Merge pull request #2312 from pi-hole/release/v4.0

Update FTLDNS
Merge pull request #2304 from pi-hole/development
2018-07-28 11:13:11 -07:00 · 2018-07-27 06:19:57 -07:00 · 2018-07-24 20:58:33 -07:00
27 changed files with 583 additions and 949 deletions
--- a/README.md
+++ b/README.md
@@ -22,7 +22,7 @@ The Pi-hole[®](https://pi-hole.net/trademark-rules-and-brand-guidelines/) is a
 <a href="https://www.bountysource.com/trackers/3011939-pi-hole-pi-hole?utm_source=3011939&utm_medium=shield&utm_campaign=TRACKER_BADGE"><img src="https://www.bountysource.com/badge/tracker?tracker_id=3011939" alt="BountySource"/></a>

 ## One-Step Automated Install
-Those who want to get started quickly and conveniently may install Pi-hole using the following command:
+Those who want to get started quickly and conveniently, may install Pi-hole using the following command:

 #### `curl -sSL https://install.pi-hole.net | bash`

@@ -46,14 +46,14 @@ sudo bash basic-install.sh

 Once the installer has been run, you will need to [configure your router to have **DHCP clients use Pi-hole as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) which ensures that all devices connecting to your network will have content blocked without any further intervention.

-If your router does not support setting the DNS server, you can [use Pi-hole's built-in DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026); just be sure to disable DHCP on your router first (if it has that feature available).
+If your router does not support setting the DNS server, you can [use Pi-hole's built in DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026); just be sure to disable DHCP on your router first (if it has that feature available).

 As a last resort, you can always manually set each device to use Pi-hole as their DNS server.

 -----

 ## Pi-hole is free, but powered by your support
-There are many reoccurring costs involved with maintaining free, open source, and privacy-respecting software; expenses which [our volunteer developers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software, as well as the importance of keeping it maintained.
+There are many reoccurring costs involved with maintaining free, open source, and privacy respecting software; expenses which [our volunteer developers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software, as well as the importance of keeping it maintained.

 Make no mistake: **your support is absolutely vital to help keep us innovating!**

@@ -70,7 +70,7 @@ Sending a donation using our links below is **extremely helpful** in offsetting
 If you'd rather not [donate](https://pi-hole.net/donate/) (_which is okay!_), there are other ways you can help support us:
 - [Patreon](https://patreon.com/pihole) _Become a patron for rewards_
 - [Digital Ocean](http://www.digitalocean.com/?refcode=344d234950e1) _affiliate link_
- [Stickermule](https://www.stickermule.com/unlock?ref_id=6055890701&utm_medium=link&utm_source=invite) _earn a $10 credit after your first purchase_
+- [UNIXstickers.com](http://unixstickers.refr.cc/jacobs) _save $5 when you spend $9 using our affiliate link_
 - [Pi-hole Swag Store](https://pi-hole.net/shop/) _affiliate link_
 - [Amazon](http://www.amazon.com/exec/obidos/redirect-home/pihole09-20) _affiliate link_
 - [DNS Made Easy](https://cp.dnsmadeeasy.com/u/133706) _affiliate link_
@@ -82,7 +82,7 @@ We welcome _everyone_ to contribute to issue reports, suggest new features, and

 If you have something to add - anything from a typo through to a whole new feature, we're happy to check it out! Just make sure to fill out our template when submitting your request; the questions that it asks will help the volunteers quickly understand what you're aiming to achieve.

-You'll find that the [install script](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) and the [debug script](https://github.com/pi-hole/pi-hole/blob/master/advanced/Scripts/piholeDebug.sh) have an abundance of comments, which will help you better understand how Pi-hole works. They're also a valuable resource to those who want to learn how to write scripts or code a program! We encourage anyone who likes to tinker to read through it and submit a pull request for us to review.
+You'll find that the [install script](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) and the [debug script](https://github.com/pi-hole/pi-hole/blob/master/advanced/Scripts/piholeDebug.sh) have an abundance of comments, which will help you better understand how Pi-hole works. They're also a valuable resource to those who want to learn how to write scripts or code a program! We encourage anyone who likes to tinker to read through it, and submit a pull request for us to review.

 ### Presentations about Pi-hole
 Word-of-mouth continues to help our project grow immensely, and so we are helping make this easier for people.
@@ -110,7 +110,7 @@ While we are primarily reachable on our <a href="https://discourse.pi-hole.net/"

 ## Breakdown of Features
 ### The Command Line Interface
-The `pihole` command has all the functionality necessary to be able to fully administer the Pi-hole, without the need of the Web Interface. It's fast, user-friendly, and auditable by anyone with an understanding of `bash`.
+The `pihole` command has all the functionality necessary to be able to fully administer the Pi-hole, without the need of the Web Interface. It's fast, user-friendly, and auditable by anyone with understanding of `bash`.

 <a href="https://pi-hole.github.io/graphics/Screenshots/blacklist-cli.gif"><img src="https://pi-hole.github.io/graphics/Screenshots/blacklist-cli.gif" alt="Pi-hole Blacklist Demo"/></a>

@@ -137,7 +137,7 @@ Some notable features include:
 * Detailed graphs and doughnut charts
 * Top lists of domains and clients
 * A filterable and sortable query log
-* Long Term Statistics to view data over user-defined time ranges
+* Long Term Statistics to view data over user defined time ranges
 * The ability to easily manage and configure Pi-hole features
 * ... and all the main features of the Command Line Interface!

@@ -148,7 +148,7 @@ There are several ways to [access the dashboard](https://discourse.pi-hole.net/t
 3. `http://pi.hole/` (when using Pi-hole as your DNS server)

 ## Faster-than-light Engine
-FTLDNS is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*!
+FTLDNS[™](https://pi-hole.net/trademark-rules-and-brand-guidelines/) is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*!

 Some of the statistics you can integrate include:
 * Total number of domains being blocked
@@ -165,46 +165,40 @@ The API can be accessed via [`telnet`](https://github.com/pi-hole/FTL), the Web
 -----

 ## The Origin Of Pi-hole
-Pi-hole being an **advertising-aware DNS/Web server**, makes use of the following technologies:
+Pi-hole being a **advertising-aware DNS/Web server**, makes use of the following technologies:

 * [`dnsmasq`](http://www.thekelleys.org.uk/dnsmasq/doc.html) - a lightweight DNS and DHCP server
 * [`curl`](https://curl.haxx.se) - A command line tool for transferring data with URL syntax
-* [`lighttpd`](https://www.lighttpd.net) - web server designed and optimized for high performance
+* [`lighttpd`](https://www.lighttpd.net) - webserver designed and optimized for high performance
 * [`php`](https://secure.php.net) - a popular general-purpose web scripting language
 * [AdminLTE Dashboard](https://github.com/almasaeed2010/AdminLTE) - premium admin control panel based on Bootstrap 3.x

-While quite outdated at this point, [this original blog post about Pi-hole](https://jacobsalmela.com/2015/06/16/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/) goes into **great detail** about how Pi-hole was originally set up and how it works. Syntactically, it's no longer accurate, but the same basic principles and logic still apply to Pi-hole's current state.
-
+While quite outdated at this point, [this original blog post about Pi-hole](https://jacobsalmela.com/2015/06/16/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/) goes into **great detail** about how Pi-hole was originally setup and how it works. Syntactically, it's no longer accurate, but the same basic principles and logic still apply to Pi-hole's current state.
 -----

