Recommend to disable logging to pihole.log on new installs/during reconfigure.

Signed-off-by: DL6ER <dl6er@dl6er.de>
Merge pull request #2833 from bcambl/fedora30_tests
2019-07-10 19:05:00 +02:00 · 2019-07-06 19:27:02 -04:00 · 2019-07-06 11:06:08 -06:00 · 2019-07-06 10:58:19 -06:00 · 2019-07-06 10:57:57 -06:00 · 2019-07-05 17:18:50 -04:00
28 changed files with 1252 additions and 818 deletions
--- a/README.md
+++ b/README.md
@@ -17,9 +17,9 @@ The Pi-hole[®](https://pi-hole.net/trademark-rules-and-brand-guidelines/) is a
 - **Free**: open source software which helps ensure _you_ are the sole person in control of your privacy
 -----
-<a href="https://www.codacy.com/app/Pi-hole/pi-hole?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=pi-hole/pi-hole&amp;utm_campaign=Badge_Grade"><img src="https://api.codacy.com/project/badge/Grade/c558a0f8d7124c99b02b84f0f5564238" alt="Codacy Grade"/></a>
+[![Codacy Badge](https://api.codacy.com/project/badge/Grade/c558a0f8d7124c99b02b84f0f5564238)](https://www.codacy.com/app/Pi-hole/pi-hole?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=pi-hole/pi-hole&amp;utm_campaign=Badge_Grade)
-<a href="https://travis-ci.org/pi-hole/pi-hole"><img src="https://travis-ci.org/pi-hole/pi-hole.svg?branch=development" alt="Travis Build Status"/></a>
+[![Build Status](https://travis-ci.org/pi-hole/pi-hole.svg?branch=development)](https://travis-ci.org/pi-hole/pi-hole)
-<a href="https://www.bountysource.com/trackers/3011939-pi-hole-pi-hole?utm_source=3011939&utm_medium=shield&utm_campaign=TRACKER_BADGE"><img src="https://www.bountysource.com/badge/tracker?tracker_id=3011939" alt="BountySource"/></a>
+[![BountySource](https://www.bountysource.com/badge/tracker?tracker_id=3011939)](https://www.bountysource.com/trackers/3011939-pi-hole-pi-hole?utm_source=3011939&utm_medium=shield&utm_campaign=TRACKER_BADGE)
 ## One-Step Automated Install
 Those who want to get started quickly and conveniently may install Pi-hole using the following command:
@@ -61,16 +61,13 @@ Make no mistake: **your support is absolutely vital to help keep us innovating!*
 Sending a donation using our links below is **extremely helpful** in offsetting a portion of our monthly expenses:
 - <img src="https://pi-hole.github.io/graphics/Badges/paypal-badge-black.svg" width="24" height="24" alt="PP"/> <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=3J2L3Z4DHW9UY">Donate via PayPal</a><br/>
- <img src="https://pi-hole.github.io/graphics/Badges/bitcoin-badge-black.svg" width="24" height="24" alt="BTC"/> [Bitcoin](https://commerce.coinbase.com/checkout/fb7facaf-bebd-46be-bb77-b358f4546763): <code>
+- <img src="https://pi-hole.github.io/graphics/Badges/bitcoin-badge-black.svg" width="24" height="24" alt="BTC"/> [Bitcoin, Bitcoin Cash, Ethereum, Litecoin](https://commerce.coinbase.com/checkout/dd304d04-f324-4a77-931b-0db61c77a41b)
 3MDPzjXu2hjw5sGLJvKUi1uXbvQPzVrbpF</code></br>
 - <img src="https://pi-hole.github.io/graphics/Badges/bitcoin-badge-black.svg" width="24" height="24" alt="BTC"/> [Bitcoin Cash](https://commerce.coinbase.com/checkout/fb7facaf-bebd-46be-bb77-b358f4546763): <code>qzqsz4aju2eecc6uhs7tus4vlwhhela24sdruf4qp5</code></br>
 - <img src="https://pi-hole.github.io/graphics/Badges/ethereum-badge-black.svg" width="24" height="24" alt="BTC"/> [Ethereum](https://commerce.coinbase.com/checkout/fb7facaf-bebd-46be-bb77-b358f4546763): <code>0x79d4e90A4a0C732819526c93e21A3F1356A2FAe1</code>
 ### Alternative support
 If you'd rather not [donate](https://pi-hole.net/donate/) (_which is okay!_), there are other ways you can help support us:
 - [Patreon](https://patreon.com/pihole) _Become a patron for rewards_
 - [Digital Ocean](http://www.digitalocean.com/?refcode=344d234950e1) _affiliate link_
- [Stickermule](https://www.stickermule.com/unlock?ref_id=6055890701&utm_medium=link&utm_source=invite) _earn a $10 credit after your first purchase_
+- [Stickermule](https://www.stickermule.com/unlock?ref_id=9127301701&utm_medium=link&utm_source=invite) _earn a $10 credit after your first purchase_
 - [Pi-hole Swag Store](https://pi-hole.net/shop/) _affiliate link_
 - [Amazon](http://www.amazon.com/exec/obidos/redirect-home/pihole09-20) _affiliate link_
 - [DNS Made Easy](https://cp.dnsmadeeasy.com/u/133706) _affiliate link_
--- a/advanced/01-pihole.conf
+++ b/advanced/01-pihole.conf
@@ -18,13 +18,8 @@
 #                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
 ###############################################################################
 addn-hosts=/etc/pihole/gravity.list
 addn-hosts=/etc/pihole/black.list
 addn-hosts=/etc/pihole/local.list
 user=pihole
 group=pihole
 domain-needed
 localise-queries
--- a/advanced/Scripts/chronometer.sh
+++ b/advanced/Scripts/chronometer.sh
@@ -444,6 +444,9 @@ get_strings() {
 }
 chronoFunc() {
    local extra_arg="$1"
    local extra_value="$2"
    get_init_stats
    for (( ; ; )); do
@@ -461,10 +464,8 @@ chronoFunc() {
        fi
        # Get refresh number
-        if [[ "$*" == *"-r"* ]]; then
+        if [[ "${extra_arg}" = "refresh" ]]; then
-            num="$*"
+            num="${extra_value}"
            num="${num/*-r /}"
            num="${num/ */}"
            num_str="Refresh set for every $num seconds"
        else
            num_str=""
@@ -473,7 +474,7 @@ chronoFunc() {
        clear
        # Remove exit message heading on third refresh
-        if [[ "$count" -le 2 ]] && [[ "$*" != *"-e"* ]]; then
+        if [[ "$count" -le 2 ]] && [[ "${extra_arg}" != "exit" ]]; then
            echo -e " ${COL_LIGHT_GREEN}Pi-hole Chronometer${COL_NC}
            $num_str
            ${COL_LIGHT_RED}Press Ctrl-C to exit${COL_NC}
@@ -521,10 +522,10 @@ chronoFunc() {
        fi
        # Handle exit/refresh options
-        if [[ "$*" == *"-e"* ]]; then
+        if [[ "${extra_arg}" == "exit" ]]; then
            exit 0
        else
-            if [[ "$*" == *"-r"* ]]; then
+            if [[ "${extra_arg}" == "refresh" ]]; then
                sleep "$num"
            else
                sleep 5
@@ -561,12 +562,10 @@ if [[ $# = 0 ]]; then
    chronoFunc
 fi
-for var in "$@"; do
+case "$1" in
    case "$var" in
    "-j" | "--json"    ) jsonFunc;;
    "-h" | "--help"    ) helpFunc;;
-        "-r" | "--refresh" ) chronoFunc "$@";;
+    "-r" | "--refresh" ) chronoFunc refresh "$2";;
-        "-e" | "--exit"    ) chronoFunc "$@";;
+    "-e" | "--exit"    ) chronoFunc exit;;
    *                  ) helpFunc "?";;
-    esac
+esac
 done
--- a/advanced/Scripts/list.sh
+++ b/advanced/Scripts/list.sh
@@ -11,46 +11,45 @@
 # Globals
 basename=pihole
 piholeDir=/etc/"${basename}"
-whitelist="${piholeDir}"/whitelist.txt
+gravityDBfile="${piholeDir}/gravity.db"
 blacklist="${piholeDir}"/blacklist.txt
 readonly regexlist="/etc/pihole/regex.list"
 reload=false
 addmode=true
 verbose=true
 wildcard=false
 web=false
 domList=()
-listMain=""
+listType=""
-listAlt=""
+listname=""
 colfile="/opt/pihole/COL_TABLE"
 source ${colfile}
 helpFunc() {
-    if [[ "${listMain}" == "${whitelist}" ]]; then
+    if [[ "${listType}" == "whitelist" ]]; then
        param="w"
-        type="white"
+        type="whitelist"
-    elif [[ "${listMain}" == "${regexlist}" && "${wildcard}" == true ]]; then
+    elif [[ "${listType}" == "regex" && "${wildcard}" == true ]]; then
        param="-wild"
-        type="wildcard black"
+        type="wildcard blacklist"
-    elif [[ "${listMain}" == "${regexlist}" ]]; then
+    elif [[ "${listType}" == "regex" ]]; then
        param="-regex"
-        type="regex black"
+        type="regex filter"
    else
        param="b"
-        type="black"
+        type="blacklist"
    fi
    echo "Usage: pihole -${param} [options] <domain> <domain2 ...>
 Example: 'pihole -${param} site.com', or 'pihole -${param} site1.com site2.com'
-${type^}list one or more domains
+${type^} one or more domains
 Options:
-  -d, --delmode       Remove domain(s) from the ${type}list
+  -d, --delmode       Remove domain(s) from the ${type}
-  -nr, --noreload     Update ${type}list without refreshing dnsmasq
+  -nr, --noreload     Update ${type} without reloading the DNS server
  -q, --quiet         Make output less verbose
  -h, --help          Show this help dialog
  -l, --list          Display all your ${type}listed domains
@@ -73,7 +72,7 @@ HandleOther() {
    # Check validity of domain (don't check for regex entries)
    if [[ "${#domain}" -le 253 ]]; then
-        if [[ "${listMain}" == "${regexlist}" && "${wildcard}" == false ]]; then
+        if [[ "${listType}" == "regex" && "${wildcard}" == false ]]; then
            validDomain="${domain}"
        else
            validDomain=$(grep -P "^((-|_)*[a-z\\d]((-|_)*[a-z\\d])*(-|_)*)(\\.(-|_)*([a-z\\d]((-|_)*[a-z\\d])*))*$" <<< "${domain}") # Valid chars check
@@ -88,175 +87,143 @@ HandleOther() {
    fi
 }
-PoplistFile() {
+ProcessDomainList() {
-    # Check whitelist file exists, and if not, create it
+    if [[ "${listType}" == "regex" ]]; then
-    if [[ ! -f "${whitelist}" ]]; then
+        # Regex filter list
-        touch "${whitelist}"
+        listname="regex filters"
-    fi
+    else
-
+        # Whitelist / Blacklist
-    # Check blacklist file exists, and if not, create it
+        listname="${listType}"
    if [[ ! -f "${blacklist}" ]]; then
        touch "${blacklist}"
    fi
    for dom in "${domList[@]}"; do
-        # Logic: If addmode then add to desired list and remove from the other; if delmode then remove from desired list but do not add to the other
+        # Format domain into regex filter if requested
        if [[ "${wildcard}" == true ]]; then
            dom="(^|\\.)${dom//\./\\.}$"
        fi
        # Logic: If addmode then add to desired list and remove from the other;
        # if delmode then remove from desired list but do not add to the other
        if ${addmode}; then
-            AddDomain "${dom}" "${listMain}"
+            AddDomain "${dom}" "${listType}"
            if [[ ! "${listType}" == "regex" ]]; then
                RemoveDomain "${dom}" "${listAlt}"
            fi
        else
-            RemoveDomain "${dom}" "${listMain}"
+            RemoveDomain "${dom}" "${listType}"
        fi
  done
 }
 AddDomain() {
    local domain list num
    # Use printf to escape domain. %q prints the argument in a form that can be reused as shell input
    domain="$1"
    list="$2"
    domain=$(EscapeRegexp "$1")
    [[ "${list}" == "${whitelist}" ]] && listname="whitelist"
    [[ "${list}" == "${blacklist}" ]] && listname="blacklist"
    if [[ "${list}" == "${whitelist}" || "${list}" == "${blacklist}" ]]; then
        [[ "${list}" == "${whitelist}" && -z "${type}" ]] && type="--whitelist-only"
        [[ "${list}" == "${blacklist}" && -z "${type}" ]] && type="--blacklist-only"
        bool=true
    # Is the domain in the list we want to add it to?
-        grep -Ex -q "${domain}" "${list}" > /dev/null 2>&1 || bool=false
+    num="$(sqlite3 "${gravityDBfile}" "SELECT COUNT(*) FROM ${list} WHERE domain = '${domain}';")"
-        if [[ "${bool}" == false ]]; then
+    if [[ "${num}" -ne 0 ]]; then
            # Domain not found in the whitelist file, add it!
            if [[ "${verbose}" == true ]]; then
                echo -e "  ${INFO} Adding ${1} to ${listname}..."
            fi
            reload=true
            # Add it to the list we want to add it to
            echo "$1" >> "${list}"
        else
      if [[ "${verbose}" == true ]]; then
          echo -e "  ${INFO} ${1} already exists in ${listname}, no need to add!"
      fi
      return
    fi
    elif [[ "${list}" == "${regexlist}" ]]; then
        [[ -z "${type}" ]] && type="--wildcard-only"
        bool=true
        domain="${1}"
-        [[ "${wildcard}" == true ]] && domain="(^|\\.)${domain//\./\\.}$"
+    # Domain not found in the table, add it!
