_errors(Pihole):
+    ''' confirms all web page assets from Core repo are installed when necessary '''
+    installWeb = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    mkdir -p /var/www/html/pihole
+    touch /var/www/html/pihole/index.php
+    installPiholeWeb
+    ''')
+    assert 'Installing pihole custom index page...' in installWeb.stdout
+    assert 'No default index.lighttpd.html file found... not backing up' not in installWeb.stdout
+    assert 'Existing index.php detected, not overwriting' in installWeb.stdout
+    assert 'index.js missing, replacing...' in installWeb.stdout
+    assert 'blockingpage.css missing, replacing...' in installWeb.stdout
+    web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
+    assert 'index.php' in web_directory
+    assert 'index.js' in web_directory
+    assert 'blockingpage.css' in web_directory
+
+def test_installPiholeWeb_index_js_no_errors(Pihole):
+    ''' confirms all web page assets from Core repo are installed when necessary '''
+    installWeb = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    mkdir -p /var/www/html/pihole
+    touch /var/www/html/pihole/index.js
+    installPiholeWeb
+    ''')
+    assert 'Installing pihole custom index page...' in installWeb.stdout
+    assert 'No default index.lighttpd.html file found... not backing up' not in installWeb.stdout
+    assert 'index.php missing, replacing...' in installWeb.stdout
+    assert 'Existing index.js detected, not overwriting' in installWeb.stdout
+    assert 'blockingpage.css missing, replacing...' in installWeb.stdout
+    web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
+    assert 'index.php' in web_directory
+    assert 'index.js' in web_directory
+    assert 'blockingpage.css' in web_directory
+
+def test_installPiholeWeb_blockingpage_css_no_errors(Pihole):
+    ''' confirms all web page assets from Core repo are installed when necessary '''
+    installWeb = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    mkdir -p /var/www/html/pihole
+    touch /var/www/html/pihole/blockingpage.css
+    installPiholeWeb
+    ''')
+    assert 'Installing pihole custom index page...' in installWeb.stdout
+    assert 'No default index.lighttpd.html file found... not backing up' not in installWeb.stdout
+    assert 'index.php missing, replacing...' in installWeb.stdout
+    assert 'index.js missing, replacing...' in installWeb.stdout
+    assert 'Existing blockingpage.css detected, not overwriting' in installWeb.stdout
+    web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
+    assert 'index.php' in web_directory
+    assert 'index.js' in web_directory
+    assert 'blockingpage.css' in web_directory
+
+def test_installPiholeWeb_already_populated_no_errors(Pihole):
+    ''' confirms all web page assets from Core repo are installed when necessary '''
+    installWeb = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    mkdir -p /var/www/html/pihole
+    touch /var/www/html/pihole/index.php
+    touch /var/www/html/pihole/index.js
+    touch /var/www/html/pihole/blockingpage.css
+    installPiholeWeb
+    ''')
+    assert 'Installing pihole custom index page...' in installWeb.stdout
+    assert 'No default index.lighttpd.html file found... not backing up' not in installWeb.stdout
+    assert 'Existing index.php detected, not overwriting' in installWeb.stdout
+    assert 'index.php missing, replacing...' not in installWeb.stdout
+    assert 'Existing index.js detected, not overwriting' in installWeb.stdout
+    assert 'index.js missing, replacing...' not in installWeb.stdout
+    assert 'Existing blockingpage.css detected, not overwriting' in installWeb.stdout
+    assert 'blockingpage.css missing, replacing... ' not in installWeb.stdout
+    web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
+    assert 'index.php' in web_directory
+    assert 'index.js' in web_directory
+    assert 'blockingpage.css' in web_directory

 # Helper functions
-def mock_command(script, result, container):
+def mock_command(script, args, container):
    ''' Allows for setup of commands we don't really want to have to run for real in unit tests '''
-    ''' TODO: support array of results that enable the results to change over multiple executions of a command '''
    full_script_path = '/usr/local/bin/{}'.format(script)
    mock_script = dedent('''\
    #!/bin/bash -e
    echo "\$0 \$@" >> /var/log/{script}
-    exit {retcode}
-    '''.format(script=script, retcode=result))
+    case "\$1" in'''.format(script=script))
+    for k, v in args.iteritems():
+        case = dedent('''
+        {arg})
+        echo {res}
+        exit {retcode}
+        ;;'''.format(arg=k, res=v[0], retcode=v[1]))
+        mock_script += case
+    mock_script += dedent('''
+    esac''')
    container.run('''
    cat <<EOF> {script}\n{content}\nEOF
    chmod +x {script}
-    '''.format(script=full_script_path, content=mock_script))
+    rm -f /var/log/{scriptlog}'''.format(script=full_script_path, content=mock_script, scriptlog=script))

 def run_script(Pihole, script):
    result = Pihole.run(script)