 ## Coverage
- [Lifehacker: Turn A Raspberry Pi Into An Ad Blocker With A Single Command](https://www.lifehacker.com.au/2015/02/turn-a-raspberry-pi-into-an-ad-blocker-with-a-single-command/) (Feburary, 2015)
- [MakeUseOf: Adblock Everywhere: The Raspberry Pi-Hole Way](http://www.makeuseof.com/tag/adblock-everywhere-raspberry-pi-hole-way/) (March, 2015)
- [Catchpoint: Ad-Blocking on Apple iOS9: Valuing the End User Experience](http://blog.catchpoint.com/2015/09/14/ad-blocking-apple/) (September, 2015)
- [Security Now Netcast: Pi-hole](https://www.youtube.com/watch?v=p7-osq_y8i8&t=100m26s) (October, 2015)
- [TekThing: Raspberry Pi-Hole Makes Ads Disappear!](https://youtu.be/8Co59HU2gY0?t=2m) (December, 2015)
- [Foolish Tech Show](https://youtu.be/bYyena0I9yc?t=2m4s) (December, 2015)
- [Block Ads on All Home Devices for $53.18](https://medium.com/@robleathern/block-ads-on-all-home-devices-for-53-18-a5f1ec139693#.gj1xpgr5d) (December, 2015)
- [Pi-Hole for Ubuntu 14.04](http://www.boyter.org/2015/12/pi-hole-ubuntu-14-04/) (December, 2015)
- [MacObserver Podcast 585](https://www.macobserver.com/tmo/podcast/macgeekgab-585) (December, 2015)
- [The Defrag Show: Endoscope USB Camera, The Final [HoloLens] Vote, Adblock Pi and more](https://channel9.msdn.com/Shows/The-Defrag-Show/Defrag-Endoscope-USB-Camera-The-Final-HoloLens-Vote-Adblock-Pi-and-more?WT.mc_id=dlvr_twitter_ch9#time=20m39s) (January, 2016)
- [Adafruit: Pi-hole is a black hole for internet ads](https://blog.adafruit.com/2016/03/04/pi-hole-is-a-black-hole-for-internet-ads-piday-raspberrypi-raspberry_pi/) (March, 2016)
- [Digital Trends: 5 Fun, Easy Projects You Can Try With a $35 Raspberry Pi](https://youtu.be/QwrKlyC2kdM?t=1m42s) (March, 2016)
- [Adafruit: Raspberry Pi Quick Look at Pi Hole ad blocking server with Tony D](https://www.youtube.com/watch?v=eg4u2j1HYlI) (June, 2016)
- [Devacron: OrangePi Zero as an Ad-Block server with Pi-Hole](http://www.devacron.com/orangepi-zero-as-an-ad-block-server-with-pi-hole/) (December, 2016)
- [Linux Pro: The Hole Truth](http://www.linuxpromagazine.com/Issues/2017/200/The-sysadmin-s-daily-grind-Pi-hole) (July, 2017)
- [Adafruit: installing Pi-hole on a Pi Zero W](https://learn.adafruit.com/pi-hole-ad-blocker-with-pi-zero-w/install-pi-hole) (August, 2017)
- [CryptoAUSTRALIA: How We Tried 5 Privacy Focused Raspberry Pi Projects](https://blog.cryptoaustralia.org.au/2017/10/05/5-privacy-focused-raspberry-pi-projects/) (October, 2017)
- [CryptoAUSTRALIA: Pi-hole Workshop](https://blog.cryptoaustralia.org.au/2017/11/02/pi-hole-network-wide-ad-blocker/) (November, 2017)
- [Know How 355: Killing ads with a Raspberry Pi-Hole!](https://www.twit.tv/shows/know-how/episodes/355) (November, 2017)
- [Hobohouse: Block Advertising on your Network with Pi-hole and Raspberry Pi](https://hobo.house/2018/02/27/block-advertising-with-pi-hole-and-raspberry-pi/) (March, 2018)
- [Scott Helme: Securing DNS across all of my devices with Pi-Hole + DNS-over-HTTPS + 1.1.1.1](https://scotthelme.co.uk/securing-dns-across-all-of-my-devices-with-pihole-dns-over-https-1-1-1-1/) (April, 2018)
- [Scott Helme: Catching and dealing with naughty devices on my home network](https://scotthelme.co.uk/catching-naughty-devices-on-my-home-network/) (April, 2018)
- [Bloomberg Business Week: Brotherhood of the Ad blockers](https://www.bloomberg.com/news/features/2018-05-10/inside-the-brotherhood-of-pi-hole-ad-blockers) (May, 2018)
- [Software Engineering Daily: Interview with the creator of Pi-hole](https://softwareengineeringdaily.com/2018/05/29/pi-hole-ad-blocker-hardware-with-jacob-salmela/) (May, 2018)
- [Raspberry Pi: Block ads at home using Pi-hole and a Raspberry Pi](https://www.raspberrypi.org/blog/pi-hole-raspberry-pi/) (July, 2018)
- [Troy Hunt: Mmm... Pi-hole...](https://www.troyhunt.com/mmm-pi-hole/) (September, 2018)
- [PEBKAK Podcast: Interview With Jacob Salmela](https://www.jerseystudios.net/2018/10/11/150-pi-hole/) (October, 2018)
+- [Software Engineering Daily: Interview with the creator of Pi-hole](https://softwareengineeringdaily.com/2018/05/29/pi-hole-ad-blocker-hardware-with-jacob-salmela/)
+- [Bloomberg Business Week: Brotherhood of the Ad blockers](https://www.bloomberg.com/news/features/2018-05-10/inside-the-brotherhood-of-pi-hole-ad-blockers)
+- [Securing DNS across all of my devices with Pi-Hole + DNS-over-HTTPS + 1.1.1.1](https://scotthelme.co.uk/securing-dns-across-all-of-my-devices-with-pihole-dns-over-https-1-1-1-1/)
+- [Adafruit: installing Pi-hole on a Pi Zero W](https://learn.adafruit.com/pi-hole-ad-blocker-with-pi-zero-w/install-pi-hole)
+- [Lifehacker: Turn A Raspberry Pi Into An Ad Blocker With A Single Command](https://www.lifehacker.com.au/2015/02/turn-a-raspberry-pi-into-an-ad-blocker-with-a-single-command/)
+- [MakeUseOf: Adblock Everywhere: The Raspberry Pi-Hole Way](http://www.makeuseof.com/tag/adblock-everywhere-raspberry-pi-hole-way/)
+- [Catchpoint: Ad-Blocking on Apple iOS9: Valuing the End User Experience](http://blog.catchpoint.com/2015/09/14/ad-blocking-apple/)
+- [Security Now Netcast: Pi-hole](https://www.youtube.com/watch?v=p7-osq_y8i8&t=100m26s)
+- [TekThing: Raspberry Pi-Hole Makes Ads Disappear!](https://youtu.be/8Co59HU2gY0?t=2m)
+- [Foolish Tech Show](https://youtu.be/bYyena0I9yc?t=2m4s)
+- [Block Ads on All Home Devices for $53.18](https://medium.com/@robleathern/block-ads-on-all-home-devices-for-53-18-a5f1ec139693#.gj1xpgr5d)
+- [Pi-Hole for Ubuntu 14.04](http://www.boyter.org/2015/12/pi-hole-ubuntu-14-04/)
+- [MacObserver Podcast 585](https://www.macobserver.com/tmo/podcast/macgeekgab-585)
+- [The Defrag Show: Endoscope USB Camera, The Final [HoloLens] Vote, Adblock Pi and more](https://channel9.msdn.com/Shows/The-Defrag-Show/Defrag-Endoscope-USB-Camera-The-Final-HoloLens-Vote-Adblock-Pi-and-more?WT.mc_id=dlvr_twitter_ch9#time=20m39s)
+- [Adafruit: Pi-hole is a black hole for internet ads](https://blog.adafruit.com/2016/03/04/pi-hole-is-a-black-hole-for-internet-ads-piday-raspberrypi-raspberry_pi/)
+- [Digital Trends: 5 Fun, Easy Projects You Can Try With a $35 Raspberry Pi](https://youtu.be/QwrKlyC2kdM?t=1m42s)
+- [Adafruit: Raspberry Pi Quick Look at Pi Hole ad blocking server with Tony D](https://www.youtube.com/watch?v=eg4u2j1HYlI)
+- [Devacron: OrangePi Zero as an Ad-Block server with Pi-Hole](http://www.devacron.com/orangepi-zero-as-an-ad-block-server-with-pi-hole/)
+- [Linux Pro: The Hole Truth](http://www.linuxpromagazine.com/Issues/2017/200/The-sysadmin-s-daily-grind-Pi-hole)
+- [CryptoAUSTRALIA: How We Tried 5 Privacy Focused Raspberry Pi Projects](https://blog.cryptoaustralia.org.au/2017/10/05/5-privacy-focused-raspberry-pi-projects/)
+- [CryptoAUSTRALIA: Pi-hole Workshop](https://blog.cryptoaustralia.org.au/2017/11/02/pi-hole-network-wide-ad-blocker/)
+- [Know How 355: Killing ads with a Raspberry Pi-Hole!](https://www.twit.tv/shows/know-how/episodes/355)

 -----

--- a/advanced/01-pihole.conf
+++ b/advanced/01-pihole.conf
@@ -1,11 +1,13 @@
 # Pi-hole: A black hole for Internet advertisements
-# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
+# (c) 2015, 2016 by Jacob Salmela
+# Network-wide ad blocking via your Raspberry Pi
+# http://pi-hole.net
+# dnsmasq config for Pi-hole
 #
-# Dnsmasq config for Pi-hole's FTLDNS
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
+# Pi-hole is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.