        # Is the domain in the list?
        # Search only for exactly matching lines
        grep -Fx "${domain}" "${regexlist}" > /dev/null 2>&1 || bool=false
        if [[ "${bool}" == false ]]; then
    if [[ "${verbose}" == true ]]; then
-                echo -e "  ${INFO} Adding ${domain} to regex list..."
+        echo -e "  ${INFO} Adding ${1} to the ${listname}..."
            fi
            reload="restart"
            echo "$domain" >> "${regexlist}"
        else
            if [[ "${verbose}" == true ]]; then
                echo -e "  ${INFO} ${domain} already exists in regex list, no need to add!"
            fi
        fi
    fi
    reload=true
    # Insert only the domain here. The enabled and date_added fields will be filled
    # with their default values (enabled = true, date_added = current timestamp)
    sqlite3 "${gravityDBfile}" "INSERT INTO ${list} (domain) VALUES ('${domain}');"
 }
 RemoveDomain() {
    local domain list num
    # Use printf to escape domain. %q prints the argument in a form that can be reused as shell input
    domain="$1"
    list="$2"
    domain=$(EscapeRegexp "$1")
-    [[ "${list}" == "${whitelist}" ]] && listname="whitelist"
+    # Is the domain in the list we want to remove it from?
-    [[ "${list}" == "${blacklist}" ]] && listname="blacklist"
+    num="$(sqlite3 "${gravityDBfile}" "SELECT COUNT(*) FROM ${list} WHERE domain = '${domain}';")"
-    if [[ "${list}" == "${whitelist}" || "${list}" == "${blacklist}" ]]; then
+    if [[ "${num}" -eq 0 ]]; then
        bool=true
        [[ "${list}" == "${whitelist}" && -z "${type}" ]] && type="--whitelist-only"
        [[ "${list}" == "${blacklist}" && -z "${type}" ]] && type="--blacklist-only"
        # Is it in the list? Logic follows that if its whitelisted it should not be blacklisted and vice versa
        grep -Ex -q "${domain}" "${list}" > /dev/null 2>&1 || bool=false
        if [[ "${bool}" == true ]]; then
            # Remove it from the other one
            echo -e "  ${INFO} Removing $1 from ${listname}..."
            # /I flag: search case-insensitive
            sed -i "/${domain}/Id" "${list}"
            reload=true
        else
      if [[ "${verbose}" == true ]]; then
-                echo -e "  ${INFO} ${1} does not exist in ${listname}, no need to remove!"
+          echo -e "  ${INFO} ${1} does not exist in ${list}, no need to remove!"
      fi
      return
    fi
    elif [[ "${list}" == "${regexlist}" ]]; then
        [[ -z "${type}" ]] && type="--wildcard-only"
        domain="${1}"
-        [[ "${wildcard}" == true ]] && domain="(^|\\.)${domain//\./\\.}$"
+    # Domain found in the table, remove it!
        bool=true
        # Is it in the list?
        grep -Fx "${domain}" "${regexlist}" > /dev/null 2>&1 || bool=false
        if [[ "${bool}" == true ]]; then
            # Remove it from the other one
            echo -e "  ${INFO} Removing $domain from regex list..."
            local lineNumber
            lineNumber=$(grep -Fnx "$domain" "${list}" | cut -f1 -d:)
            sed -i "${lineNumber}d" "${list}"
            reload=true
        else
    if [[ "${verbose}" == true ]]; then
-                echo -e "  ${INFO} ${domain} does not exist in regex list, no need to remove!"
+        echo -e "  ${INFO} Removing ${1} from the ${listname}..."
    fi
-        fi
+    reload=true
-    fi
+    # Remove it from the current list
-}
+    sqlite3 "${gravityDBfile}" "DELETE FROM ${list} WHERE domain = '${domain}';"
 # Update Gravity
 Reload() {
    echo ""
    pihole -g --skip-download "${type:-}"
 }
 Displaylist() {
-    if [[ -f ${listMain} ]]; then
+    local list listname count num_pipes domain enabled status nicedate
-        if [[ "${listMain}" == "${whitelist}" ]]; then
+
-            string="gravity resistant domains"
+    listname="${listType}"
    data="$(sqlite3 "${gravityDBfile}" "SELECT domain,enabled,date_modified FROM ${listType};" 2> /dev/null)"
    if [[ -z $data ]]; then
        echo -e "Not showing empty ${listname}"
    else
-            string="domains caught in the sinkhole"
+        echo -e "Displaying ${listname}:"
        fi
        verbose=false
        echo -e "Displaying $string:\n"
        count=1
-        while IFS= read -r RD || [ -n "${RD}" ]; do
+        while IFS= read -r line
-            echo "  ${count}: ${RD}"
+        do
-            count=$((count+1))
+            # Count number of pipes seen in this line
-        done < "${listMain}"
+            # This is necessary because we can only detect the pipe separating the fields
            # from the end backwards as the domain (which is the first field) may contain
            # pipe symbols as they are perfectly valid regex filter control characters
            num_pipes="$(grep -c "^" <<< "$(grep -o "|" <<< "${line}")")"
            # Extract domain and enabled status based on the obtained number of pipe characters
            domain="$(cut -d'|' -f"-$((num_pipes-1))" <<< "${line}")"
            enabled="$(cut -d'|' -f"$((num_pipes))" <<< "${line}")"
            datemod="$(cut -d'|' -f"$((num_pipes+1))" <<< "${line}")"
            # Translate boolean status into human readable string
            if [[ "${enabled}" -eq 1 ]]; then
                status="enabled"
            else
-        echo -e "  ${COL_LIGHT_RED}${listMain} does not exist!${COL_NC}"
+                status="disabled"
            fi
            # Get nice representation of numerical date stored in database
            nicedate=$(date --rfc-2822 -d "@${datemod}")
            echo "  ${count}: ${domain} (${status}, last modified ${nicedate})"
            count=$((count+1))
        done <<< "${data}"
    fi
    exit 0;
 }
 NukeList() {
-    if [[ -f "${listMain}" ]]; then
+    sqlite3 "${gravityDBfile}" "DELETE FROM ${listType};"
        # Back up original list
        cp "${listMain}" "${listMain}.bck~"
        # Empty out file
        echo "" > "${listMain}"
    fi
 }
 for var in "$@"; do
    case "${var}" in
-        "-w" | "whitelist"   ) listMain="${whitelist}"; listAlt="${blacklist}";;
+        "-w" | "whitelist"   ) listType="whitelist"; listAlt="blacklist";;
-        "-b" | "blacklist"   ) listMain="${blacklist}"; listAlt="${whitelist}";;
+        "-b" | "blacklist"   ) listType="blacklist"; listAlt="whitelist";;
-        "--wild" | "wildcard" ) listMain="${regexlist}"; wildcard=true;;
+        "--wild" | "wildcard" ) listType="regex"; wildcard=true;;
-        "--regex" | "regex"   ) listMain="${regexlist}";;
+        "--regex" | "regex"   ) listType="regex";;
        "-nr"| "--noreload"  ) reload=false;;
        "-d" | "--delmode"   ) addmode=false;;
        "-q" | "--quiet"     ) verbose=false;;
        "-h" | "--help"      ) helpFunc;;
        "-l" | "--list"      ) Displaylist;;
        "--nuke"             ) NukeList;;
        "--web"              ) web=true;;
        *                    ) HandleOther "${var}";;
    esac
 done
@@ -267,9 +234,13 @@ if [[ $# = 0 ]]; then
    helpFunc
 fi
-PoplistFile
+ProcessDomainList
 # Used on web interface
 if $web; then
 echo "DONE"
 fi
 if [[ "${reload}" != false ]]; then
-    # Ensure that "restart" is used for Wildcard updates
+    pihole restartdns reload
    Reload "${reload}"
 fi
--- a/advanced/Scripts/piholeARPTable.sh
+++ b/advanced/Scripts/piholeARPTable.sh
@@ -0,0 +1,73 @@
 #!/usr/bin/env bash
 # shellcheck disable=SC1090
 # Pi-hole: A black hole for Internet advertisements
 # (c) 2019 Pi-hole, LLC (https://pi-hole.net)
 # Network-wide ad blocking via your own hardware.
 #
 # ARP table interaction
 #
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
 coltable="/opt/pihole/COL_TABLE"
 if [[ -f ${coltable} ]]; then
    source ${coltable}
 fi
 # Determine database location
 # Obtain DBFILE=... setting from pihole-FTL.db
 # Constructed to return nothing when
 # a) the setting is not present in the config file, or
 # b) the setting is commented out (e.g. "#DBFILE=...")
 FTLconf="/etc/pihole/pihole-FTL.conf"
 if [ -e "$FTLconf" ]; then
    DBFILE="$(sed -n -e 's/^\s*DBFILE\s*=\s*//p' ${FTLconf})"
 fi
 # Test for empty string. Use standard path in this case.
 if [ -z "$DBFILE" ]; then
    DBFILE="/etc/pihole/pihole-FTL.db"
 fi
 flushARP(){
    local output
    if [[ "${args[1]}" != "quiet" ]]; then
        echo -ne "  ${INFO} Flushing network table ..."
    fi
    # Flush ARP cache to avoid re-adding of dead entries
    if ! output=$(ip neigh flush all 2>&1); then
        echo -e "${OVER}  ${CROSS} Failed to clear ARP cache"
        echo "  Output: ${output}"
        return 1
    fi
    # Truncate network_addresses table in pihole-FTL.db
    # This needs to be done before we can truncate the network table due to
    # foreign key contraints
    if ! output=$(sqlite3 "${DBFILE}" "DELETE FROM network_addresses" 2>&1); then
        echo -e "${OVER}  ${CROSS} Failed to truncate network_addresses table"
        echo "  Database location: ${DBFILE}"
        echo "  Output: ${output}"
        return 1
    fi
    # Truncate network table in pihole-FTL.db
    if ! output=$(sqlite3 "${DBFILE}" "DELETE FROM network" 2>&1); then
        echo -e "${OVER}  ${CROSS} Failed to truncate network table"
        echo "  Database location: ${DBFILE}"
        echo "  Output: ${output}"
        return 1
    fi
    if [[ "${args[1]}" != "quiet" ]]; then
        echo -e "${OVER}  ${TICK} Flushed network table"
    fi
 }
 args=("$@")
 case "${args[0]}" in
    "arpflush"            ) flushARP;;
 esac
--- a/advanced/Scripts/piholeCheckout.sh
+++ b/advanced/Scripts/piholeCheckout.sh
@@ -90,6 +90,7 @@ checkout() {
        local path
        path="development/${binary}"
        echo "development" > /etc/pihole/ftlbranch
        chmod 644 /etc/pihole/ftlbranch
    elif [[ "${1}" == "master" ]] ; then
        # Shortcut to check out master branches
        echo -e "  ${INFO} Shortcut \"master\" detected - checking out master branches..."
