free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Add firewall to pihole app

Bob Mottram 8 years ago
parent
cc3c459b5d
commit
b2d4a0066b
1 changed files with 34 additions and 9 deletions
Unified View Show Diff Stats
  1. 34
    9
      src/freedombone-app-pihole

+ 34
- 9
src/freedombone-app-pihole View File

59 
     cp $INSTALL_DIR/pihole/advanced/Scripts/* /opt/$piholeBasename
 59 
     cp $INSTALL_DIR/pihole/advanced/Scripts/* /opt/$piholeBasename
60 
     cp $INSTALL_DIR/pihole/advanced/01-pihole.conf /etc/dnsmasq.d/01-pihole.conf
 60 
     cp $INSTALL_DIR/pihole/advanced/01-pihole.conf /etc/dnsmasq.d/01-pihole.conf
61 
     cp $INSTALL_DIR/pihole/advanced/pihole.cron /etc/cron.d/pihole
 61 
     cp $INSTALL_DIR/pihole/advanced/pihole.cron /etc/cron.d/pihole
62 
+    cp $INSTALL_DIR/pihole/gravity.sh /opt/$piholeBasename
62 
 }
 63 
 }
63
64
64 
 function pihole_update {
 65 
 function pihole_update {
83 
     echo "server=${PIHOLE_DNS2}" >> /etc/dnsmasq.conf
 84 
     echo "server=${PIHOLE_DNS2}" >> /etc/dnsmasq.conf
84 
     echo "interface=${PIHOLE_IFACE}" >> /etc/dnsmasq.conf
 85 
     echo "interface=${PIHOLE_IFACE}" >> /etc/dnsmasq.conf
85 
     echo 'listen-address=127.0.0.1' >> /etc/dnsmasq.conf
 86 
     echo 'listen-address=127.0.0.1' >> /etc/dnsmasq.conf
86 
-    echo 'cache-size=10000' >> /etc/dnsmasq.conf
87 
     echo 'log-queries' >> /etc/dnsmasq.conf
 87 
     echo 'log-queries' >> /etc/dnsmasq.conf
88 
-    echo 'log-facility=/var/log/pihole.log' >> /etc/dnsmasq.conf
89 
-    echo 'local-ttl=300' >> /etc/dnsmasq.conf
90 
-    echo 'log-async' >> /etc/dnsmasq.conf
91
88
92 
-    systemctl reload dnsmasq
89 
+    sed -i "0,/RE/s/server=.*/server=${PIHOLE_DNS1}/" /etc/dnsmasq.d/01-pihole.conf
90 
+    sed -i "1,/RE/s/server=.*/server=${PIHOLE_DNS2}/" /etc/dnsmasq.d/01-pihole.conf
91 
+    sed -i "s|interface=.*|interface=${PIHOLE_IFACE}|g" /etc/dnsmasq.d/01-pihole.conf
92 
+
93 
+    systemctl restart dnsmasq
93
94
94 
     pihole -g
 95 
     pihole -g
95 
 }
 96 
 }
173 
     esac
 174 
     esac
174 
     write_config_param "PIHOLE_DNS1" "$PIHOLE_DNS1"
 175 
     write_config_param "PIHOLE_DNS1" "$PIHOLE_DNS1"
175 
     write_config_param "PIHOLE_DNS2" "$PIHOLE_DNS2"
 176 
     write_config_param "PIHOLE_DNS2" "$PIHOLE_DNS2"
177 
+}
178 
+
179 
+function update_pihole_interactive {
180 
+    clear
181 
+    echo $'Updating Ad Blocker Lists'
182 
+    echo ''
176 
     pihole_update
 183 
     pihole_update
177 
 }
 184 
 }
178
185
186 
+function configure_firewall_for_pihole {
187 
+    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
188 
+        return
189 
+    fi
190 
+    #iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
191 
+    iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
192 
+    iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
193 
+    function_check save_firewall_settings
194 
+    save_firewall_settings
195 
+
196 
+    OPEN_PORTS+=('DNS      53')
197 
+    mark_completed $FUNCNAME
198 
+}
199 
+
179 
 function configure_interactive_pihole {
 200 
 function configure_interactive_pihole {
180 
     while true
 201 
     while true
181 
     do
 202 
     do
196 
         esac
 217 
         esac
197 
         case $(cat $data) in
 218 
         case $(cat $data) in
198 
             1) editor $PIHOLE_ADLIST
 219 
             1) editor $PIHOLE_ADLIST
199 
-               pihole_update
220 
+               update_pihole_interactive
200 
                ;;
 221 
                ;;
201 
             2) editor $PIHOLE_BLACKLIST
 222 
             2) editor $PIHOLE_BLACKLIST
202 
-               pihole_update
223 
+               update_pihole_interactive
203 
                ;;
 224 
                ;;
204 
             3) editor $PIHOLE_WHITELIST
 225 
             3) editor $PIHOLE_WHITELIST
205 
-               pihole_update
226 
+               update_pihole_interactive
227 
+               ;;
228 
+            4) pihole_change_upstream_dns
229 
+               update_pihole_interactive
206 
                ;;
 230 
                ;;
207 
-            4) pihole_change_upstream_dns;;
208 
             5) break;;
 231 
             5) break;;
209 
         esac
 232 
         esac
210 
     done
 233 
     done
339
362
340 
     chown -R www-data:www-data /var/www/pihole/htdocs
 363 
     chown -R www-data:www-data /var/www/pihole/htdocs
341
364
365 
+    configure_firewall_for_pihole
366 
+
342 
     pihole_update
 367 
     pihole_update
343
368
344 
     APP_INSTALLED=1
 369 
     APP_INSTALLED=1