 ###############################################################################
 #      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
@@ -14,17 +16,14 @@
 #        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
 #                      /etc/pihole/setupVars.conf                             #
 #                                                                             #
-#        ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
-#                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
+#        ANY OTHER CHANGES SHOULD BE MADE IN A SEPERATE CONFIG FILE           #
+#                        OR IN /etc/dnsmasq.conf                              #
 ###############################################################################

 addn-hosts=/etc/pihole/gravity.list
 addn-hosts=/etc/pihole/black.list
 addn-hosts=/etc/pihole/local.list

-user=pihole
-group=pihole
-
 domain-needed

 localise-queries
@@ -40,14 +39,9 @@ interface=@INT@

 cache-size=10000

-log-queries
+log-queries=extra
 log-facility=/var/log/pihole.log

 local-ttl=2

 log-async
-
-# If a DHCP client claims that its name is "wpad", ignore that.
-# This fixes a security hole. see CERT Vulnerability VU#598349
-dhcp-name-match=set:wpad-ignore,wpad
-dhcp-ignore-names=tag:wpad-ignore
--- a/advanced/Scripts/chronometer.sh
+++ b/advanced/Scripts/chronometer.sh
@@ -8,7 +8,6 @@
 #
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
-LC_ALL=C
 LC_NUMERIC=C

 # Retrieve stats from FTL engine
@@ -244,7 +243,7 @@ get_sys_stats() {
        disk_total="${disk_raw[1]}"
        disk_perc="${disk_raw[2]}"

-        net_gateway=$(ip route | grep default | cut -d ' ' -f 3 | head -n 1)
+        net_gateway=$(route -n | awk '$4 == "UG" {print $2;exit}')

        # Get DHCP stats, if feature is enabled
        if [[ "$DHCP_ACTIVE" == "true" ]]; then
@@ -479,7 +478,7 @@ chronoFunc() {
            ${COL_LIGHT_RED}Press Ctrl-C to exit${COL_NC}
            ${COL_DARK_GRAY}$scr_line_str${COL_NC}"
        else
-        echo -e "[0;1;31;91m|¯[0;1;33;93m¯[0;1;32;92m¯[0;1;32;92m(¯[0;1;36;96m)[0;1;34;94m_[0;1;35;95m|[0;1;33;93m¯[0;1;31;91m|_  [0;1;32;92m__[0;1;36;96m_|[0;1;31;91m¯[0;1;34;94m|[0;1;35;95m__[0;1;31;91m_[0m$phc_ver_str\\n[0;1;33;93m| ¯[0;1;32;92m_[0;1;36;96m/¯[0;1;34;94m|[0;1;35;95m_[0;1;31;91m| [0;1;33;93m' [0;1;32;92m\\/ [0;1;36;96m_ [0;1;34;94m\\ [0;1;35;95m/ [0;1;31;91m-[0;1;33;93m_)[0m$lte_ver_str\\n[0;1;32;92m|_[0;1;36;96m| [0;1;34;94m|_[0;1;35;95m| [0;1;33;93m|_[0;1;32;92m||[0;1;36;96m_\\[0;1;34;94m__[0;1;35;95m_/[0;1;31;91m_\\[0;1;33;93m__[0;1;32;92m_|[0m$ftl_ver_str\\n ${COL_DARK_GRAY}$scr_line_str${COL_NC}"
+        echo -e "[0;1;31;91m|¯[0;1;33;93m¯[0;1;32;92m¯[0;1;32;92m(¯[0;1;36;96m)[0;1;34;94m_[0;1;35;95m|[0;1;33;93m¯[0;1;31;91m|_  [0;1;32;92m__[0;1;36;96m_|[0;1;31;91m¯[0;1;34;94m|[0;1;35;95m__[0;1;31;91m_[0m$phc_ver_str[0;1;33;93m| ¯[0;1;32;92m_[0;1;36;96m/¯[0;1;34;94m|[0;1;35;95m_[0;1;31;91m| [0;1;33;93m' [0;1;32;92m\\/ [0;1;36;96m_ [0;1;34;94m\\ [0;1;35;95m/ [0;1;31;91m-[0;1;33;93m_)[0m$lte_ver_str[0;1;32;92m|_[0;1;36;96m| [0;1;34;94m|_[0;1;35;95m| [0;1;33;93m|_[0;1;32;92m||[0;1;36;96m_\\[0;1;34;94m__[0;1;35;95m_/[0;1;31;91m_\\[0;1;33;93m__[0;1;32;92m_|[0m$ftl_ver_str ${COL_DARK_GRAY}$scr_line_str${COL_NC}"
        fi

        printFunc "  Hostname: " "$sys_name" "$host_info"
--- a/advanced/Scripts/list.sh
+++ b/advanced/Scripts/list.sh
@@ -13,7 +13,6 @@ basename=pihole
 piholeDir=/etc/"${basename}"
 whitelist="${piholeDir}"/whitelist.txt
 blacklist="${piholeDir}"/blacklist.txt
-
 readonly regexlist="/etc/pihole/regex.list"
 reload=false
 addmode=true
@@ -142,7 +141,7 @@ AddDomain() {
        bool=true
        domain="${1}"

-        [[ "${wildcard}" == true ]] && domain="(^|\\.)${domain//\./\\.}$"
+        [[ "${wildcard}" == true ]] && domain="((^)|(\\.))${domain//\./\\.}$"

        # Is the domain in the list?
        # Search only for exactly matching lines
@@ -190,7 +189,7 @@ RemoveDomain() {
        [[ -z "${type}" ]] && type="--wildcard-only"
        domain="${1}"

-        [[ "${wildcard}" == true ]] && domain="(^|\\.)${domain//\./\\.}$"
+        [[ "${wildcard}" == true ]] && domain="((^)|(\\.))${domain//\./\\.}$"

        bool=true
        # Is it in the list?
--- a/advanced/Scripts/piholeCheckout.sh
+++ b/advanced/Scripts/piholeCheckout.sh
@@ -167,7 +167,7 @@ checkout() {
            echo "  ${TICK} Branch ${2} exists"
            echo "${2}" > /etc/pihole/ftlbranch
            FTLinstall "${binary}"
-            restart_service pihole-FTL
+            start_service pihole-FTL
            enable_service pihole-FTL
        else
            echo "  ${CROSS} Requested branch \"${2}\" is not available"
--- a/advanced/Scripts/piholeDebug.sh
+++ b/advanced/Scripts/piholeDebug.sh
@@ -76,7 +76,6 @@ WEB_SERVER_CONFIG_DIRECTORY="/etc/lighttpd"
 HTML_DIRECTORY="/var/www/html"
 WEB_GIT_DIRECTORY="${HTML_DIRECTORY}/admin"
 #BLOCK_PAGE_DIRECTORY="${HTML_DIRECTORY}/pihole"
-SHM_DIRECTORY="/dev/shm"

 # Files required by Pi-hole
 # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684
@@ -120,7 +119,7 @@ PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error.log"
 #SUPPORTED_OS=("Raspbian" "Ubuntu" "Fedora" "Debian" "CentOS")

 # Store Pi-hole's processes in an array for easy use and parsing
-PIHOLE_PROCESSES=( "lighttpd" "pihole-FTL" )
+PIHOLE_PROCESSES=( "dnsmasq" "lighttpd" "pihole-FTL" )