@@ -104,6 +105,7 @@ checkout() {
        local path
        path="master/${binary}"
        echo "master" > /etc/pihole/ftlbranch
        chmod 644 /etc/pihole/ftlbranch
    elif [[ "${1}" == "core" ]] ; then
        str="Fetching branches from ${piholeGitUrl}"
        echo -ne "  ${INFO} $str"
@@ -115,7 +117,7 @@ checkout() {
        if [[ "${corebranches[*]}" == *"master"* ]]; then
            echo -e "${OVER}  ${TICK} $str"
-            echo -e "${INFO} ${#corebranches[@]} branches available for Pi-hole Core"
+            echo -e "  ${INFO} ${#corebranches[@]} branches available for Pi-hole Core"
        else
            # Print STDERR output from get_available_branches
            echo -e "${OVER}  ${CROSS} $str\\n\\n${corebranches[*]}"
@@ -142,7 +144,7 @@ checkout() {
        if [[ "${webbranches[*]}" == *"master"* ]]; then
            echo -e "${OVER}  ${TICK} $str"
-            echo -e "${INFO} ${#webbranches[@]} branches available for Web Admin"
+            echo -e "  ${INFO} ${#webbranches[@]} branches available for Web Admin"
        else
            # Print STDERR output from get_available_branches
            echo -e "${OVER}  ${CROSS} $str\\n\\n${webbranches[*]}"
@@ -166,8 +168,9 @@ checkout() {
        if check_download_exists "$path"; then
            echo "  ${TICK} Branch ${2} exists"
            echo "${2}" > /etc/pihole/ftlbranch
            chmod 644 /etc/pihole/ftlbranch
            FTLinstall "${binary}"
-            start_service pihole-FTL
+            restart_service pihole-FTL
            enable_service pihole-FTL
        else
            echo "  ${CROSS} Requested branch \"${2}\" is not available"
--- a/advanced/Scripts/piholeDebug.sh
+++ b/advanced/Scripts/piholeDebug.sh
@@ -76,6 +76,7 @@ WEB_SERVER_CONFIG_DIRECTORY="/etc/lighttpd"
 HTML_DIRECTORY="/var/www/html"
 WEB_GIT_DIRECTORY="${HTML_DIRECTORY}/admin"
 #BLOCK_PAGE_DIRECTORY="${HTML_DIRECTORY}/pihole"
 SHM_DIRECTORY="/dev/shm"
 # Files required by Pi-hole
 # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684
@@ -88,16 +89,12 @@ PIHOLE_WILDCARD_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/03-wildcard.conf"
 WEB_SERVER_CONFIG_FILE="${WEB_SERVER_CONFIG_DIRECTORY}/lighttpd.conf"
 #WEB_SERVER_CUSTOM_CONFIG_FILE="${WEB_SERVER_CONFIG_DIRECTORY}/external.conf"
 PIHOLE_DEFAULT_AD_LISTS="${PIHOLE_DIRECTORY}/adlists.default"
 PIHOLE_USER_DEFINED_AD_LISTS="${PIHOLE_DIRECTORY}/adlists.list"
 PIHOLE_BLACKLIST_FILE="${PIHOLE_DIRECTORY}/blacklist.txt"
 PIHOLE_BLOCKLIST_FILE="${PIHOLE_DIRECTORY}/gravity.list"
 PIHOLE_INSTALL_LOG_FILE="${PIHOLE_DIRECTORY}/install.log"
 PIHOLE_RAW_BLOCKLIST_FILES="${PIHOLE_DIRECTORY}/list.*"
 PIHOLE_LOCAL_HOSTS_FILE="${PIHOLE_DIRECTORY}/local.list"
 PIHOLE_LOGROTATE_FILE="${PIHOLE_DIRECTORY}/logrotate"
 PIHOLE_SETUP_VARS_FILE="${PIHOLE_DIRECTORY}/setupVars.conf"
-PIHOLE_WHITELIST_FILE="${PIHOLE_DIRECTORY}/whitelist.txt"
+PIHOLE_GRAVITY_DB_FILE="${PIHOLE_DIRECTORY}/gravity.db"
 PIHOLE_COMMAND="${BIN_DIRECTORY}/pihole"
 PIHOLE_COLTABLE_FILE="${BIN_DIRECTORY}/COL_TABLE"
@@ -108,7 +105,6 @@ FTL_PORT="${RUN_DIRECTORY}/pihole-FTL.port"
 PIHOLE_LOG="${LOG_DIRECTORY}/pihole.log"
 PIHOLE_LOG_GZIPS="${LOG_DIRECTORY}/pihole.log.[0-9].*"
 PIHOLE_DEBUG_LOG="${LOG_DIRECTORY}/pihole_debug.log"
 PIHOLE_DEBUG_LOG_SANITIZED="${LOG_DIRECTORY}/pihole_debug-sanitized.log"
 PIHOLE_FTL_LOG="${LOG_DIRECTORY}/pihole-FTL.log"
 PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access.log"
@@ -142,16 +138,11 @@ REQUIRED_FILES=("${PIHOLE_CRON_FILE}"
 "${PIHOLE_DHCP_CONFIG_FILE}"
 "${PIHOLE_WILDCARD_CONFIG_FILE}"
 "${WEB_SERVER_CONFIG_FILE}"
 "${PIHOLE_DEFAULT_AD_LISTS}"
 "${PIHOLE_USER_DEFINED_AD_LISTS}"
 "${PIHOLE_BLACKLIST_FILE}"
 "${PIHOLE_BLOCKLIST_FILE}"
 "${PIHOLE_INSTALL_LOG_FILE}"
 "${PIHOLE_RAW_BLOCKLIST_FILES}"
 "${PIHOLE_LOCAL_HOSTS_FILE}"
 "${PIHOLE_LOGROTATE_FILE}"
 "${PIHOLE_SETUP_VARS_FILE}"
 "${PIHOLE_WHITELIST_FILE}"
 "${PIHOLE_COMMAND}"
 "${PIHOLE_COLTABLE_FILE}"
 "${FTL_PID}"
@@ -208,11 +199,6 @@ log_write() {
 copy_to_debug_log() {
    # Copy the contents of file descriptor 3 into the debug log
    cat /proc/$$/fd/3 > "${PIHOLE_DEBUG_LOG}"
    # Since we use color codes such as '\e[1;33m', they should be removed before being
    # uploaded to our server, since it can't properly display in color
    # This is accomplished by use sed to remove characters matching that patter
    # The entire file is then copied over to a sanitized version of the log
    sed 's/\[[0-9;]\{1,5\}m//g' > "${PIHOLE_DEBUG_LOG_SANITIZED}" <<< cat "${PIHOLE_DEBUG_LOG}"
 }
 initialize_debug() {
@@ -268,6 +254,9 @@ compare_local_version_to_git_version() {
            # The commit they are on
            local remote_commit
            remote_commit=$(git describe --long --dirty --tags --always)
            # Status of the repo
            local local_status
            local_status=$(git status -s)
            # echo this information out to the user in a nice format
            # If the current version matches what pihole -v produces, the user is up-to-date
            if [[ "${remote_version}" == "$(pihole -v | awk '/${search_term}/ {print $6}' | cut -d ')' -f1)" ]]; then
@@ -290,6 +279,16 @@ compare_local_version_to_git_version() {
            fi
            # echo the current commit
            log_write "${INFO} Commit: ${remote_commit}"
            # if `local_status` is non-null, then the repo is not clean, display details here
            if [[ ${local_status} ]]; then
              #Replace new lines in the status with 12 spaces to make the output cleaner
              log_write "${INFO} Status: ${local_status//$'\n'/'\n            '}"
              local local_diff
              local_diff=$(git diff)
              if [[ ${local_diff} ]]; then
                log_write "${INFO} Diff: ${local_diff//$'\n'/'\n          '}"
              fi
            fi
        # If git status failed,
        else
            # Return an error message
@@ -785,7 +784,7 @@ dig_at() {
    # This helps emulate queries to different domains that a user might query
    # It will also give extra assurance that Pi-hole is correctly resolving and blocking domains
    local random_url
-    random_url=$(shuf -n 1 "${PIHOLE_BLOCKLIST_FILE}")
+    random_url=$(sqlite3 "${PIHOLE_GRAVITY_DB_FILE}" "SELECT domain FROM vw_gravity ORDER BY RANDOM() LIMIT 1")
    # First, do a dig on localhost to see if Pi-hole can use itself to block a domain
    if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @${local_address} +short "${record_type}"); then
@@ -967,8 +966,7 @@ list_files_in_dir() {
        if [[ -d "${dir_to_parse}/${each_file}" ]]; then
            # If it's a directoy, do nothing
            :
-        elif [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_BLOCKLIST_FILE}" ]] || \
+        elif [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_DEBUG_LOG}" ]] || \
            [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_DEBUG_LOG}" ]] || \
            [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_RAW_BLOCKLIST_FILES}" ]] || \
            [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_INSTALL_LOG_FILE}" ]] || \
            [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_SETUP_VARS_FILE}" ]] || \
@@ -976,6 +974,9 @@ list_files_in_dir() {
            [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_WEB_SERVER_ACCESS_LOG_FILE}" ]] || \
            [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_LOG_GZIPS}" ]]; then
            :
        elif [[ "${dir_to_parse}" == "${SHM_DIRECTORY}" ]]; then
            # SHM file - we do not want to see the content, but we want to see the files and their sizes
            log_write "$(ls -ld "${dir_to_parse}"/"${each_file}")"
        else
            # Then, parse the file's content into an array so each line can be analyzed if need be
            for i in "${!REQUIRED_FILES[@]}"; do
@@ -1019,6 +1020,7 @@ show_content_of_pihole_files() {
    show_content_of_files_in_dir "${CRON_D_DIRECTORY}"
    show_content_of_files_in_dir "${WEB_SERVER_LOG_DIRECTORY}"
    show_content_of_files_in_dir "${LOG_DIRECTORY}"
    show_content_of_files_in_dir "${SHM_DIRECTORY}"
 }
 head_tail_log() {
@@ -1049,31 +1051,70 @@ head_tail_log() {
    IFS="$OLD_IFS"
 }
-analyze_gravity_list() {
+show_db_entries() {
-    echo_current_diagnostic "Gravity list"
+    local title="${1}"
-    local head_line
+    local query="${2}"
-    local tail_line
+    local widths="${3}"
-    # Put the current Internal Field Separator into another variable so it can be restored later
+
    echo_current_diagnostic "${title}"
    OLD_IFS="$IFS"
    # Get the lines that are in the file(s) and store them in an array for parsing later
    IFS=$'\r\n'
    local entries=()
    mapfile -t entries < <(\
        sqlite3 "${PIHOLE_GRAVITY_DB_FILE}" \
            -cmd ".headers on" \
            -cmd ".mode column" \
            -cmd ".width ${widths}" \
            "${query}"\
    )
    for line in "${entries[@]}"; do
        log_write "   ${line}"
    done
    IFS="$OLD_IFS"
 }
 show_adlists() {
    show_db_entries "Adlists" "SELECT * FROM adlist" "4 100 7 10 13 50"
 }
 show_whitelist() {
    show_db_entries "Whitelist" "SELECT * FROM whitelist" "4 100 7 10 13 50"
 }
 show_blacklist() {
    show_db_entries "Blacklist" "SELECT * FROM blacklist" "4 100 7 10 13 50"
 }
 show_regexlist() {
    show_db_entries "Regexlist" "SELECT * FROM regex" "4 100 7 10 13 50"
 }
 analyze_gravity_list() {
    echo_current_diagnostic "Gravity List and Database"
    local gravity_permissions
-    gravity_permissions=$(ls -ld "${PIHOLE_BLOCKLIST_FILE}")
+    gravity_permissions=$(ls -ld "${PIHOLE_GRAVITY_DB_FILE}")
    log_write "${COL_GREEN}${gravity_permissions}${COL_NC}"
-    local gravity_head=()
+
-    mapfile -t gravity_head < <(head -n 4 ${PIHOLE_BLOCKLIST_FILE})
+    local gravity_size
-    log_write "   ${COL_CYAN}-----head of $(basename ${PIHOLE_BLOCKLIST_FILE})------${COL_NC}"
+    gravity_size=$(sqlite3 "${PIHOLE_GRAVITY_DB_FILE}" "SELECT COUNT(*) FROM vw_gravity")
-    for head_line in "${gravity_head[@]}"; do
+    log_write "   Size (excluding blacklist): ${COL_CYAN}${gravity_size}${COL_NC} entries"
        log_write "   ${head_line}"
    done
    log_write ""
-    local gravity_tail=()
+
-    mapfile -t gravity_tail < <(tail -n 4 ${PIHOLE_BLOCKLIST_FILE})
+    OLD_IFS="$IFS"
-    log_write "   ${COL_CYAN}-----tail of $(basename ${PIHOLE_BLOCKLIST_FILE})------${COL_NC}"
+    IFS=$'\r\n'
-    for tail_line in "${gravity_tail[@]}"; do
+    local gravity_sample=()
-        log_write "   ${tail_line}"
+    mapfile -t gravity_sample < <(sqlite3 "${PIHOLE_GRAVITY_DB_FILE}" "SELECT domain FROM vw_gravity LIMIT 10")
    log_write "   ${COL_CYAN}----- First 10 Domains -----${COL_NC}"
    for line in "${gravity_sample[@]}"; do
        log_write "   ${line}"
    done
-    # Set the IFS back to what it was
+
    log_write ""
    IFS="$OLD_IFS"
 }
@@ -1129,20 +1170,20 @@ analyze_pihole_log() {
    IFS="$OLD_IFS"
 }
-tricorder_use_nc_or_ssl() {
+tricorder_use_nc_or_curl() {
-    # Users can submit their debug logs using nc (unencrypted) or openssl (enrypted) if available
+    # Users can submit their debug logs using nc (unencrypted) or curl (encrypted) if available
-    # Check for openssl first since encryption is a good thing
+    # Check for curl first since encryption is a good thing
-    if command -v openssl &> /dev/null; then
+    if command -v curl &> /dev/null; then
        # If the command exists,
-        log_write "    * Using ${COL_GREEN}openssl${COL_NC} for transmission."
+        log_write "    * Using ${COL_GREEN}curl${COL_NC} for transmission."
-        # encrypt and transmit the log and store the token returned in a variable
+        # transmit he log via TLS and store the token returned in a variable
-        tricorder_token=$(< ${PIHOLE_DEBUG_LOG_SANITIZED} openssl s_client -quiet -connect tricorder.pi-hole.net:${TRICORDER_SSL_PORT_NUMBER} 2> /dev/null)
+        tricorder_token=$(curl --silent --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net:${TRICORDER_SSL_PORT_NUMBER})
    # Otherwise,
    else
        # use net cat
        log_write "${INFO} Using ${COL_YELLOW}netcat${COL_NC} for transmission."
