free
/
freedombone
İzle 1
Yıldızla 0
Çatalla 0
Kod Sorunlar 0 Değişiklik İstekleri 0 Sürümler 0 Wiki Aktivite
Kaynağa Gözat

Add firewall to pihole app

Bob Mottram 8 yıl önce
ebeveyn
cc3c459b5d
işleme
b2d4a0066b
1 değiştirilmiş dosya ile 34 ekleme ve 9 silme
Görünümü Böl Farklılık Durumunu Göster
  1. 34
    9
      src/freedombone-app-pihole

+ 34
- 9
src/freedombone-app-pihole Dosyayı Görüntüle 

@@ -59,6 +59,7 @@ function pihole_copy_files {
59 59 
     cp $INSTALL_DIR/pihole/advanced/Scripts/* /opt/$piholeBasename
60 60 
     cp $INSTALL_DIR/pihole/advanced/01-pihole.conf /etc/dnsmasq.d/01-pihole.conf
61 61 
     cp $INSTALL_DIR/pihole/advanced/pihole.cron /etc/cron.d/pihole
62 
+    cp $INSTALL_DIR/pihole/gravity.sh /opt/$piholeBasename
62 63 
 }
63 64
64 65 
 function pihole_update {
 
@@ -83,13 +84,13 @@ function pihole_update {
83 84 
     echo "server=${PIHOLE_DNS2}" >> /etc/dnsmasq.conf
84 85 
     echo "interface=${PIHOLE_IFACE}" >> /etc/dnsmasq.conf
85 86 
     echo 'listen-address=127.0.0.1' >> /etc/dnsmasq.conf
86 
-    echo 'cache-size=10000' >> /etc/dnsmasq.conf
87 87 
     echo 'log-queries' >> /etc/dnsmasq.conf
88 
-    echo 'log-facility=/var/log/pihole.log' >> /etc/dnsmasq.conf
89 
-    echo 'local-ttl=300' >> /etc/dnsmasq.conf
90 
-    echo 'log-async' >> /etc/dnsmasq.conf
91 88
92 
-    systemctl reload dnsmasq
89 
+    sed -i "0,/RE/s/server=.*/server=${PIHOLE_DNS1}/" /etc/dnsmasq.d/01-pihole.conf
90 
+    sed -i "1,/RE/s/server=.*/server=${PIHOLE_DNS2}/" /etc/dnsmasq.d/01-pihole.conf
91 
+    sed -i "s|interface=.*|interface=${PIHOLE_IFACE}|g" /etc/dnsmasq.d/01-pihole.conf
92 
+
93 
+    systemctl restart dnsmasq
93 94
94 95 
     pihole -g
95 96 
 }
 
@@ -173,9 +174,29 @@ function pihole_change_upstream_dns {
173 174 
     esac
174 175 
     write_config_param "PIHOLE_DNS1" "$PIHOLE_DNS1"
175 176 
     write_config_param "PIHOLE_DNS2" "$PIHOLE_DNS2"
177 
+}
178 
+
179 
+function update_pihole_interactive {
180 
+    clear
181 
+    echo $'Updating Ad Blocker Lists'
182 
+    echo ''
176 183 
     pihole_update
177 184 
 }
178 185
186 
+function configure_firewall_for_pihole {
187 
+    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
188 
+        return
189 
+    fi
190 
+    #iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
191 
+    iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
192 
+    iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
193 
+    function_check save_firewall_settings
194 
+    save_firewall_settings
195 
+
196 
+    OPEN_PORTS+=('DNS      53')
197 
+    mark_completed $FUNCNAME
198 
+}
199 
+
179 200 
 function configure_interactive_pihole {
180 201 
     while true
181 202 
     do
 
@@ -196,15 +217,17 @@ function configure_interactive_pihole {
196 217 
         esac
197 218 
         case $(cat $data) in
198 219 
             1) editor $PIHOLE_ADLIST
199 
-               pihole_update
220 
+               update_pihole_interactive
200 221 
                ;;
201 222 
             2) editor $PIHOLE_BLACKLIST
202 
-               pihole_update
223 
+               update_pihole_interactive
203 224 
                ;;
204 225 
             3) editor $PIHOLE_WHITELIST
205 
-               pihole_update
226 
+               update_pihole_interactive
227 
+               ;;
228 
+            4) pihole_change_upstream_dns
229 
+               update_pihole_interactive
206 230 
                ;;
207 
-            4) pihole_change_upstream_dns;;
208 231 
             5) break;;
209 232 
         esac
210 233 
     done
 
@@ -339,6 +362,8 @@ function install_pihole {
339 362
340 363 
     chown -R www-data:www-data /var/www/pihole/htdocs
341 364
365 
+    configure_firewall_for_pihole
366 
+
342 367 
     pihole_update
343 368
344 369 
     APP_INSTALLED=1