 # Store the required directories in an array so it can be parsed through
 #REQUIRED_DIRECTORIES=("${CORE_GIT_DIRECTORY}"
@@ -338,6 +337,8 @@ get_program_version() {
    case "${program_name}" in
        "lighttpd") program_version="$(${program_name} -v |& head -n1 | cut -d '/' -f2 | cut -d ' ' -f1)"
                    ;;
+        "dnsmasq") program_version="$(${program_name} -v |& head -n1 | awk '{print $3}')"
+                    ;;
        "php") program_version="$(${program_name} -v |& head -n1 | cut -d '-' -f1 | cut -d ' ' -f2)"
                ;;
        # If a match is not found, show an error
@@ -357,6 +358,7 @@ get_program_version() {
 # and their versions, using the functions above.
 check_critical_program_versions() {
    # Use the function created earlier and bundle them into one function that checks all the version numbers
+    get_program_version "dnsmasq"
    get_program_version "lighttpd"
    get_program_version "php"
 }
@@ -638,12 +640,11 @@ ping_internet() {
 compare_port_to_service_assigned() {
    local service_name="${1}"
    # The programs we use may change at some point, so they are in a varible here
-    local resolver="pihole-FTL"
+    local resolver="dnsmasq"
    local web_server="lighttpd"
    local ftl="pihole-FTL"
-
-    # If the service is a Pi-hole service, highlight it in green
    if [[ "${service_name}" == "${resolver}" ]] || [[ "${service_name}" == "${web_server}" ]] || [[ "${service_name}" == "${ftl}" ]]; then
+        # if port 53 is dnsmasq, show it in green as it's standard
        log_write "[${COL_GREEN}${port_number}${COL_NC}] is in use by ${COL_GREEN}${service_name}${COL_NC}"
    # Otherwise,
    else
@@ -656,7 +657,7 @@ check_required_ports() {
    echo_current_diagnostic "Ports in use"
    # Since Pi-hole needs 53, 80, and 4711, check what they are being used by
    # so we can detect any issues
-    local resolver="pihole-FTL"
+    local resolver="dnsmasq"
    local web_server="lighttpd"
    local ftl="pihole-FTL"
    # Create an array for these ports in use
@@ -681,7 +682,7 @@ check_required_ports() {
            continue
        fi
        # Use a case statement to determine if the right services are using the right ports
-        case "$(echo "$port_number" | rev | cut -d: -f1 | rev)" in
+        case "${port_number}" in
            53) compare_port_to_service_assigned  "${resolver}"
                ;;
            80) compare_port_to_service_assigned  "${web_server}"
@@ -835,13 +836,9 @@ process_status(){
            local status_of_process
            status_of_process=$(systemctl is-active "${i}")
        else
-            # Otherwise, use the service command and mock the output of `systemctl is-active`
+            # Otherwise, use the service command
            local status_of_process
-            if service "${i}" status | grep -E 'is\srunning' &> /dev/null; then
-                status_of_process="active"
-            else
-                status_of_process="inactive"
-            fi
+            status_of_process=$(service "${i}" status | awk '/Active:/ {print $2}') &> /dev/null
        fi
        # and print it out to the user
        if [[ "${status_of_process}" == "active" ]]; then
@@ -910,7 +907,7 @@ parse_file() {
        #shellcheck disable=SC2016
        IFS=$'\r\n' command eval 'file_info=( $(cat "${filename}") )'
    else
-        read -r -a file_info <<< "$filename"
+        read -a file_info <<< $filename
    fi
    # Set a named variable for better readability
    local file_lines
@@ -977,9 +974,6 @@ list_files_in_dir() {
            [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_WEB_SERVER_ACCESS_LOG_FILE}" ]] || \
            [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_LOG_GZIPS}" ]]; then
            :
-        elif [[ "${dir_to_parse}" == "${SHM_DIRECTORY}" ]]; then
-            # SHM file - we do not want to see the content, but we want to see the files and their sizes
-            log_write "$(ls -ld "${dir_to_parse}"/"${each_file}")"
        else
            # Then, parse the file's content into an array so each line can be analyzed if need be
            for i in "${!REQUIRED_FILES[@]}"; do
@@ -1023,7 +1017,6 @@ show_content_of_pihole_files() {
    show_content_of_files_in_dir "${CRON_D_DIRECTORY}"
    show_content_of_files_in_dir "${WEB_SERVER_LOG_DIRECTORY}"
    show_content_of_files_in_dir "${LOG_DIRECTORY}"
-    show_content_of_files_in_dir "${SHM_DIRECTORY}"
 }

 head_tail_log() {
--- a/advanced/Scripts/piholeLogFlush.sh
+++ b/advanced/Scripts/piholeLogFlush.sh
@@ -58,8 +58,6 @@ else
    # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
    deleted=$(sqlite3 "${DBFILE}" "DELETE FROM queries WHERE timestamp >= strftime('%s','now')-86400; select changes() from queries limit 1")

-    # Restart pihole-FTL to force reloading history
-    sudo pihole restartdns
 fi

 if [[ "$@" != *"quiet"* ]]; then
--- a/advanced/Scripts/updatecheck.sh
+++ b/advanced/Scripts/updatecheck.sh
@@ -37,55 +37,30 @@ function get_local_version() {
    git describe --long --dirty --tags || return 1
 }

-# Source the setupvars config file
-# shellcheck disable=SC1091
-. /etc/pihole/setupVars.conf
-
 if [[ "$2" == "remote" ]]; then

    if [[ "$3" == "reboot" ]]; then
        sleep 30
    fi

-    GITHUB_VERSION_FILE="/etc/pihole/GitHubVersions"
+    GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")"
+    GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")"
+    GITHUB_FTL_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null)")"

-    GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")"
-    echo -n "${GITHUB_CORE_VERSION}" > "${GITHUB_VERSION_FILE}"
-
-    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
-        GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")"
-        echo -n " ${GITHUB_WEB_VERSION}" >> "${GITHUB_VERSION_FILE}"
-    fi
-
-    GITHUB_FTL_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null)")"
-    echo -n " ${GITHUB_FTL_VERSION}" >> "${GITHUB_VERSION_FILE}"
+    echo -n "${GITHUB_CORE_VERSION} ${GITHUB_WEB_VERSION} ${GITHUB_FTL_VERSION}" > "/etc/pihole/GitHubVersions"

 else

-    LOCAL_BRANCH_FILE="/etc/pihole/localbranches"
-
    CORE_BRANCH="$(get_local_branch /etc/.pihole)"
-    echo -n "${CORE_BRANCH}" > "${LOCAL_BRANCH_FILE}"
-
-    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
-        WEB_BRANCH="$(get_local_branch /var/www/html/admin)"
-        echo -n " ${WEB_BRANCH}" >> "${LOCAL_BRANCH_FILE}"
-    fi
-
+    WEB_BRANCH="$(get_local_branch /var/www/html/admin)"
    FTL_BRANCH="$(pihole-FTL branch)"
-    echo -n " ${FTL_BRANCH}" >> "${LOCAL_BRANCH_FILE}"

-    LOCAL_VERSION_FILE="/etc/pihole/localversions"
+    echo -n "${CORE_BRANCH} ${WEB_BRANCH} ${FTL_BRANCH}" > "/etc/pihole/localbranches"

    CORE_VERSION="$(get_local_version /etc/.pihole)"
-    echo -n "${CORE_VERSION}" > "${LOCAL_VERSION_FILE}"
-
-    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
-        WEB_VERSION="$(get_local_version /var/www/html/admin)"
-        echo -n " ${WEB_VERSION}" >> "${LOCAL_VERSION_FILE}"
-    fi
-
+    WEB_VERSION="$(get_local_version /var/www/html/admin)"
    FTL_VERSION="$(pihole-FTL version)"
-    echo -n " ${FTL_VERSION}" >> "${LOCAL_VERSION_FILE}"
+
+    echo -n "${CORE_VERSION} ${WEB_VERSION} ${FTL_VERSION}" > "/etc/pihole/localversions"

 fi
--- a/advanced/Scripts/version.sh
+++ b/advanced/Scripts/version.sh
@@ -136,16 +136,8 @@ errorOutput() {
 }

 defaultOutput() {
-    # Source the setupvars config file
-    # shellcheck disable=SC1091
-    source /etc/pihole/setupVars.conf
-
    versionOutput "pi-hole" "$@"
-
-    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
-        versionOutput "AdminLTE" "$@"
-    fi
-
+    versionOutput "AdminLTE" "$@"
    versionOutput "FTL" "$@"
 }