        # Save the token returned by our server in a variable
-        tricorder_token=$(< ${PIHOLE_DEBUG_LOG_SANITIZED} nc tricorder.pi-hole.net ${TRICORDER_NC_PORT_NUMBER})
+        tricorder_token=$(< ${PIHOLE_DEBUG_LOG} nc tricorder.pi-hole.net ${TRICORDER_NC_PORT_NUMBER})
    fi
 }
@@ -1168,7 +1209,7 @@ upload_to_tricorder() {
        # let the user know
        log_write "${INFO} Debug script running in automated mode"
        # and then decide again which tool to use to submit it
-        tricorder_use_nc_or_ssl
+        tricorder_use_nc_or_curl
        # If we're not running in automated mode,
    else
        echo ""
@@ -1177,7 +1218,7 @@ upload_to_tricorder() {
        read -r -p "[?] Would you like to upload the log? [y/N] " response
        case ${response} in
            # If they say yes, run our function for uploading the log
-            [yY][eE][sS]|[yY]) tricorder_use_nc_or_ssl;;
+            [yY][eE][sS]|[yY]) tricorder_use_nc_or_curl;;
            # If they choose no, just exit out of the script
            *) log_write "    * Log will ${COL_GREEN}NOT${COL_NC} be uploaded to tricorder.";exit;
        esac
@@ -1204,7 +1245,7 @@ upload_to_tricorder() {
        log_write "   * Please try again or contact the Pi-hole team for assistance."
    fi
    # Finally, show where the log file is no matter the outcome of the function so users can look at it
-    log_write "   * A local copy of the debug log can be found at: ${COL_CYAN}${PIHOLE_DEBUG_LOG_SANITIZED}${COL_NC}\\n"
+    log_write "   * A local copy of the debug log can be found at: ${COL_CYAN}${PIHOLE_DEBUG_LOG}${COL_NC}\\n"
 }
 # Run through all the functions we made
@@ -1224,6 +1265,10 @@ process_status
 parse_setup_vars
 check_x_headers
 analyze_gravity_list
 show_adlists
 show_whitelist
 show_blacklist
 show_regexlist
 show_content_of_pihole_files
 parse_locale
 analyze_pihole_log
--- a/advanced/Scripts/piholeLogFlush.sh
+++ b/advanced/Scripts/piholeLogFlush.sh
@@ -39,8 +39,9 @@ if [[ "$@" == *"once"* ]]; then
        # Note that moving the file is not an option, as
        # dnsmasq would happily continue writing into the
        # moved file (it will have the same file handler)
-        cp /var/log/pihole.log /var/log/pihole.log.1
+        cp -p /var/log/pihole.log /var/log/pihole.log.1
        echo " " > /var/log/pihole.log
        chmod 644 /var/log/pihole.log
    fi
 else
    # Manual flushing
@@ -53,6 +54,7 @@ else
        echo " " > /var/log/pihole.log
        if [ -f /var/log/pihole.log.1 ]; then
            echo " " > /var/log/pihole.log.1
            chmod 644 /var/log/pihole.log.1
        fi
    fi
    # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
--- a/advanced/Scripts/query.sh
+++ b/advanced/Scripts/query.sh
@@ -11,8 +11,7 @@
 # Globals
 piholeDir="/etc/pihole"
-adListsList="$piholeDir/adlists.list"
+gravityDBfile="${piholeDir}/gravity.db"
 wildcardlist="/etc/dnsmasq.d/03-pihole-wildcard.conf"
 options="$*"
 adlist=""
 all=""
@@ -23,27 +22,10 @@ matchType="match"
 colfile="/opt/pihole/COL_TABLE"
 source "${colfile}"
 # Print each subdomain
 # e.g: foo.bar.baz.com = "foo.bar.baz.com bar.baz.com baz.com com"
 processWildcards() {
    IFS="." read -r -a array <<< "${1}"
    for (( i=${#array[@]}-1; i>=0; i-- )); do
        ar=""
        for (( j=${#array[@]}-1; j>${#array[@]}-i-2; j-- )); do
            if [[ $j == $((${#array[@]}-1)) ]]; then
                ar="${array[$j]}"
            else
                ar="${array[$j]}.${ar}"
            fi
        done
        echo "${ar}"
    done
 }
 # Scan an array of files for matching strings
 scanList(){
    # Escape full stops
-    local domain="${1//./\\.}" lists="${2}" type="${3:-}"
+    local domain="${1}" esc_domain="${1//./\\.}" lists="${2}" type="${3:-}"
    # Prevent grep from printing file path
    cd "$piholeDir" || exit 1
@@ -54,9 +36,14 @@ scanList(){
    # /dev/null forces filename to be printed when only one list has been generated
    # shellcheck disable=SC2086
    case "${type}" in
-        "exact" ) grep -i -E -l "(^|\\s)${domain}($|\\s|#)" ${lists} /dev/null 2>/dev/null;;
+		"exact" ) grep -i -E -l "(^|(?<!#)\\s)${esc_domain}($|\\s|#)" ${lists} /dev/null 2>/dev/null;;
-        "wc"    ) grep -i -o -m 1 "/${domain}/" ${lists} 2>/dev/null;;
+		# Create array of regexps
-        *       ) grep -i "${domain}" ${lists} /dev/null 2>/dev/null;;
+		# Iterate through each regexp and check whether it matches the domainQuery
 		# If it does, print the matching regexp and continue looping
 		# Input 1 - regexps | Input 2 - domainQuery
 		"regex" ) awk 'NR==FNR{regexps[$0];next}{for (r in regexps)if($0 ~ r)print r}' \
 					<(echo "${lists}") <(echo "${domain}") 2>/dev/null;;
 		*       ) grep -i "${esc_domain}" ${lists} /dev/null 2>/dev/null;;
    esac
 }
@@ -73,11 +60,6 @@ Options:
  exit 0
 fi
 if [[ ! -e "$adListsList" ]]; then
    echo -e "${COL_LIGHT_RED}The file $adListsList was not found${COL_NC}"
    exit 1
 fi
 # Handle valid options
 if [[ "${options}" == *"-bp"* ]]; then
    exact="exact"; blockpage=true
@@ -107,48 +89,80 @@ if [[ -n "${str:-}" ]]; then
    exit 1
 fi
-# Scan Whitelist and Blacklist
+scanDatabaseTable() {
-lists="whitelist.txt blacklist.txt"
+    local domain table type querystr result
-mapfile -t results <<< "$(scanList "${domainQuery}" "${lists}" "${exact}")"
+    domain="$(printf "%q" "${1}")"
-if [[ -n "${results[*]}" ]]; then
+    table="${2}"
    type="${3:-}"
    # As underscores are legitimate parts of domains, we escape them when using the LIKE operator.
    # Underscores are SQLite wildcards matching exactly one character. We obviously want to suppress this
    # behavior. The "ESCAPE '\'" clause specifies that an underscore preceded by an '\' should be matched
    # as a literal underscore character. We pretreat the $domain variable accordingly to escape underscores.
    case "${type}" in
 		"exact" ) querystr="SELECT domain FROM vw_${table} WHERE domain = '${domain}'";;
 		*       ) querystr="SELECT domain FROM vw_${table} WHERE domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";;
    esac
    # Send prepared query to gravity database
    result="$(sqlite3 "${gravityDBfile}" "${querystr}")" 2> /dev/null
    if [[ -z "${result}" ]]; then
        # Return early when there are no matches in this table
        return
    fi
    # Mark domain as having been white-/blacklist matched (global variable)
    wbMatch=true
-    # Loop through each result in order to print unique file title once
+
    # Print table name
    echo " ${matchType^} found in ${COL_BOLD}${table^}${COL_NC}"
    # Loop over results and print them
    mapfile -t results <<< "${result}"
    for result in "${results[@]}"; do
        fileName="${result%%.*}"
        if [[ -n "${blockpage}" ]]; then
            echo "π ${result}"
            exit 0
        elif [[ -n "${exact}" ]]; then
            echo " ${matchType^} found in ${COL_BOLD}${fileName^}${COL_NC}"
        else
            # Only print filename title once per file
            if [[ ! "${fileName}" == "${fileName_prev:-}" ]]; then
                echo " ${matchType^} found in ${COL_BOLD}${fileName^}${COL_NC}"
                fileName_prev="${fileName}"
            fi
        echo "   ${result#*:}"
        fi
        echo "   ${result}"
    done
-fi
+}
-# Scan Wildcards
+# Scan Whitelist and Blacklist
-if [[ -e "${wildcardlist}" ]]; then
+scanDatabaseTable "${domainQuery}" "whitelist" "${exact}"
-    # Determine all subdomains, domain and TLDs
+scanDatabaseTable "${domainQuery}" "blacklist" "${exact}"
-    mapfile -t wildcards <<< "$(processWildcards "${domainQuery}")"
+
-    for match in "${wildcards[@]}"; do
+# Scan Regex table
-        # Search wildcard list for matches
+mapfile -t regexList < <(sqlite3 "${gravityDBfile}" "SELECT domain FROM vw_regex" 2> /dev/null)
-        mapfile -t results <<< "$(scanList "${match}" "${wildcardlist}" "wc")"
+
-        if [[ -n "${results[*]}" ]]; then
+# If we have regexps to process
-            if [[ -z "${wcMatch:-}" ]] && [[ -z "${blockpage}" ]]; then
+if [[ "${#regexList[@]}" -ne 0 ]]; then
 	# Split regexps over a new line
 	str_regexList=$(printf '%s\n' "${regexList[@]}")
 	# Check domainQuery against regexps
 	mapfile -t regexMatches < <(scanList "${domainQuery}" "${str_regexList}" "regex")
 	# If there were regex matches
 	if [[  "${#regexMatches[@]}" -ne 0 ]]; then
 		# Split matching regexps over a new line
 		str_regexMatches=$(printf '%s\n' "${regexMatches[@]}")
 		# Form a "matched" message
 		str_message="${matchType^} found in ${COL_BOLD}Regex list${COL_NC}"
 		# Form a "results" message
 		str_result="${COL_BOLD}${str_regexMatches}${COL_NC}"
 		# If we are displaying more than just the source of the block
 		if [[ -z "${blockpage}" ]]; then
 			# Set the wildcard match flag
 			wcMatch=true
-                echo " ${matchType^} found in ${COL_BOLD}Wildcards${COL_NC}:"
+			# Echo the "matched" message, indented by one space
 			echo " ${str_message}"
 			# Echo the "results" message, each line indented by three spaces
 			# shellcheck disable=SC2001
 			echo "${str_result}" | sed 's/^/   /'
 		else
 			echo "π Regex list"
 			exit 0
 		fi
            case "${blockpage}" in
                true ) echo "π ${wildcardlist##*/}"; exit 0;;
                *    ) echo "   *.${match}";;
            esac
 	fi
    done
 fi
 # Get version sorted *.domains filenames (without dir path)
@@ -186,11 +200,8 @@ fi
 # Get adlist file content as array
 if [[ -n "${adlist}" ]] || [[ -n "${blockpage}" ]]; then
-    for adlistUrl in $(< "${adListsList}"); do
+    # Retrieve source URLs from gravity database
-        if [[ "${adlistUrl:0:4}" =~ (http|www.) ]]; then
+    mapfile -t adlists <<< "$(sqlite3 "${gravityDBfile}" "SELECT address FROM vw_adlist;" 2> /dev/null)"
            adlists+=("${adlistUrl}")
        fi
    done
 fi
 # Print "Exact matches for" title
--- a/advanced/Scripts/update.sh
+++ b/advanced/Scripts/update.sh
@@ -146,6 +146,20 @@ main() {
        FTL_update=false
    fi
    # Determine FTL branch
    local ftlBranch
    if [[ -f "/etc/pihole/ftlbranch" ]]; then
        ftlBranch=$(</etc/pihole/ftlbranch)
    else
        ftlBranch="master"
    fi
    if [[ ! "${ftlBranch}" == "master" && ! "${ftlBranch}" == "development" ]]; then
        # Notify user that they are on a custom branch which might mean they they are lost
        # behind if a branch was merged to development and got abandoned
        printf "  %b %bWarning:%b You are using FTL from a custom branch (%s) and might be missing future releases.\\n" "${INFO}" "${COL_LIGHT_RED}" "${COL_NC}" "${ftlBranch}"
    fi
    if [[ "${core_update}" == false && "${web_update}" == false && "${FTL_update}" == false ]]; then
        echo ""
        echo -e "  ${TICK} Everything is up to date!"
--- a/advanced/Scripts/updatecheck.sh
+++ b/advanced/Scripts/updatecheck.sh
@@ -34,7 +34,7 @@ function get_local_branch() {
 function get_local_version() {
    # Return active branch
    cd "${1}" 2> /dev/null || return 1
-    git describe --long --dirty --tags || return 1
+    git describe --long --dirty --tags 2> /dev/null || return 1
 }
 # Source the setupvars config file
@@ -51,6 +51,7 @@ if [[ "$2" == "remote" ]]; then
    GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")"
    echo -n "${GITHUB_CORE_VERSION}" > "${GITHUB_VERSION_FILE}"
    chmod 644 "${GITHUB_VERSION_FILE}"
    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
        GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")"
@@ -66,6 +67,7 @@ else
    CORE_BRANCH="$(get_local_branch /etc/.pihole)"
    echo -n "${CORE_BRANCH}" > "${LOCAL_BRANCH_FILE}"
    chmod 644 "${LOCAL_BRANCH_FILE}"
    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
        WEB_BRANCH="$(get_local_branch /var/www/html/admin)"
@@ -79,6 +81,7 @@ else
    CORE_VERSION="$(get_local_version /etc/.pihole)"
    echo -n "${CORE_VERSION}" > "${LOCAL_VERSION_FILE}"
    chmod 644 "${LOCAL_VERSION_FILE}"
    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
        WEB_VERSION="$(get_local_version /var/www/html/admin)"
--- a/advanced/Scripts/version.sh
+++ b/advanced/Scripts/version.sh
@@ -136,8 +136,16 @@ errorOutput() {
 }
 defaultOutput() {
    # Source the setupvars config file
    # shellcheck disable=SC1091
    source /etc/pihole/setupVars.conf
    versionOutput "pi-hole" "$@"
    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
        versionOutput "AdminLTE" "$@"
    fi
    versionOutput "FTL" "$@"
 }
--- a/advanced/Scripts/webpage.sh
+++ b/advanced/Scripts/webpage.sh
@@ -17,6 +17,8 @@ readonly FTLconf="/etc/pihole/pihole-FTL.conf"
 # 03 -> wildcards
 readonly dhcpstaticconfig="/etc/dnsmasq.d/04-pihole-static-dhcp.conf"
 readonly gravityDBfile="/etc/pihole/gravity.db"
 coltable="/opt/pihole/COL_TABLE"
 if [[ -f ${coltable} ]]; then
    source ${coltable}
@@ -36,7 +38,7 @@ Options:
  -e, email           Set an administrative contact address for the Block Page
  -h, --help          Show this help dialog
  -i, interface       Specify dnsmasq's interface listening behavior
-  -l, privacylevel    Set privacy level (0 = lowest, 3 = highest)"
+  -l, privacylevel    Set privacy level (0 = lowest, 4 = highest)"
    exit 0
 }
@@ -322,11 +324,18 @@ dhcp-option=option:router,${DHCP_ROUTER}
 dhcp-leasefile=/etc/pihole/dhcp.leases
 #quiet-dhcp
 " > "${dhcpconfig}"
    chmod 644 "${dhcpconfig}"
    if [[ "${PIHOLE_DOMAIN}" != "none" ]]; then
        echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}"
    fi
    # Sourced from setupVars
    # shellcheck disable=SC2154
    if [[ "${DHCP_rapid_commit}" == "true" ]]; then
        echo "dhcp-rapid-commit" >> "${dhcpconfig}"
    fi
    if [[ "${DHCP_IPv6}" == "true" ]]; then
        echo "#quiet-dhcp6
 #enable-ra
@@ -351,11 +360,20 @@ EnableDHCP() {
    change_setting "DHCP_LEASETIME" "${args[5]}"
    change_setting "PIHOLE_DOMAIN" "${args[6]}"
    change_setting "DHCP_IPv6" "${args[7]}"
    change_setting "DHCP_rapid_commit" "${args[8]}"
    # Remove possible old setting from file
    delete_dnsmasq_setting "dhcp-"
    delete_dnsmasq_setting "quiet-dhcp"
    # If a DHCP client claims that its name is "wpad", ignore that.
    # This fixes a security hole. see CERT Vulnerability VU#598349
    # We also ignore "localhost" as Windows behaves strangely if a
    # device claims this host name
    add_dnsmasq_setting "dhcp-name-match=set:hostname-ignore,wpad
 dhcp-name-match=set:hostname-ignore,localhost
 dhcp-ignore-names=tag:hostname-ignore"
    ProcessDHCPSettings
    RestartDNS
@@ -378,19 +396,17 @@ SetWebUILayout() {
 }
 CustomizeAdLists() {
-    list="/etc/pihole/adlists.list"
+    local address
    address="${args[3]}"
    if [[ "${args[2]}" == "enable" ]]; then
-        sed -i "\\@${args[3]}@s/^#http/http/g" "${list}"
+        sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 1 WHERE address = '${address}'"
    elif [[ "${args[2]}" == "disable" ]]; then
-        sed -i "\\@${args[3]}@s/^http/#http/g" "${list}"
+        sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 0 WHERE address = '${address}'"
    elif [[ "${args[2]}" == "add" ]]; then
-        if [[ $(grep -c "^${args[3]}$" "${list}") -eq 0 ]] ; then
+        sqlite3 "${gravityDBfile}" "INSERT OR IGNORE INTO adlist (address) VALUES ('${address}')"
            echo "${args[3]}" >> ${list}
        fi
    elif [[ "${args[2]}" == "del" ]]; then
-        var=$(echo "${args[3]}" | sed 's/\//\\\//g')
+        sqlite3 "${gravityDBfile}" "DELETE FROM adlist WHERE address = '${address}'"
        sed -i "/${var}/Id" "${list}"
    else
        echo "Not permitted"
        return 1
@@ -523,7 +539,7 @@ Interfaces:
 Teleporter() {
    local datetimestamp=$(date "+%Y-%m-%d_%H-%M-%S")
-    php /var/www/html/admin/scripts/pi-hole/php/teleporter.php > "pi-hole-teleporter_${datetimestamp}.zip"
+    php /var/www/html/admin/scripts/pi-hole/php/teleporter.php > "pi-hole-teleporter_${datetimestamp}.tar.gz"
 }
 addAudit()
@@ -534,11 +550,13 @@ addAudit()
    do
        echo "${var}" >> /etc/pihole/auditlog.list
    done
    chmod 644 /etc/pihole/auditlog.list
 }
 clearAudit()
 {
    echo -n "" > /etc/pihole/auditlog.list
    chmod 644 /etc/pihole/auditlog.list
 }
 SetPrivacyLevel() {
--- a/advanced/Templates/gravity.db.sql
+++ b/advanced/Templates/gravity.db.sql
@@ -0,0 +1,142 @@
 PRAGMA FOREIGN_KEYS=ON;
 CREATE TABLE "group"
 (
 	id INTEGER PRIMARY KEY AUTOINCREMENT,
 	enabled BOOLEAN NOT NULL DEFAULT 1,
 	name TEXT NOT NULL,
 	description TEXT
 );
 CREATE TABLE whitelist
 (
 	id INTEGER PRIMARY KEY AUTOINCREMENT,
 	domain TEXT UNIQUE NOT NULL,
 	enabled BOOLEAN NOT NULL DEFAULT 1,
 	date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
 	date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
 	comment TEXT
 );
 CREATE TABLE whitelist_by_group
 (
 	whitelist_id INTEGER NOT NULL REFERENCES whitelist (id),
 	group_id INTEGER NOT NULL REFERENCES "group" (id),
 	PRIMARY KEY (whitelist_id, group_id)
 );
 CREATE TABLE blacklist
 (
 	id INTEGER PRIMARY KEY AUTOINCREMENT,
 	domain TEXT UNIQUE NOT NULL,
 	enabled BOOLEAN NOT NULL DEFAULT 1,
 	date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
 	date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
 	comment TEXT
 );
 CREATE TABLE blacklist_by_group
 (
 	blacklist_id INTEGER NOT NULL REFERENCES blacklist (id),
 	group_id INTEGER NOT NULL REFERENCES "group" (id),
 	PRIMARY KEY (blacklist_id, group_id)
 );
 CREATE TABLE regex
 (
 	id INTEGER PRIMARY KEY AUTOINCREMENT,
 	domain TEXT UNIQUE NOT NULL,
 	enabled BOOLEAN NOT NULL DEFAULT 1,
 	date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
 	date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
 	comment TEXT
 );
 CREATE TABLE regex_by_group
 (
 	regex_id INTEGER NOT NULL REFERENCES regex (id),
 	group_id INTEGER NOT NULL REFERENCES "group" (id),
 	PRIMARY KEY (regex_id, group_id)
 );
 CREATE TABLE adlist
 (
 	id INTEGER PRIMARY KEY AUTOINCREMENT,
 	address TEXT UNIQUE NOT NULL,
 	enabled BOOLEAN NOT NULL DEFAULT 1,
 	date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
 	date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
 	comment TEXT
 );
 CREATE TABLE adlist_by_group
 (
 	adlist_id INTEGER NOT NULL REFERENCES adlist (id),
 	group_id INTEGER NOT NULL REFERENCES "group" (id),
 	PRIMARY KEY (adlist_id, group_id)
 );
 CREATE TABLE gravity
 (
 	domain TEXT PRIMARY KEY
 );
 CREATE TABLE info
 (
 	property TEXT PRIMARY KEY,
 	value TEXT NOT NULL
 );
 INSERT INTO info VALUES("version","1");
 CREATE VIEW vw_gravity AS SELECT domain
    FROM gravity
    WHERE domain NOT IN (SELECT domain from vw_whitelist);
 CREATE VIEW vw_whitelist AS SELECT DISTINCT domain
    FROM whitelist
    LEFT JOIN whitelist_by_group ON whitelist_by_group.whitelist_id = whitelist.id
    LEFT JOIN "group" ON "group".id = whitelist_by_group.group_id
    WHERE whitelist.enabled = 1 AND (whitelist_by_group.group_id IS NULL OR "group".enabled = 1)
    ORDER BY whitelist.id;
 CREATE TRIGGER tr_whitelist_update AFTER UPDATE ON whitelist
    BEGIN
      UPDATE whitelist SET date_modified = (cast(strftime('%s', 'now') as int)) WHERE domain = NEW.domain;
    END;
 CREATE VIEW vw_blacklist AS SELECT DISTINCT domain
    FROM blacklist
    LEFT JOIN blacklist_by_group ON blacklist_by_group.blacklist_id = blacklist.id
    LEFT JOIN "group" ON "group".id = blacklist_by_group.group_id
    WHERE blacklist.enabled = 1 AND (blacklist_by_group.group_id IS NULL OR "group".enabled = 1)
    ORDER BY blacklist.id;
 CREATE TRIGGER tr_blacklist_update AFTER UPDATE ON blacklist
    BEGIN
      UPDATE blacklist SET date_modified = (cast(strftime('%s', 'now') as int)) WHERE domain = NEW.domain;
    END;
 CREATE VIEW vw_regex AS SELECT DISTINCT domain
    FROM regex
    LEFT JOIN regex_by_group ON regex_by_group.regex_id = regex.id
    LEFT JOIN "group" ON "group".id = regex_by_group.group_id
    WHERE regex.enabled = 1 AND (regex_by_group.group_id IS NULL OR "group".enabled = 1)
    ORDER BY regex.id;
 CREATE TRIGGER tr_regex_update AFTER UPDATE ON regex
    BEGIN
      UPDATE regex SET date_modified = (cast(strftime('%s', 'now') as int)) WHERE domain = NEW.domain;
    END;
 CREATE VIEW vw_adlist AS SELECT DISTINCT address
    FROM adlist
    LEFT JOIN adlist_by_group ON adlist_by_group.adlist_id = adlist.id
    LEFT JOIN "group" ON "group".id = adlist_by_group.group_id
    WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1)
    ORDER BY adlist.id;
 CREATE TRIGGER tr_adlist_update AFTER UPDATE ON adlist
    BEGIN
      UPDATE adlist SET date_modified = (cast(strftime('%s', 'now') as int)) WHERE address = NEW.address;
    END;
--- a/advanced/Templates/pihole-FTL.service
+++ b/advanced/Templates/pihole-FTL.service
@@ -13,7 +13,14 @@ FTLUSER=pihole
 PIDFILE=/var/run/pihole-FTL.pid
 get_pid() {
-    pidof "pihole-FTL"
+    # First, try to obtain PID from PIDFILE
    if [ -s "${PIDFILE}" ]; then
        cat "${PIDFILE}"
        return
    fi
    # If the PIDFILE is empty or not available, obtain the PID using pidof
    pidof "pihole-FTL" | awk '{print $(NF)}'
 }
 is_running() {
@@ -33,6 +40,8 @@ start() {
    mkdir -p /var/run/pihole
    mkdir -p /var/log/pihole
    chown pihole:pihole /var/run/pihole /var/log/pihole
    # Remove possible leftovers from previous pihole-FTL processes
    rm -f /dev/shm/FTL-* 2> /dev/null
    rm /var/run/pihole/FTL.sock 2> /dev/null
    # Ensure that permissions are set so that pihole-FTL can edit all necessary files
    chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port
--- a/advanced/bash-completion/pihole
+++ b/advanced/bash-completion/pihole
@@ -7,7 +7,7 @@ _pihole() {
 	case "${prev}" in
 		"pihole")
-			opts="admin blacklist checkout chronometer debug disable enable flush help logging query reconfigure regex restartdns status tail uninstall updateGravity updatePihole version wildcard whitelist"
+			opts="admin blacklist checkout chronometer debug disable enable flush help logging query reconfigure regex restartdns status tail uninstall updateGravity updatePihole version wildcard whitelist arpflush"
 			COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
 		;;
 		"whitelist"|"blacklist"|"wildcard"|"regex")
@@ -56,7 +56,7 @@ _pihole() {
 		;;
 		"privacylevel")
 			if ( [[ "$prev2" == "admin" ]] || [[ "$prev2" == "-a" ]] ); then