--- a/advanced/Scripts/webpage.sh
+++ b/advanced/Scripts/webpage.sh
@@ -36,7 +36,7 @@ Options:
  -e, email           Set an administrative contact address for the Block Page
  -h, --help          Show this help dialog
  -i, interface       Specify dnsmasq's interface listening behavior
-  -l, privacylevel    Set privacy level (0 = lowest, 4 = highest)"
+  -l, privacylevel    Set privacy level (0 = lowest, 3 = highest)"
    exit 0
 }

@@ -110,7 +110,7 @@ SetWebPassword() {
        # Prevents a bug if the user presses Ctrl+C and it continues to hide the text typed.
        # So we reset the terminal via stty if the user does press Ctrl+C
        trap '{ echo -e "\nNo password will be set" ; stty sane ; exit 1; }' INT
-        read -s -r -p "Enter New Password (Blank for no password): " PASSWORD
+        read -s -p "Enter New Password (Blank for no password): " PASSWORD
        echo ""

    if [ "${PASSWORD}" == "" ]; then
@@ -119,13 +119,12 @@ SetWebPassword() {
        exit 0
    fi

-    read -s -r -p "Confirm Password: " CONFIRM
+    read -s -p "Confirm Password: " CONFIRM
    echo ""
    fi

    if [ "${PASSWORD}" == "${CONFIRM}" ] ; then
-        # We do not wrap this in brackets, otherwise BASH will expand any appropriate syntax
-        hash=$(HashPassword "$PASSWORD")
+        hash=$(HashPassword "${PASSWORD}")
        # Save hash to file
        change_setting "WEBPASSWORD" "${hash}"
        echo -e "  ${TICK} New password set"
@@ -327,12 +326,6 @@ dhcp-leasefile=/etc/pihole/dhcp.leases
        echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}"
    fi

-    # Sourced from setupVars
-    # shellcheck disable=SC2154
-    if [[ "${DHCP_rapid_commit}" == "true" ]]; then
-        echo "dhcp-rapid-commit" >> "${dhcpconfig}"
-    fi
-
    if [[ "${DHCP_IPv6}" == "true" ]]; then
        echo "#quiet-dhcp6
 #enable-ra
@@ -357,7 +350,6 @@ EnableDHCP() {
    change_setting "DHCP_LEASETIME" "${args[5]}"
    change_setting "PIHOLE_DOMAIN" "${args[6]}"
    change_setting "DHCP_IPv6" "${args[7]}"
-    change_setting "DHCP_rapid_commit" "${args[8]}"

    # Remove possible old setting from file
    delete_dnsmasq_setting "dhcp-"
@@ -533,24 +525,14 @@ Teleporter() {
    php /var/www/html/admin/scripts/pi-hole/php/teleporter.php > "pi-hole-teleporter_${datetimestamp}.zip"
 }

-addAudit()
+audit()
 {
-    shift # skip "-a"
-    shift # skip "audit"
-    for var in "$@"
-    do
-        echo "${var}" >> /etc/pihole/auditlog.list
-    done
-}
-
-clearAudit()
-{
-    echo -n "" > /etc/pihole/auditlog.list
+    echo "${args[2]}" >> /etc/pihole/auditlog.list
 }

 SetPrivacyLevel() {
-    # Set privacy level. Minimum is 0, maximum is 4
-    if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 4 ]; then
+    # Set privacy level. Minimum is 0, maximum is 3
+    if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 3 ]; then
        changeFTLsetting "PRIVACYLEVEL" "${args[2]}"
    fi
 }
@@ -583,8 +565,7 @@ main() {
        "-i" | "interface"    ) SetListeningMode "$@";;
        "-t" | "teleporter"   ) Teleporter;;
        "adlist"              ) CustomizeAdLists;;
-        "audit"               ) addAudit "$@";;
-        "clearaudit"          ) clearAudit;;
+        "audit"               ) audit;;
        "-l" | "privacylevel" ) SetPrivacyLevel;;
        *                     ) helpFunc;;
    esac
--- a/advanced/Scripts/wildcard_regex_converter.sh
+++ b/advanced/Scripts/wildcard_regex_converter.sh
@@ -24,5 +24,5 @@ convert_wildcard_to_regex() {
    # Remove repeated domains (may have been inserted two times due to A and AAAA blocking)
    uniquedomains="$(uniq <<< "${domains}")"
    # Automatically generate regex filters and remove old wildcards file
-    awk '{print "(^|\\.)"$0"$"}' <<< "${uniquedomains}" >> "${regexFile:?}" && rm "${wildcardFile}"
+    awk '{print "((^)|(\\.))"$0"$"}' <<< "${uniquedomains}" >> "${regexFile:?}" && rm "${wildcardFile}"
 }
--- a/advanced/bash-completion/pihole
+++ b/advanced/bash-completion/pihole
@@ -56,7 +56,7 @@ _pihole() {
 		;;
 		"privacylevel")
 			if ( [[ "$prev2" == "admin" ]] || [[ "$prev2" == "-a" ]] ); then
-				opts_privacy="0 1 2 3 4"
+				opts_privacy="0 1 2 3"
 				COMPREPLY=( $(compgen -W "${opts_privacy}" -- ${cur}) )
 			else 
 				return 1
--- a/advanced/index.php
+++ b/advanced/index.php
@@ -8,8 +8,6 @@

 // Sanitise HTTP_HOST output
 $serverName = htmlspecialchars($_SERVER["HTTP_HOST"]);
-// Remove external ipv6 brackets if any
-$serverName = preg_replace('/^\[(.*)\]$/', '${1}', $serverName);

 if (!is_file("/etc/pihole/setupVars.conf"))
  die("[ERROR] File not found: <code>/etc/pihole/setupVars.conf</code>");
--- a/advanced/lighttpd.conf.debian
+++ b/advanced/lighttpd.conf.debian
@@ -72,5 +72,4 @@ $HTTP["url"] =~ "^/admin/\.(.*)" {
 }

 # Add user chosen options held in external file
-# This uses include_shell instead of an include wildcard for compatibility
 include_shell "cat external.conf 2>/dev/null"
--- a/advanced/lighttpd.conf.fedora
+++ b/advanced/lighttpd.conf.fedora
@@ -90,5 +90,4 @@ $HTTP["url"] =~ "^/admin/\.(.*)" {
 }

 # Add user chosen options held in external file
-# This uses include_shell instead of an include wildcard for compatibility
 include_shell "cat external.conf 2>/dev/null"
--- a/advanced/Templates/logrotate
+++ b/advanced/Templates/logrotate
--- a/advanced/Templates/pihole-FTL.service
+++ b/advanced/Templates/pihole-FTL.service
@@ -26,26 +26,17 @@ start() {
  if is_running; then
    echo "pihole-FTL is already running"
  else
-    # Touch files to ensure they exist (create if non-existing, preserve if existing)
-    touch /var/log/pihole-FTL.log /var/log/pihole.log
-    touch /run/pihole-FTL.pid /run/pihole-FTL.port
-    touch /etc/pihole/dhcp.leases
+    touch /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
    mkdir -p /var/run/pihole
    mkdir -p /var/log/pihole
    chown pihole:pihole /var/run/pihole /var/log/pihole
    rm /var/run/pihole/FTL.sock 2> /dev/null
-    # Ensure that permissions are set so that pihole-FTL can edit all necessary files
-    chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port
-    chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases 2> /dev/null
-    chown pihole:pihole /var/log/pihole-FTL.log /var/log/pihole.log
+    chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port
+    chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log
    chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
+    setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip "$(which pihole-FTL)"
    echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.piholeFTL
-    if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+eip "$(which pihole-FTL)"; then
-      su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER"
-    else
-      echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system"
-      pihole-FTL
-    fi
+    su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER"
    echo
  fi
 }
@@ -87,7 +78,7 @@ status() {
    echo "[    ] pihole-FTL is not running"
    exit 1
  fi
-}
+}  