-				opts_privacy="0 1 2 3"
+				opts_privacy="0 1 2 3 4"
 				COMPREPLY=( $(compgen -W "${opts_privacy}" -- ${cur}) )
 			else 
 				return 1
--- a/advanced/index.php
+++ b/advanced/index.php
@@ -40,13 +40,6 @@ $validExtTypes = array("asp", "htm", "html", "php", "rss", "xml", "");
 // Get extension of current URL
 $currentUrlExt = pathinfo($_SERVER["REQUEST_URI"], PATHINFO_EXTENSION);
 // Check if this is served over HTTP or HTTPS
 if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
    $proto = "https";
 } else {
    $proto = "http";
 }
 // Set mobile friendly viewport
 $viewPort = '<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"/>';
@@ -229,10 +222,10 @@ setHeader();
  <?=$viewPort ?>
  <meta name="robots" content="noindex,nofollow"/>
  <meta http-equiv="x-dns-prefetch-control" content="off">
-  <link rel="shortcut icon" href="<?=$proto ?>://pi.hole/admin/img/favicon.png" type="image/x-icon"/>
+  <link rel="shortcut icon" href="//pi.hole/admin/img/favicon.png" type="image/x-icon"/>
-  <link rel="stylesheet" href="<?=$proto ?>://pi.hole/pihole/blockingpage.css" type="text/css"/>
+  <link rel="stylesheet" href="//pi.hole/pihole/blockingpage.css" type="text/css"/>
  <title>● <?=$serverName ?></title>
-  <script src="<?=$proto ?>://pi.hole/admin/scripts/vendor/jquery.min.js"></script>
+  <script src="//pi.hole/admin/scripts/vendor/jquery.min.js"></script>
  <script>
    window.onload = function () {
      <?php
--- a/advanced/lighttpd.conf.debian
+++ b/advanced/lighttpd.conf.debian
@@ -27,7 +27,7 @@ server.modules = (
 )
 server.document-root        = "/var/www/html"
-server.error-handler-404    = "pihole/index.php"
+server.error-handler-404    = "/pihole/index.php"
 server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
 server.errorlog             = "/var/log/lighttpd/error.log"
 server.pid-file             = "/var/run/lighttpd.pid"
@@ -44,9 +44,18 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 compress.cache-dir          = "/var/cache/lighttpd/compress/"
 compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )
 mimetype.assign   = ( ".png"  => "image/png",
                      ".jpg"  => "image/jpeg",
                      ".jpeg" => "image/jpeg",
                      ".html" => "text/html",
                      ".css" => "text/css; charset=utf-8",
                      ".js" => "application/javascript",
                      ".json" => "application/json",
                      ".txt"  => "text/plain",
                      ".svg"  => "image/svg+xml" )
 # default listening port for IPv6 falls back to the IPv4 port
 include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
 include_shell "/usr/share/lighttpd/create-mime.assign.pl"
 # Prevent Lighttpd from enabling Let's Encrypt SSL for every blocked domain
 #include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
--- a/advanced/lighttpd.conf.fedora
+++ b/advanced/lighttpd.conf.fedora
@@ -28,7 +28,7 @@ server.modules = (
 )
 server.document-root        = "/var/www/html"
-server.error-handler-404    = "pihole/index.php"
+server.error-handler-404    = "/pihole/index.php"
 server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
 server.errorlog             = "/var/log/lighttpd/error.log"
 server.pid-file             = "/var/run/lighttpd.pid"
--- a/install/basic-install.sh
+++ b/install/basic-install.sh
--- a/install/uninstall.sh
+++ b/install/uninstall.sh
@@ -55,13 +55,13 @@ fi
 # Compatability
 if [ -x "$(command -v apt-get)" ]; then
    # Debian Family
-    PKG_REMOVE="${PKG_MANAGER} -y remove --purge"
+    PKG_REMOVE=("${PKG_MANAGER}" -y remove --purge)
    package_check() {
        dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed"
    }
 elif [ -x "$(command -v rpm)" ]; then
    # Fedora Family
-    PKG_REMOVE="${PKG_MANAGER} remove -y"
+    PKG_REMOVE=("${PKG_MANAGER}" remove -y)
    package_check() {
        rpm -qa | grep "^$1-" > /dev/null
    }
@@ -80,7 +80,7 @@ removeAndPurge() {
                case ${yn} in
                    [Yy]* )
                        echo -ne "  ${INFO} Removing ${i}...";
-                        ${SUDO} "${PKG_REMOVE} ${i}" &> /dev/null;
+                        ${SUDO} "${PKG_REMOVE[@]}" "${i}" &> /dev/null;
                        echo -e "${OVER}  ${INFO} Removed ${i}";
                        break;;
                    [Nn]* ) echo -e "  ${INFO} Skipped ${i}"; break;;
@@ -131,14 +131,16 @@ removeNoPurge() {
        echo -e "  ${TICK} Removed /etc/cron.d/pihole"
    fi
-    package_check lighttpd > /dev/null
+    if package_check lighttpd > /dev/null; then
-    if [[ $? -eq 1 ]]; then
+        if [[ -f /etc/lighttpd/lighttpd.conf.orig ]]; then
        ${SUDO} rm -rf /etc/lighttpd/ &> /dev/null
        echo -e "  ${TICK} Removed lighttpd"
    else
        if [ -f /etc/lighttpd/lighttpd.conf.orig ]; then
            ${SUDO} mv /etc/lighttpd/lighttpd.conf.orig /etc/lighttpd/lighttpd.conf
        fi
        if [[ -f /etc/lighttpd/external.conf ]]; then
            ${SUDO} rm /etc/lighttpd/external.conf
        fi
        echo -e "  ${TICK} Removed lighttpd configs"
    fi
    ${SUDO} rm -f /etc/dnsmasq.d/adList.conf &> /dev/null
@@ -154,7 +156,7 @@ removeNoPurge() {
    # Restore Resolved
    if [[ -e /etc/systemd/resolved.conf.orig ]]; then
-        ${SUDO} cp /etc/systemd/resolved.conf.orig /etc/systemd/resolved.conf
+        ${SUDO} cp -p /etc/systemd/resolved.conf.orig /etc/systemd/resolved.conf
        systemctl reload-or-restart systemd-resolved
    fi
--- a/gravity.sh
+++ b/gravity.sh
@@ -23,31 +23,27 @@ PIHOLE_COMMAND="/usr/local/bin/${basename}"
 piholeDir="/etc/${basename}"
-adListFile="${piholeDir}/adlists.list"
+# Legacy (pre v5.0) list file locations
 adListDefault="${piholeDir}/adlists.default"
 whitelistFile="${piholeDir}/whitelist.txt"
 blacklistFile="${piholeDir}/blacklist.txt"
 regexFile="${piholeDir}/regex.list"
 adListFile="${piholeDir}/adlists.list"
 adList="${piholeDir}/gravity.list"
 blackList="${piholeDir}/black.list"
 localList="${piholeDir}/local.list"
 VPNList="/etc/openvpn/ipp.txt"
 piholeGitDir="/etc/.pihole"
 gravityDBfile="${piholeDir}/gravity.db"
 gravityDBschema="${piholeGitDir}/advanced/Templates/gravity.db.sql"
 optimize_database=false
 domainsExtension="domains"
 matterAndLight="${basename}.0.matterandlight.txt"
 parsedMatter="${basename}.1.parsedmatter.txt"
 whitelistMatter="${basename}.2.whitelistmatter.txt"
 accretionDisc="${basename}.3.accretionDisc.txt"
 preEventHorizon="list.preEventHorizon"
 skipDownload="false"
 resolver="pihole-FTL"
 haveSourceUrls=true
 # Source setupVars from install script
 setupVars="${piholeDir}/setupVars.conf"
 if [[ -f "${setupVars}" ]];then
@@ -83,17 +79,104 @@ if [[ -r "${piholeDir}/pihole.conf" ]]; then
  echo -e "  ${COL_LIGHT_RED}Ignoring overrides specified within pihole.conf! ${COL_NC}"
 fi
-# Determine if Pi-hole blocking is disabled
+# Generate new sqlite3 file from schema template
-# If this is the case, we want to update
+generate_gravity_database() {
-#  gravity.list.bck and black.list.bck instead of
+  sqlite3 "${gravityDBfile}" < "${gravityDBschema}"
-#  gravity.list and black.list
+}
-detect_pihole_blocking_status() {
+
-  if [[ "${BLOCKING_ENABLED}" == false ]]; then
+# Import domains from file and store them in the specified database table
-    echo -e "  ${INFO} Pi-hole blocking is disabled"
+database_table_from_file() {
-    adList="${adList}.bck"
+  # Define locals
-    blackList="${blackList}.bck"
+  local table source backup_path backup_file
  table="${1}"
  source="${2}"
  backup_path="${piholeDir}/migration_backup"
  backup_file="${backup_path}/$(basename "${2}")"
  # Truncate table
  output=$( { sqlite3 "${gravityDBfile}" <<< "DELETE FROM ${table};"; } 2>&1 )
  status="$?"
  if [[ "${status}" -ne 0 ]]; then
    echo -e "\\n  ${CROSS} Unable to truncate ${table} database ${gravityDBfile}\\n  ${output}"
    gravity_Cleanup "error"
  fi
  local tmpFile
  tmpFile="$(mktemp -p "/tmp" --suffix=".gravity")"
  local timestamp
  timestamp="$(date --utc +'%s')"
  local inputfile
  if [[ "${table}" == "gravity" ]]; then
    # No need to modify the input data for the gravity table
    inputfile="${source}"
  else
-    echo -e "  ${INFO} Pi-hole blocking is enabled"
+    # Apply format for white-, blacklist, regex, and adlist tables
    local rowid
    declare -i rowid
    rowid=1
    # Read file line by line
    grep -v '^ *#' < "${source}" | while IFS= read -r domain
    do
      # Only add non-empty lines
      if [[ ! -z "${domain}" ]]; then
        echo "${rowid},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${source}\"" >> "${tmpFile}"
        rowid+=1
      fi
    done
    inputfile="${tmpFile}"
  fi
  # Store domains in database table specified by ${table}
  # Use printf as .mode and .import need to be on separate lines
  # see https://unix.stackexchange.com/a/445615/83260
  output=$( { printf ".timeout 10000\\n.mode csv\\n.import \"%s\" %s\\n" "${inputfile}" "${table}" | sqlite3 "${gravityDBfile}"; } 2>&1 )
  status="$?"
  if [[ "${status}" -ne 0 ]]; then
    echo -e "\\n  ${CROSS} Unable to fill table ${table} in database ${gravityDBfile}\\n  ${output}"
    gravity_Cleanup "error"
  fi
  # Delete tmpfile
  rm "${tmpFile}" > /dev/null 2>&1 || \
      echo -e "  ${CROSS} Unable to remove ${tmpFile}"
  # Move source file to backup directory, create directory if not existing
  mkdir -p "${backup_path}"
  mv "${source}" "${backup_file}" 2> /dev/null || \
      echo -e "  ${CROSS} Unable to backup ${source} to ${backup_path}"
 }
 # Migrate pre-v5.0 list files to database-based Pi-hole versions
 migrate_to_database() {
  # Create database file only if not present
  if [ -e "${gravityDBfile}" ]; then
    return 0
  fi
  echo -e "  ${INFO} Creating new gravity database"
  generate_gravity_database
  # Migrate list files to new database
  if [[ -e "${adListFile}" ]]; then
    # Store adlist domains in database
    echo -e "  ${INFO} Migrating content of ${adListFile} into new database"
    database_table_from_file "adlist" "${adListFile}"
  fi
  if [[ -e "${blacklistFile}" ]]; then
    # Store blacklisted domains in database
    echo -e "  ${INFO} Migrating content of ${blacklistFile} into new database"
    database_table_from_file "blacklist" "${blacklistFile}"
  fi
  if [[ -e "${whitelistFile}" ]]; then
    # Store whitelisted domains in database
    echo -e "  ${INFO} Migrating content of ${whitelistFile} into new database"
    database_table_from_file "whitelist" "${whitelistFile}"
  fi
  if [[ -e "${regexFile}" ]]; then
    # Store regex domains in database
    echo -e "  ${INFO} Migrating content of ${regexFile} into new database"
    database_table_from_file "regex" "${regexFile}"
  fi
 }
@@ -101,8 +184,8 @@ detect_pihole_blocking_status() {
 gravity_CheckDNSResolutionAvailable() {
  local lookupDomain="pi.hole"
-  # Determine if $localList does not exist
+  # Determine if $localList does not exist, and ensure it is not empty
-  if [[ ! -e "${localList}" ]]; then
+  if [[ ! -e "${localList}" ]] || [[ -s "${localList}" ]]; then
    lookupDomain="raw.githubusercontent.com"
  fi
@@ -153,19 +236,13 @@ gravity_CheckDNSResolutionAvailable() {
  gravity_CheckDNSResolutionAvailable
 }
-# Retrieve blocklist URLs and parse domains from adlists.list
+# Retrieve blocklist URLs and parse domains from adlist.list
 gravity_GetBlocklistUrls() {
  echo -e "  ${INFO} ${COL_BOLD}Neutrino emissions detected${COL_NC}..."
-  if [[ -f "${adListDefault}" ]] && [[ -f "${adListFile}" ]]; then
+  # Retrieve source URLs from gravity database
-    # Remove superceded $adListDefault file
+  # We source only enabled adlists, sqlite3 stores boolean values as 0 (false) or 1 (true)
-    rm "${adListDefault}" 2> /dev/null || \
+  mapfile -t sources <<< "$(sqlite3 "${gravityDBfile}" "SELECT address FROM vw_adlist;" 2> /dev/null)"
      echo -e "  ${CROSS} Unable to remove ${adListDefault}"
  fi
  # Retrieve source URLs from $adListFile
  # Logic: Remove comments and empty lines
  mapfile -t sources <<< "$(grep -v -E "^(#|$)" "${adListFile}" 2> /dev/null)"
  # Parse source domains from $sources
  mapfile -t sourceDomains <<< "$(
@@ -182,11 +259,12 @@ gravity_GetBlocklistUrls() {
  if [[ -n "${sources[*]}" ]] && [[ -n "${sourceDomains[*]}" ]]; then
    echo -e "${OVER}  ${TICK} ${str}"
    return 0
  else
    echo -e "${OVER}  ${CROSS} ${str}"
    echo -e "  ${INFO} No source list found, or it is empty"
    echo ""
-    haveSourceUrls=false
+    return 1
  fi
 }
@@ -214,11 +292,9 @@ gravity_SetDownloadOptions() {
      *) cmd_ext="";;
    esac
    if [[ "${skipDownload}" == false ]]; then
    echo -e "  ${INFO} Target: ${domain} (${url##*/})"
    gravity_DownloadBlocklistFromUrl "${url}" "${cmd_ext}" "${agent}"
    echo ""
    fi
  done
  gravity_Blackbody=true
 }
@@ -268,7 +344,7 @@ gravity_DownloadBlocklistFromUrl() {
      port=443;
    else port=80
    fi
-    bad_list=$(pihole -q -adlist hosts-file.net | head -n1 | awk -F 'Match found in ' '{print $2}')
+    bad_list=$(pihole -q -adlist "${domain}" | head -n1 | awk -F 'Match found in ' '{print $2}')
    echo -e "${OVER}  ${CROSS} ${str} ${domain} is blocked by ${bad_list%:}. Using DNS on ${PIHOLE_DNS_1} to download ${url}";
    echo -ne "  ${INFO} ${str} Pending..."
    cmd_ext="--resolve $domain:$port:$ip $cmd_ext"
@@ -335,14 +411,17 @@ gravity_ParseFileIntoDomains() {
    # Most of the lists downloaded are already in hosts file format but the spacing/formating is not contigious
    # This helps with that and makes it easier to read
    # It also helps with debugging so each stage of the script can be researched more in depth
-    # Awk -F splits on given IFS, we grab the right hand side (chops trailing #coments and /'s to grab the domain only.
+    # 1) Remove carriage returns
-    # Last awk command takes non-commented lines and if they have 2 fields, take the right field (the domain) and leave
+    # 2) Convert all characters to lowercase
-    # the left (IP address), otherwise grab the single field.
+    # 3) Remove lines containing "#" or "/"
-
+    # 4) Remove leading tabs, spaces, etc.
-    < ${source} awk -F '#' '{print $1}' | \
+    # 5) Delete lines not matching domain names
-    awk -F '/' '{print $1}' | \
+    < "${source}" tr -d '\r' | \
-    awk '($1 !~ /^#/) { if (NF>1) {print $2} else {print $1}}' | \
+    tr '[:upper:]' '[:lower:]' | \
-    sed -nr -e 's/\.{2,}/./g' -e '/\./p' >  ${destination}
+    sed -r '/(\/|#).*$/d' | \
    sed -r 's/^.*\s+//g' | \
    sed -r '/([^\.]+\.)+[^\.]{2,}/!d' >  "${destination}"
    chmod 644 "${destination}"
    return 0
  fi
@@ -373,6 +452,7 @@ gravity_ParseFileIntoDomains() {
      if($0 ~ /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/) { $0="" }
      if($0) { print $0 }
    }' "${source}" > "${destination}"
    chmod 644 "${destination}"
    # Determine if there are Adblock exception rules
    # https://adblockplus.org/filters
@@ -390,6 +470,7 @@ gravity_ParseFileIntoDomains() {
      # Remove exceptions
      comm -23 "${destination}" <(sort "${destination}.exceptionsFile.tmp") > "${source}"
      mv "${source}" "${destination}"
      chmod 644 "${destination}"
    fi
    echo -e "${OVER}  ${TICK} Format: Adblock"
@@ -413,11 +494,13 @@ gravity_ParseFileIntoDomains() {
      # Print if nonempty
      length { print }
    ' "${source}" 2> /dev/null > "${destination}"
    chmod 644 "${destination}"
    echo -e "${OVER}  ${TICK} Format: URL"
  else
    # Default: Keep hosts/domains file in same format as it was downloaded
    output=$( { mv "${source}" "${destination}"; } 2>&1 )
    chmod 644 "${destination}"
    if [[ ! -e "${destination}" ]]; then
      echo -e "\\n  ${CROSS} Unable to move tmp file to ${piholeDir}
@@ -432,12 +515,11 @@ gravity_ConsolidateDownloadedBlocklists() {
  local str lastLine
  str="Consolidating blocklists"
  if [[ "${haveSourceUrls}" == true ]]; then
  echo -ne "  ${INFO} ${str}..."
  fi
  # Empty $matterAndLight if it already exists, otherwise, create it
  : > "${piholeDir}/${matterAndLight}"
  chmod 644 "${piholeDir}/${matterAndLight}"
  # Loop through each *.domains file
  for i in "${activeDomains[@]}"; do
@@ -453,9 +535,8 @@ gravity_ConsolidateDownloadedBlocklists() {
      fi
    fi
  done
  if [[ "${haveSourceUrls}" == true ]]; then
  echo -e "${OVER}  ${TICK} ${str}"
-  fi
+
 }
 # Parse consolidated list into (filtered, unique) domains-only format
@@ -463,67 +544,45 @@ gravity_SortAndFilterConsolidatedList() {
  local str num
  str="Extracting domains from blocklists"
  if [[ "${haveSourceUrls}" == true ]]; then
  echo -ne "  ${INFO} ${str}..."
  fi
-  # Parse into hosts file
+  # Parse into file
  gravity_ParseFileIntoDomains "${piholeDir}/${matterAndLight}" "${piholeDir}/${parsedMatter}"
  # Format $parsedMatter line total as currency
  num=$(printf "%'.0f" "$(wc -l < "${piholeDir}/${parsedMatter}")")
-  if [[ "${haveSourceUrls}" == true ]]; then
+
  echo -e "${OVER}  ${TICK} ${str}"
-  fi
+  echo -e "  ${INFO} Gravity pulled in ${COL_BLUE}${num}${COL_NC} domains"
  echo -e "  ${INFO} Number of domains being pulled in by gravity: ${COL_BLUE}${num}${COL_NC}"
  str="Removing duplicate domains"
  if [[ "${haveSourceUrls}" == true ]]; then
  echo -ne "  ${INFO} ${str}..."
  fi
  sort -u "${piholeDir}/${parsedMatter}" > "${piholeDir}/${preEventHorizon}"
-
+  chmod 644 "${piholeDir}/${preEventHorizon}"
  if [[ "${haveSourceUrls}" == true ]]; then
  echo -e "${OVER}  ${TICK} ${str}"
  # Format $preEventHorizon line total as currency
  num=$(printf "%'.0f" "$(wc -l < "${piholeDir}/${preEventHorizon}")")
-    echo -e "  ${INFO} Number of unique domains trapped in the Event Horizon: ${COL_BLUE}${num}${COL_NC}"
+  str="Storing ${COL_BLUE}${num}${COL_NC} unique blocking domains in database"
-  fi
+  echo -ne "  ${INFO} ${str}..."
  database_table_from_file "gravity" "${piholeDir}/${preEventHorizon}"
  echo -e "${OVER}  ${TICK} ${str}"
 }
-# Whitelist user-defined domains
+# Report number of entries in a table
-gravity_Whitelist() {
+gravity_Table_Count() {
-  local num str
+  local table="${1}"
-
+  local str="${2}"
-  if [[ ! -f "${whitelistFile}" ]]; then
+  local num
-    echo -e "  ${INFO} Nothing to whitelist!"
+  num="$(sqlite3 "${gravityDBfile}" "SELECT COUNT(*) FROM ${table} WHERE enabled = 1;")"
-    return 0
+  echo -e "  ${INFO} Number of ${str}: ${num}"
  fi
  num=$(wc -l < "${whitelistFile}")
  str="Number of whitelisted domains: ${num}"
  echo -ne "  ${INFO} ${str}..."
  # Print everything from preEventHorizon into whitelistMatter EXCEPT domains in $whitelistFile
  comm -23 "${piholeDir}/${preEventHorizon}" <(sort "${whitelistFile}") > "${piholeDir}/${whitelistMatter}"
  echo -e "${OVER}  ${INFO} ${str}"
 }
 # Output count of blacklisted domains and regex filters
-gravity_ShowBlockCount() {
+gravity_ShowCount() {
-  local num
+  gravity_Table_Count "blacklist" "blacklisted domains"
-
+  gravity_Table_Count "whitelist" "whitelisted domains"
-  if [[ -f "${blacklistFile}" ]]; then
+  gravity_Table_Count "regex" "regex filters"
    num=$(printf "%'.0f" "$(wc -l < "${blacklistFile}")")
    echo -e "  ${INFO} Number of blacklisted domains: ${num}"
  fi
  if [[ -f "${regexFile}" ]]; then
    num=$(grep -cv "^#" "${regexFile}")
    echo -e "  ${INFO} Number of regex filters: ${num}"
  fi
 }
 # Parse list of domains into hosts format
@@ -543,7 +602,7 @@ gravity_ParseDomainsIntoHosts() {
 }
 # Create "localhost" entries into hosts format
-gravity_ParseLocalDomains() {
+gravity_generateLocalList() {
  local hostname
  if [[ -s "/etc/hostname" ]]; then
@@ -559,6 +618,7 @@ gravity_ParseLocalDomains() {
  # Empty $localList if it already exists, otherwise, create it
  : > "${localList}"
  chmod 644 "${localList}"
  gravity_ParseDomainsIntoHosts "${localList}.tmp" "${localList}"
@@ -568,40 +628,6 @@ gravity_ParseLocalDomains() {
  fi
 }
 # Create primary blacklist entries
 gravity_ParseBlacklistDomains() {
  local output status
  # Empty $accretionDisc if it already exists, otherwise, create it
  : > "${piholeDir}/${accretionDisc}"
  if [[ -f "${piholeDir}/${whitelistMatter}" ]]; then
    mv "${piholeDir}/${whitelistMatter}" "${piholeDir}/${accretionDisc}"
  else
    # There was no whitelist file, so use preEventHorizon instead of whitelistMatter.
    cp "${piholeDir}/${preEventHorizon}" "${piholeDir}/${accretionDisc}"
  fi
  # Move the file over as /etc/pihole/gravity.list so dnsmasq can use it
  output=$( { mv "${piholeDir}/${accretionDisc}" "${adList}"; } 2>&1 )
  status="$?"
  if [[ "${status}" -ne 0 ]]; then
    echo -e "\\n  ${CROSS} Unable to move ${accretionDisc} from ${piholeDir}\\n  ${output}"
    gravity_Cleanup "error"
  fi
 }
 # Create user-added blacklist entries
 gravity_ParseUserDomains() {
  if [[ ! -f "${blacklistFile}" ]]; then
    return 0
  fi
  # Copy the file over as /etc/pihole/black.list so dnsmasq can use it
  cp "${blacklistFile}" "${blackList}" 2> /dev/null || \
    echo -e "\\n  ${CROSS} Unable to move ${blacklistFile##*/} to ${piholeDir}"
 }
 # Trap Ctrl-C
 gravity_Trap() {
  trap '{ echo -e "\\n\\n  ${INFO} ${COL_LIGHT_RED}User-abort detected${COL_NC}"; gravity_Cleanup "error"; }' INT
@@ -633,6 +659,21 @@ gravity_Cleanup() {
  echo -e "${OVER}  ${TICK} ${str}"
  if ${optimize_database} ; then
    str="Optimizing domains database"
    echo -ne "  ${INFO} ${str}..."
    # Run VACUUM command on database to optimize it
    output=$( { sqlite3 "${gravityDBfile}" "VACUUM;"; } 2>&1 )
    status="$?"
    if [[ "${status}" -ne 0 ]]; then
      echo -e "\\n  ${CROSS} Unable to optimize gravity database ${gravityDBfile}\\n  ${output}"
      error="error"
    else
      echo -e "${OVER}  ${TICK} ${str}"
    fi
  fi
  # Only restart DNS service if offline
  if ! pidof ${resolver} &> /dev/null; then
    "${PIHOLE_COMMAND}" restartdns
@@ -659,17 +700,17 @@ Options:
 for var in "$@"; do
  case "${var}" in
    "-f" | "--force" ) forceDelete=true;;
    "-o" | "--optimize" ) optimize_database=true;;
    "-h" | "--help" ) helpFunc;;
    "-sd" | "--skip-download" ) skipDownload=true;;
    "-b" | "--blacklist-only" ) listType="blacklist";;
    "-w" | "--whitelist-only" ) listType="whitelist";;
    "-wild" | "--wildcard-only" ) listType="wildcard"; dnsRestartType="restart";;
  esac
 done
 # Trap Ctrl-C
 gravity_Trap
 # Move possibly existing legacy files to the gravity database
 migrate_to_database
 if [[ "${forceDelete:-}" == true ]]; then
  str="Deleting existing list cache"
  echo -ne "${INFO} ${str}..."