 ### main logic ###
--- a/advanced/Templates/pihole.cron
+++ b/advanced/Templates/pihole.cron
@@ -16,9 +16,7 @@

 # Pi-hole: Update the ad sources once a week on Sunday at a random time in the
 #          early morning. Download any updates from the adlists
-#          Squash output to log, then splat the log to stdout on error to allow for
-#          standard crontab job error handling.
-59 1    * * 7   root    PATH="$PATH:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log
+59 1    * * 7   root    PATH="$PATH:/usr/local/bin/" pihole updateGravity

 # Pi-hole: Flush the log daily at 00:00
 #          The flush script will use logrotate if available
--- a/advanced/Templates/pihole.sudo
+++ b/advanced/Templates/pihole.sudo
--- a/install/basic-install.sh
+++ b/install/basic-install.sh
--- a/install/uninstall.sh
+++ b/install/uninstall.sh
@@ -106,7 +106,7 @@ removeNoPurge() {
    ${SUDO} rm -rf /var/www/html/pihole &> /dev/null
    ${SUDO} rm -f /var/www/html/index.lighttpd.orig &> /dev/null

-    # If the web directory is empty after removing these files, then the parent html directory can be removed.
+    # If the web directory is empty after removing these files, then the parent html folder can be removed.
    if [ -d "/var/www/html" ]; then
        if [[ ! "$(ls -A /var/www/html)" ]]; then
            ${SUDO} rm -rf /var/www/html &> /dev/null
--- a/gravity.sh
+++ b/gravity.sh
@@ -68,35 +68,11 @@ else
  exit 1
 fi

-# Source pihole-FTL from install script
-pihole_FTL="${piholeDir}/pihole-FTL.conf"
-if [[ -f "${pihole_FTL}" ]]; then
-  source "${pihole_FTL}"
-fi
-
-if [[ -z "${BLOCKINGMODE}" ]] ; then
-  BLOCKINGMODE="NULL"
-fi
-
 # Determine if superseded pihole.conf exists
 if [[ -r "${piholeDir}/pihole.conf" ]]; then
  echo -e "  ${COL_LIGHT_RED}Ignoring overrides specified within pihole.conf! ${COL_NC}"
 fi

-# Determine if Pi-hole blocking is disabled
-# If this is the case, we want to update
-#  gravity.list.bck and black.list.bck instead of
-#  gravity.list and black.list
-detect_pihole_blocking_status() {
-  if [[ "${BLOCKING_ENABLED}" == false ]]; then
-    echo -e "  ${INFO} Pi-hole blocking is disabled"
-    adList="${adList}.bck"
-    blackList="${blackList}.bck"
-  else
-    echo -e "  ${INFO} Pi-hole blocking is enabled"
-  fi
-}
-
 # Determine if DNS resolution is available before proceeding
 gravity_CheckDNSResolutionAvailable() {
  local lookupDomain="pi.hole"
@@ -206,7 +182,7 @@ gravity_SetDownloadOptions() {
    activeDomains[$i]="${saveLocation}"

    # Default user-agent (for Cloudflare's Browser Integrity Check: https://support.cloudflare.com/hc/en-us/articles/200170086-What-does-the-Browser-Integrity-Check-do-)
-    agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36"
+    agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36"

    # Provide special commands for blocklists which may need them
    case "${domain}" in
@@ -240,39 +216,6 @@ gravity_DownloadBlocklistFromUrl() {

  str="Status:"
  echo -ne "  ${INFO} ${str} Pending..."
-  blocked=false
-  case $BLOCKINGMODE in
-    "IP-NODATA-AAAA"|"IP")
-        if [[ $(dig "${domain}" +short | grep "${IPV4_ADDRESS}" -c) -ge 1 ]]; then
-          blocked=true
-        fi;;
-    "NXDOMAIN")
-        if [[ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]]; then
-          blocked=true
-        fi;;
-    "NULL"|*)
-        if [[ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]]; then
-          blocked=true
-        fi;;
-   esac
-
-  if [[ "${blocked}" == true ]]; then
-    printf -v ip_addr "%s" "${PIHOLE_DNS_1%#*}"
-    if [[ ${PIHOLE_DNS_1} != *"#"* ]]; then
-        port=53
-    else
-        printf -v port "%s" "${PIHOLE_DNS_1#*#}"
-    fi
-    ip=$(dig "@${ip_addr}" -p "${port}" +short "${domain}")
-    if [[ $(echo "${url}" | awk -F '://' '{print $1}') = "https" ]]; then
-      port=443;
-    else port=80
-    fi
-    bad_list=$(pihole -q -adlist hosts-file.net | head -n1 | awk -F 'Match found in ' '{print $2}')
-    echo -e "${OVER}  ${CROSS} ${str} ${domain} is blocked by ${bad_list%:}. Using DNS on ${PIHOLE_DNS_1} to download ${url}";
-    echo -ne "  ${INFO} ${str} Pending..."
-    cmd_ext="--resolve $domain:$port:$ip $cmd_ext"
-  fi
  # shellcheck disable=SC2086
  httpCode=$(curl -s -L ${cmd_ext} ${heisenbergCompensator} -w "%{http_code}" -A "${agent}" "${url}" -o "${patternBuffer}" 2> /dev/null)

@@ -521,7 +464,7 @@ gravity_ShowBlockCount() {
  fi

  if [[ -f "${regexFile}" ]]; then
-    num=$(grep -cv "^#" "${regexFile}")
+    num=$(grep -c "^(?!#)" "${regexFile}")
    echo -e "  ${INFO} Number of regex filters: ${num}"
  fi
 }
@@ -579,7 +522,7 @@ gravity_ParseBlacklistDomains() {
    mv "${piholeDir}/${whitelistMatter}" "${piholeDir}/${accretionDisc}"
  else
    # There was no whitelist file, so use preEventHorizon instead of whitelistMatter.
-    cp "${piholeDir}/${preEventHorizon}" "${piholeDir}/${accretionDisc}"
+    mv "${piholeDir}/${preEventHorizon}" "${piholeDir}/${accretionDisc}"
  fi

  # Move the file over as /etc/pihole/gravity.list so dnsmasq can use it
@@ -678,8 +621,6 @@ if [[ "${forceDelete:-}" == true ]]; then
  echo -e "${OVER}  ${TICK} ${str}"
 fi

-detect_pihole_blocking_status
-
 # Determine which functions to run
 if [[ "${skipDownload}" == false ]]; then
  # Gravity needs to download blocklists
@@ -702,6 +643,11 @@ if [[ "${skipDownload}" == false ]] || [[ "${listType}" == "whitelist" ]]; then
  gravity_Whitelist
 fi

+# Set proper permissions on the regex file
+touch "${regexFile}"
+chown pihole:www-data "${regexFile}"
+chmod 664 "${regexFile}"
+
 convert_wildcard_to_regex
 gravity_ShowBlockCount

--- a/manpages/pihole-FTL.conf.5
+++ b/manpages/pihole-FTL.conf.5
@@ -64,7 +64,7 @@ pihole-FTL.conf - FTL's config file
    On which port should FTL be listening?
 .br

-\fBPRIVACYLEVEL=0|1|2|3|4\fR
+\fBPRIVACYLEVEL=0|1|2|3\fR
 .br
    Which privacy level is used?
 .br
@@ -74,9 +74,7 @@ pihole-FTL.conf - FTL's config file
 .br
    2 - hide domains and clients
 .br
-    3 - anonymous mode (hide everything)
-.br
-    4 - disable all statistics
+    3 - paranoia mode (hide everything)
 .br

 \fBIGNORE_LOCALHOST=no|yes\fR
--- a/manpages/pihole.8
+++ b/manpages/pihole.8
@@ -125,16 +125,13 @@ Available commands and options:
 .br
      -k, kelvin        Set Kelvin as preferred temperature unit
 .br
-      -r, hostrecord    Add a name to the DNS associated to an
-                        IPv4/IPv6 address
+      -r, hostrecord    Add a name to the DNS associated to an IPv4/IPv6 address
 .br
-      -e, email         Set an administrative contact address for the
-                        Block Page
+      -e, email         Set an administrative contact address for the Block Page
 .br
      -i, interface     Specify dnsmasq's interface listening behavior
 .br
-      -l, privacylevel  <level> Set privacy level
-                        (0 = lowest, 4 = highest)
+      -l, privacylevel  <level> Set privacy level (0 = lowest, 3 = highest)
 .br

 \fB-c, chronometer\fR	[options]
@@ -184,8 +181,7 @@ Available commands and options:
 .br
      on                Enable the Pi-hole log at /var/log/pihole.log
 .br
-      off               Disable and flush the Pi-hole log at
-                        /var/log/pihole.log
+      off               Disable and flush the Pi-hole log at /var/log/pihole.log
 .br
      off noflush       Disable the Pi-hole log at /var/log/pihole.log
 .br
@@ -208,8 +204,7 @@ Available commands and options:
 .br
      -p, --pihole      Only retrieve info regarding Pi-hole repository
 .br
-      -a, --admin       Only retrieve info regarding AdminLTE
-                        repository
+      -a, --admin       Only retrieve info regarding AdminLTE repository
 .br
      -f, --ftl         Only retrieve info regarding FTL repository
 .br
@@ -219,8 +214,7 @@ Available commands and options:
 .br
      -l, --latest      Return the latest version
 .br
-      --hash            Return the Github hash from your local
-                        repositories
+      --hash            Return the Github hash from your local repositories
 .br

 \fBuninstall\fR
@@ -272,8 +266,7 @@ Available commands and options:
 .br
      master            Update subsystems to the latest stable release
 .br
-      dev               Update subsystems to the latest development
-                        release
+      dev               Update subsystems to the latest development release
 .br
      branchname        Update subsystems to the specified branchname
 .br
@@ -282,74 +275,50 @@ Available commands and options:
 Some usage examples
 .br

-Whitelist/blacklist manipulation
+    Whitelist/blacklist manipulation
 .br

-\fBpihole -w iloveads.example.com\fR
+    \fBpihole -w iloveads.example.com\fR       Add "iloveads.example.com" to whitelist
 .br
-    Adds "iloveads.example.com" to whitelist
+    \fBpihole -b -d noads.example.com\fR       Remove "noads.example.com" from blacklist
+.br
+    \fBpihole --wild example.com\fR             Add example.com as a wildcard - would
+    block all subdomains of example.com, including example.com itself.
+.br
+    \fBpihole --regex "ad.*\.example\.com$"\fR  Add "ad.*\.example\.com$" to the regex
+    blacklist - would block all subdomains of example.com which start with "ad"
 .br

-\fBpihole -b -d noads.example.com\fR
-.br
-    Removes "noads.example.com" from blacklist
+    Changing the Web Interface password
 .br

-\fBpihole --wild example.com\fR
-.br
-    Adds example.com as a wildcard - would block all subdomains of
-    example.com, including example.com itself.
+    \fBpihole -a -p ExamplePassword\fR    Change the password to "ExamplePassword"
 .br

-\fBpihole --regex "ad.*\\.example\\.com$"\fR
-.br
-    Adds "ad.*\\.example\\.com$" to the regex blacklist.
-    Would block all subdomains of example.com which start with "ad"
+    Updating lists from internet sources
 .br

-Changing the Web Interface password
+    \fBpihole -g\fR                       Update the list of ad-serving domains
 .br

-\fBpihole -a -p ExamplePassword\fR
-.br
-    Change the password to "ExamplePassword"
+    Displaying version information
 .br

-Updating lists from internet sources
+    \fBpihole -v -a -c\fR                 Display the current version of AdminLTE
 .br

-\fBpihole -g\fR
-.br
-    Update the list of ad-serving domains
+    Temporarily disabling Pi-hole
 .br

-Displaying version information
+    \fBpihole disable 5m\fR               Disable Pi-hole functionality for five minutes
 .br

-\fBpihole -v -a -c\fR
-.br
-    Display the current version of AdminLTE
+    Switching Pi-hole subsystem branches
 .br

-Temporarily disabling Pi-hole
+    \fBpihole checkout master\fR          Switch to master branch
 .br
-
-\fBpihole disable 5m\fR
-.br
-    Disable Pi-hole functionality for five minutes
-.br
-
-Switching Pi-hole subsystem branches
-.br
-
-\fBpihole checkout master\fR
-.br
-    Switch to master branch
-.br
-
-\fBpihole checkout core dev\fR
-.br
-    Switch to core development branch
+    \fBpihole checkout core dev\fR        Switch to core development branch
 .br
 .SH "SEE ALSO"

--- a/91
+++ b/91
@@ -10,19 +10,23 @@
 # Please see LICENSE file for your rights under this license.

 readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
-readonly gravitylist="/etc/pihole/gravity.list"
-readonly blacklist="/etc/pihole/black.list"
-
-# setupVars is not readonly here because in some funcitons (checkout),
-# it might get set again when the installer is sourced. This causes an
-# error due to modifying a readonly variable.
-setupVars="/etc/pihole/setupVars.conf"
-
+readonly wildcardlist="/etc/dnsmasq.d/03-pihole-wildcard.conf"
 readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE"
 source "${colfile}"

 resolver="pihole-FTL"

+# Must be root to use this tool
+if [[ ! $EUID -eq 0 ]];then
+  if [[ -x "$(command -v sudo)" ]]; then
+    exec sudo bash "$0" "$@"
+    exit $?
+  else
+    echo -e "  ${CROSS} sudo is needed to run pihole commands.  Please run this script as root or install sudo."
+    exit 1
+  fi
+fi
+
 webpageFunc() {
  source "${PI_HOLE_SCRIPT_DIR}/webpage.sh"
  main "$@"
@@ -69,7 +73,7 @@ reconfigurePiholeFunc() {

 updateGravityFunc() {
  "${PI_HOLE_SCRIPT_DIR}"/gravity.sh "$@"
-  exit $?
+  exit 0
 }

 queryFunc() {
@@ -123,11 +127,9 @@ restartDNS() {

  if [[ "${status}" -eq 0 ]]; then
    [[ -t 1 ]] && echo -e "${OVER}  ${TICK} ${str}"
-    return 0
  else
    [[ ! -t 1 ]] && local OVER=""
    echo -e "${OVER}  ${CROSS} ${output}"
-    return 1
  fi
 }

@@ -144,17 +146,10 @@ Time:

  elif [[ "${1}" == "0" ]]; then
    # Disable Pi-hole
-    if grep -cq "BLOCKING_ENABLED=false" "${setupVars}"; then
-      echo -e "  ${INFO} Blocking already disabled, nothing to do"
-      exit 0
-    fi
-    if [[ -e "${gravitylist}" ]]; then
-      mv "${gravitylist}" "${gravitylist}.bck"
-      echo "" > "${gravitylist}"
-    fi
-    if [[ -e "${blacklist}" ]]; then
-      mv "${blacklist}" "${blacklist}.bck"
-      echo "" > "${blacklist}"
+    sed -i 's/^addn-hosts=\/etc\/pihole\/gravity.list/#addn-hosts=\/etc\/pihole\/gravity.list/' /etc/dnsmasq.d/01-pihole.conf
+    sed -i 's/^addn-hosts=\/etc\/pihole\/black.list/#addn-hosts=\/etc\/pihole\/black.list/' /etc/dnsmasq.d/01-pihole.conf
+    if [[ -e "$wildcardlist" ]]; then
+      mv "$wildcardlist" "/etc/pihole/wildcard.list"
    fi
    if [[ $# > 1 ]]; then
      local error=false
@@ -192,29 +187,19 @@ Time:
      fi

      local str="Pi-hole Disabled"
-      sed -i "/BLOCKING_ENABLED=/d" "${setupVars}"
-      echo "BLOCKING_ENABLED=false" >> "${setupVars}"
    fi
  else
    # Enable Pi-hole
-    if grep -cq "BLOCKING_ENABLED=true" "${setupVars}"; then
-      echo -e "  ${INFO} Blocking already enabled, nothing to do"
-      exit 0
-    fi
    echo -e "  ${INFO} Enabling blocking"
    local str="Pi-hole Enabled"