@@ -678,56 +719,24 @@ if [[ "${forceDelete:-}" == true ]]; then
  echo -e "${OVER}  ${TICK} ${str}"
 fi
-detect_pihole_blocking_status
+# Gravity downloads blocklists next
-
+gravity_CheckDNSResolutionAvailable
-# Determine which functions to run
+if gravity_GetBlocklistUrls; then
 if [[ "${skipDownload}" == false ]]; then
  # Gravity needs to download blocklists
  gravity_CheckDNSResolutionAvailable
  gravity_GetBlocklistUrls
  if [[ "${haveSourceUrls}" == true ]]; then
  gravity_SetDownloadOptions
-  fi
+  # Build preEventHorizon
  gravity_ConsolidateDownloadedBlocklists
  gravity_SortAndFilterConsolidatedList
 else
  # Gravity needs to modify Blacklist/Whitelist/Wildcards
  echo -e "  ${INFO} Using cached Event Horizon list..."
  numberOf=$(printf "%'.0f" "$(wc -l < "${piholeDir}/${preEventHorizon}")")
  echo -e "  ${INFO} ${COL_BLUE}${numberOf}${COL_NC} unique domains trapped in the Event Horizon"
 fi
-# Perform when downloading blocklists, or modifying the whitelist
+# Create local.list
-if [[ "${skipDownload}" == false ]] || [[ "${listType}" == "whitelist" ]]; then
+gravity_generateLocalList
-  gravity_Whitelist
+gravity_ShowCount
 fi
 convert_wildcard_to_regex
 gravity_ShowBlockCount
 # Perform when downloading blocklists, or modifying the white/blacklist (not wildcards)
 if [[ "${skipDownload}" == false ]] || [[ "${listType}" == *"list" ]]; then
  str="Parsing domains into hosts format"
  echo -ne "  ${INFO} ${str}..."
  gravity_ParseUserDomains
  # Perform when downloading blocklists
  if [[ ! "${listType:-}" == "blacklist" ]]; then
    gravity_ParseLocalDomains
    gravity_ParseBlacklistDomains
  fi
  echo -e "${OVER}  ${TICK} ${str}"
  gravity_Cleanup
 fi
 gravity_Cleanup
 echo ""
 # Determine if DNS has been restarted by this instance of gravity
 if [[ -z "${dnsWasOffline:-}" ]]; then
-  # Use "force-reload" when restarting dnsmasq for everything but Wildcards
+  "${PIHOLE_COMMAND}" restartdns reload
  "${PIHOLE_COMMAND}" restartdns "${dnsRestartType:-force-reload}"
 fi
 "${PIHOLE_COMMAND}" status
--- a/manpages/pihole-FTL.conf.5
+++ b/manpages/pihole-FTL.conf.5
@@ -64,7 +64,7 @@ pihole-FTL.conf - FTL's config file
    On which port should FTL be listening?
 .br
-\fBPRIVACYLEVEL=0|1|2|3\fR
+\fBPRIVACYLEVEL=0|1|2|3|4\fR
 .br
    Which privacy level is used?
 .br
@@ -74,7 +74,9 @@ pihole-FTL.conf - FTL's config file
 .br
    2 - hide domains and clients
 .br
-    3 - paranoia mode (hide everything)
+    3 - anonymous mode (hide everything)
 .br
    4 - disable all statistics
 .br
 \fBIGNORE_LOCALHOST=no|yes\fR
--- a/manpages/pihole.8
+++ b/manpages/pihole.8
@@ -35,7 +35,7 @@ pihole -g\fR
 .br
 \fBpihole\fR \fB-l\fR (\fBon|off|off noflush\fR)
 .br
-\fBpihole -up \fR[--checkonly]
+\fBpihole -up \fR[--check-only]
 .br
 \fBpihole -v\fR [-p|-a|-f] [-c|-l|-hash]
 .br
@@ -134,7 +134,7 @@ Available commands and options:
      -i, interface     Specify dnsmasq's interface listening behavior
 .br
      -l, privacylevel  <level> Set privacy level
-                        (0 = lowest, 3 = highest)
+                        (0 = lowest, 4 = highest)
 .br
 \fB-c, chronometer\fR	[options]
@@ -351,6 +351,12 @@ Switching Pi-hole subsystem branches
 .br
    Switch to core development branch
 .br
 \fBpihole arpflush\fR
 .br
    Flush information stored in Pi-hole's network tables
 .br
 .SH "SEE ALSO"
 \fBlighttpd\fR(8), \fBpihole-FTL\fR(8)
--- a/61
+++ b/61
@@ -10,10 +10,8 @@
 # Please see LICENSE file for your rights under this license.
 readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
 readonly gravitylist="/etc/pihole/gravity.list"
 readonly blacklist="/etc/pihole/black.list"
-# setupVars is not readonly here because in some funcitons (checkout),
+# setupVars is not readonly here because in some functions (checkout),
 # it might get set again when the installer is sourced. This causes an
 # error due to modifying a readonly variable.
 setupVars="/etc/pihole/setupVars.conf"
@@ -23,17 +21,6 @@ source "${colfile}"
 resolver="pihole-FTL"
 # Must be root to use this tool
 if [[ ! $EUID -eq 0 ]];then
  if [[ -x "$(command -v sudo)" ]]; then
    exec sudo bash "$0" "$@"
    exit $?
  else
    echo -e "  ${CROSS} sudo is needed to run pihole commands.  Please run this script as root or install sudo."
    exit 1
  fi
 fi
 webpageFunc() {
  source "${PI_HOLE_SCRIPT_DIR}/webpage.sh"
  main "$@"
@@ -67,6 +54,11 @@ flushFunc() {
  exit 0
 }
 arpFunc() {
  "${PI_HOLE_SCRIPT_DIR}"/piholeARPTable.sh "$@"
  exit 0
 }
 updatePiholeFunc() {
  shift
  "${PI_HOLE_SCRIPT_DIR}"/update.sh "$@"
@@ -155,13 +147,9 @@ Time:
  elif [[ "${1}" == "0" ]]; then
    # Disable Pi-hole
-    if [[ -e "${gravitylist}" ]]; then
+    if grep -cq "BLOCKING_ENABLED=false" "${setupVars}"; then
-      mv "${gravitylist}" "${gravitylist}.bck"
+      echo -e "  ${INFO} Blocking already disabled, nothing to do"
-      echo "" > "${gravitylist}"
+      exit 0
    fi
    if [[ -e "${blacklist}" ]]; then
      mv "${blacklist}" "${blacklist}.bck"
      echo "" > "${blacklist}"
    fi
    if [[ $# > 1 ]]; then
      local error=false
@@ -204,15 +192,13 @@ Time:
    fi
  else
    # Enable Pi-hole
    if grep -cq "BLOCKING_ENABLED=true" "${setupVars}"; then
      echo -e "  ${INFO} Blocking already enabled, nothing to do"
      exit 0
    fi
    echo -e "  ${INFO} Enabling blocking"
    local str="Pi-hole Enabled"
    if [[ -e "${gravitylist}.bck" ]]; then
      mv "${gravitylist}.bck" "${gravitylist}"
    fi
    if [[ -e "${blacklist}.bck" ]]; then
      mv "${blacklist}.bck" "${blacklist}"
    fi
    sed -i "/BLOCKING_ENABLED=/d" "${setupVars}"
    echo "BLOCKING_ENABLED=true" >> "${setupVars}"
  fi
@@ -316,7 +302,7 @@ tailFunc() {
  # Colour everything else as gray
  tail -f /var/log/pihole.log | sed -E \
    -e "s,($(date +'%b %d ')| dnsmasq[.*[0-9]]),,g" \
-    -e "s,(.*(gravity.list|black.list|regex.list| config ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \
+    -e "s,(.*(gravity |black |regex | config ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \
    -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \
    -e "s,.*,${COL_GRAY}&${COL_NC},"
  exit 0
@@ -422,7 +408,8 @@ Options:
                        Add '-h' for more info on disable usage
  restartdns          Restart Pi-hole subsystems
  checkout            Switch Pi-hole subsystems to a different Github branch
-                        Add '-h' for more info on checkout usage";
+                        Add '-h' for more info on checkout usage
  arpflush            Flush information stored in Pi-hole's network tables";
  exit 0
 }
@@ -430,6 +417,21 @@ if [[ $# = 0 ]]; then
  helpFunc
 fi
 case "${1}" in
  "-h" | "help" | "--help"      ) helpFunc;;
 esac
 # Must be root to use this tool
 if [[ ! $EUID -eq 0 ]];then
  if [[ -x "$(command -v sudo)" ]]; then
    exec sudo bash "$0" "$@"
    exit $?
  else
    echo -e "  ${CROSS} sudo is needed to run pihole commands.  Please run this script as root or install sudo."
    exit 1
  fi
 fi
 # Handle redirecting to specific functions based on arguments
 case "${1}" in
  "-w" | "whitelist"            ) listFunc "$@";;
@@ -456,5 +458,6 @@ case "${1}" in
  "checkout"                    ) piholeCheckoutFunc "$@";;
  "tricorder"                   ) tricorderFunc;;
  "updatechecker"               ) updateCheckFunc "$@";;
  "arpflush"                    ) arpFunc "$@";;
  *                             ) helpFunc;;
 esac
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,6 @@
-docker-compose
+docker-compose==1.23.2
-pytest
+pytest==4.3.0
-pytest-xdist
+pytest-xdist==1.26.1
-pytest-cov
+pytest-cov==2.6.1
-testinfra
+testinfra==1.19.0
-tox
+tox==3.7.0
--- a/test/fedora.Dockerfile
+++ b/test/fedora.Dockerfile
@@ -1,4 +1,4 @@
-FROM fedora:latest
+FROM fedora:30
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
--- a/test/test_automated_install.py
+++ b/test/test_automated_install.py
@@ -398,6 +398,7 @@ def test_FTL_detect_aarch64_no_errors(Pihole):
    )
    detectPlatform = Pihole.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
    FTLdetect
    ''')
    expected_stdout = info_box + ' FTL Checks...'
@@ -418,6 +419,7 @@ def test_FTL_detect_armv6l_no_errors(Pihole):
    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, Pihole)
    detectPlatform = Pihole.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
    FTLdetect
    ''')
    expected_stdout = info_box + ' FTL Checks...'
@@ -439,6 +441,7 @@ def test_FTL_detect_armv7l_no_errors(Pihole):
    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, Pihole)
    detectPlatform = Pihole.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
    FTLdetect
    ''')
    expected_stdout = info_box + ' FTL Checks...'
@@ -455,6 +458,7 @@ def test_FTL_detect_x86_64_no_errors(Pihole):
    '''
    detectPlatform = Pihole.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
    FTLdetect
    ''')
    expected_stdout = info_box + ' FTL Checks...'
@@ -471,6 +475,7 @@ def test_FTL_detect_unknown_no_errors(Pihole):
    mock_command('uname', {'-m': ('mips', '0')}, Pihole)
    detectPlatform = Pihole.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
    FTLdetect
    ''')
    expected_stdout = 'Not able to detect architecture (unknown: mips)'
@@ -481,10 +486,18 @@ def test_FTL_download_aarch64_no_errors(Pihole):
    '''
    confirms only aarch64 package is downloaded for FTL engine
    '''
-    # mock uname to return generic platform
+    # mock whiptail answers and ensure installer dependencies
    mock_command('whiptail', {'*': ('', '0')}, Pihole)
    Pihole.run('''
    source /opt/pihole/basic-install.sh
    distro_check
    install_dependent_packages ${INSTALLER_DEPS[@]}
    ''')
    download_binary = Pihole.run('''
    source /opt/pihole/basic-install.sh
-    FTLinstall pihole-FTL-aarch64-linux-gnu
+    binary="pihole-FTL-aarch64-linux-gnu"
    create_pihole_user
    FTLinstall
    ''')
    expected_stdout = tick_box + ' Downloading and Installing FTL'
    assert expected_stdout in download_binary.stdout
@@ -495,10 +508,42 @@ def test_FTL_download_unknown_fails_no_errors(Pihole):
    '''
    confirms unknown binary is not downloaded for FTL engine
    '''
-    # mock uname to return generic platform
+    # mock whiptail answers and ensure installer dependencies
    mock_command('whiptail', {'*': ('', '0')}, Pihole)
    Pihole.run('''
    source /opt/pihole/basic-install.sh
    distro_check
    install_dependent_packages ${INSTALLER_DEPS[@]}
    ''')
    download_binary = Pihole.run('''
    source /opt/pihole/basic-install.sh
-    FTLinstall pihole-FTL-mips
+    binary="pihole-FTL-mips"
    create_pihole_user
    FTLinstall
    ''')
    expected_stdout = cross_box + ' Downloading and Installing FTL'
    assert expected_stdout in download_binary.stdout
    error1 = 'Error: URL https://github.com/pi-hole/FTL/releases/download/'
    assert error1 in download_binary.stdout
    error2 = 'not found'
    assert error2 in download_binary.stdout
 def test_FTL_download_binary_unset_no_errors(Pihole):
    '''
    confirms unset binary variable does not download FTL engine
    '''
    # mock whiptail answers and ensure installer dependencies
    mock_command('whiptail', {'*': ('', '0')}, Pihole)
    Pihole.run('''
    source /opt/pihole/basic-install.sh
    distro_check
    install_dependent_packages ${INSTALLER_DEPS[@]}
    ''')
    download_binary = Pihole.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
    FTLinstall
    ''')
    expected_stdout = cross_box + ' Downloading and Installing FTL'
    assert expected_stdout in download_binary.stdout
@@ -514,6 +559,7 @@ def test_FTL_binary_installed_and_responsive_no_errors(Pihole):
    '''
    installed_binary = Pihole.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
    FTLdetect
    pihole-FTL version
    ''')