-    if [[ -e "${gravitylist}.bck" ]]; then
-      mv "${gravitylist}.bck" "${gravitylist}"
+    sed -i 's/^#addn-hosts/addn-hosts/' /etc/dnsmasq.d/01-pihole.conf
+    if [[ -e "/etc/pihole/wildcard.list" ]]; then
+      mv "/etc/pihole/wildcard.list" "$wildcardlist"
    fi
-    if [[ -e "${blacklist}.bck" ]]; then
-      mv "${blacklist}.bck" "${blacklist}"
-    fi
-    sed -i "/BLOCKING_ENABLED=/d" "${setupVars}"
-    echo "BLOCKING_ENABLED=true" >> "${setupVars}"
  fi

-  restartDNS reload
+  restartDNS

  echo -e "${OVER}  ${TICK} ${str}"
 }
@@ -257,6 +242,8 @@ Options:
 }

 statusFunc() {
+  local addnConfigs
+
  # Determine if service is running on port 53 (Cr: https://superuser.com/a/806331)
  if (echo > /dev/tcp/127.0.0.1/53) >/dev/null 2>&1; then
    if [[ "${1}" != "web" ]]; then
@@ -270,14 +257,16 @@ statusFunc() {
    return 0
  fi

-  # Determine if Pi-hole's blocking is enabled
-  if grep -q "BLOCKING_ENABLED=false" /etc/pihole/setupVars.conf; then
+  # Determine if Pi-hole's addn-hosts configs are commented out
+  addnConfigs=$(grep -i "addn-hosts=/" /etc/dnsmasq.d/01-pihole.conf)
+
+  if [[ "${addnConfigs}" =~ "#" ]]; then
    # A config is commented out
    case "${1}" in
      "web") echo 0;;
      *) echo -e "  ${CROSS} Pi-hole blocking is Disabled";;
    esac
-  elif grep -q "BLOCKING_ENABLED=true" /etc/pihole/setupVars.conf;  then
+  elif [[ -n "${addnConfigs}" ]]; then
    # Configs are set
    case "${1}" in
      "web") echo 1;;
@@ -287,10 +276,11 @@ statusFunc() {
    # No configs were found
    case "${1}" in
      "web") echo 99;;
-      *) echo -e "  ${INFO} Pi-hole blocking will be enabled";;
+      *) echo -e "  ${INFO} No hosts file linked to dnsmasq, adding it in enabled state";;
    esac
-    # Enable blocking
-    pihole enable
+    # Add addn-host= to dnsmasq
+    echo "addn-hosts=/etc/pihole/gravity.list" >> /etc/dnsmasq.d/01-pihole.conf
+    restartDNS
  fi
 }

@@ -313,7 +303,7 @@ tailFunc() {
  # Colour everything else as gray
  tail -f /var/log/pihole.log | sed -E \
    -e "s,($(date +'%b %d ')| dnsmasq[.*[0-9]]),,g" \
-    -e "s,(.*(gravity.list|black.list|regex.list| config ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \
+    -e "s,(.*(gravity.list|black.list| config ).* is (${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \
    -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \
    -e "s,.*,${COL_GRAY}&${COL_NC},"
  exit 0
@@ -427,21 +417,6 @@ if [[ $# = 0 ]]; then
  helpFunc
 fi

-case "${1}" in
-  "-h" | "help" | "--help"      ) helpFunc;;
-esac
-
-# Must be root to use this tool
-if [[ ! $EUID -eq 0 ]];then
-  if [[ -x "$(command -v sudo)" ]]; then
-    exec sudo bash "$0" "$@"
-    exit $?
-  else
-    echo -e "  ${CROSS} sudo is needed to run pihole commands.  Please run this script as root or install sudo."
-    exit 1
-  fi
-fi
-
 # Handle redirecting to specific functions based on arguments
 case "${1}" in
  "-w" | "whitelist"            ) listFunc "$@";;
--- a/test/test_automated_install.py
+++ b/test/test_automated_install.py
@@ -81,7 +81,6 @@ def test_setupVars_saved_to_file(Pihole):
    {}
    mkdir -p /etc/dnsmasq.d
    version_check_dnsmasq
-    echo "" > /etc/pihole/pihole-FTL.conf
    finalExports
    cat /etc/pihole/setupVars.conf
    '''.format(set_setup_vars))
@@ -481,10 +480,10 @@ def test_FTL_download_aarch64_no_errors(Pihole):
    '''
    confirms only aarch64 package is downloaded for FTL engine
    '''
+    # mock uname to return generic platform
    download_binary = Pihole.run('''
    source /opt/pihole/basic-install.sh
-    binary="pihole-FTL-aarch64-linux-gnu"
-    FTLinstall
+    FTLinstall pihole-FTL-aarch64-linux-gnu
    ''')
    expected_stdout = tick_box + ' Downloading and Installing FTL'
    assert expected_stdout in download_binary.stdout
@@ -495,33 +494,15 @@ def test_FTL_download_unknown_fails_no_errors(Pihole):
    '''
    confirms unknown binary is not downloaded for FTL engine
    '''
+    # mock uname to return generic platform
    download_binary = Pihole.run('''
    source /opt/pihole/basic-install.sh
-    binary="pihole-FTL-mips"
-    FTLinstall
+    FTLinstall pihole-FTL-mips
    ''')
    expected_stdout = cross_box + ' Downloading and Installing FTL'
    assert expected_stdout in download_binary.stdout
-    error1 = 'Error: URL https://github.com/pi-hole/FTL/releases/download/'
-    assert error1 in download_binary.stdout
-    error2 = 'not found'
-    assert error2 in download_binary.stdout
-
-
-def test_FTL_download_binary_unset_no_errors(Pihole):
-    '''
-    confirms unset binary variable does not download FTL engine
-    '''
-    download_binary = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    FTLinstall
-    ''')
-    expected_stdout = cross_box + ' Downloading and Installing FTL'
-    assert expected_stdout in download_binary.stdout
-    error1 = 'Error: URL https://github.com/pi-hole/FTL/releases/download/'
-    assert error1 in download_binary.stdout
-    error2 = 'not found'
-    assert error2 in download_binary.stdout
+    error = 'Error: URL not found'
+    assert error in download_binary.stdout


 def test_FTL_binary_installed_and_responsive_no_errors(Pihole):
--- a/test/test_centos_fedora_support.py
+++ b/test/test_centos_fedora_support.py
@@ -31,13 +31,20 @@ def test_release_supported_version_check_centos(Pihole):
    '''
    confirms installer exits on unsupported releases of CentOS
    '''
-    # modify /etc/redhat-release to mock an unsupported CentOS release
-    Pihole.run('echo "CentOS Linux release 6.9" > /etc/redhat-release')
+    # mock CentOS release < 7 (unsupported)
+    mock_command_2(
+        'rpm',
+        {"-q --queryformat '%{VERSION}' centos-release'": (
+            '5',
+            '0'
+        )},
+        Pihole
+    )
    distro_check = Pihole.run('''
    source /opt/pihole/basic-install.sh
    distro_check
    ''')
-    expected_stdout = cross_box + (' CentOS 6 is not supported.')
+    expected_stdout = cross_box + (' CentOS  is not suported.')
    assert expected_stdout in distro_check.stdout
    expected_stdout = 'Please update to CentOS release 7 or later'
    assert expected_stdout in distro_check.stdout
Author	SHA1	Message	Date
Dan Schaper	169a4289a8	Merge pull request #2312 from pi-hole/release/v4.0 Update FTLDNS	2018-07-28 11:13:11 -07:00
Dan Schaper	6f2f598281	Merge pull request #2304 from pi-hole/development Update FTLDNS with development	2018-07-27 06:19:57 -07:00
Dan Schaper	415608ff01	Merge pull request #2276 from pi-hole/development Update FTLDNS	2018-07-24 20:58:33 -07:00