Move unattended check to the top of the script - exit early if /etc/pihole/pihole.toml file is not found,

Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Bump tox from 4.28.3 to 4.28.4 in /test in the python-dependencies group (#6371 )
2025-08-11 14:55:39 +01:00 · 2025-08-02 12:56:30 +02:00 · 2025-08-02 10:52:42 +00:00 · 2025-07-31 19:06:45 +02:00 · 2025-07-31 18:03:43 +02:00 · 2025-07-28 15:56:42 +01:00
28 changed files with 409 additions and 383 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -8,6 +8,10 @@ updates:
    time: "10:00"
  open-pull-requests-limit: 10
  target-branch: development
+  groups:
+    github-actions-dependencies:
+      patterns:
+        - "*"
 - package-ecosystem: pip
  directory: "/test"
  schedule:
@@ -16,3 +20,7 @@ updates:
    time: "10:00"
  open-pull-requests-limit: 10
  target-branch: development
+  groups:
+    python-dependencies:
+      patterns:
+        - "*"
--- a/.github/release.yml
+++ b/.github/release.yml
@@ -2,6 +2,7 @@ changelog:
  exclude:
    labels:
      - internal
+      - dependencies
    authors:
      - dependabot
      - github-actions
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -24,7 +24,7 @@ jobs:
          days-before-close: 5
          stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.'
          stale-issue-label: '${{ env.stale_label }}'
-          exempt-issue-labels: 'Internal, Fixed in next release, Bug: Confirmed, Documentation Needed'
+          exempt-issue-labels: 'Internal, Fixed in next release, Bug: Confirmed, Documentation Needed, never-stale'
          exempt-all-issue-assignees: true
          operations-per-run: 300
          close-issue-reason: 'not_planned'
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -80,10 +80,10 @@ jobs:
      - name: Checkout repository
        uses: actions/checkout@v4.2.2

-      - name: Set up Python 3.10
+      - name: Set up Python
        uses: actions/setup-python@v5.6.0
        with:
-          python-version: "3.10"
+          python-version: "3.13"

      - name: Install wheel
        run:  pip install wheel
--- a/advanced/Scripts/COL_TABLE
+++ b/advanced/Scripts/COL_TABLE
@@ -1,11 +1,12 @@
 #!/usr/bin/env sh
+# shellcheck disable=SC2034  # Disable warning about unused variables
+
 # Determine if terminal is capable of showing colors
-if [ -t 1 ] && [ "$(tput colors)" -ge 8 ]; then
+# When COL_TABLE is sourced via gravity invoked by FTL, FORCE_COLOR is set to true
+if { [ -t 1 ] && [ "$(tput colors)" -ge 8 ]; } || [ "${FORCE_COLOR}" ]; then
  # Bold and underline may not show up on all clients
  # If something MUST be emphasized, use both
  COL_BOLD='[1m'
-  COL_ULINE='[4m'
-
  COL_NC='[0m'
  COL_GRAY='[90m'
  COL_RED='[91m'
@@ -17,8 +18,6 @@ if [ -t 1 ] && [ "$(tput colors)" -ge 8 ]; then
 else
  # Provide empty variables for `set -u`
  COL_BOLD=""
-  COL_ULINE=""
-
  COL_NC=""
  COL_GRAY=""
  COL_RED=""
@@ -29,22 +28,8 @@ else
  COL_CYAN=""
 fi

-# Deprecated variables
-COL_WHITE="${COL_BOLD}"
-COL_BLACK="${COL_NC}"
-COL_LIGHT_BLUE="${COL_BLUE}"
-COL_LIGHT_GREEN="${COL_GREEN}"
-COL_LIGHT_CYAN="${COL_CYAN}"
-COL_LIGHT_RED="${COL_RED}"
-COL_URG_RED="${COL_RED}${COL_BOLD}${COL_ULINE}"
-COL_LIGHT_PURPLE="${COL_PURPLE}"
-COL_BROWN="${COL_YELLOW}"
-COL_LIGHT_GRAY="${COL_GRAY}"
-COL_DARK_GRAY="${COL_GRAY}"
-
 TICK="[${COL_GREEN}✓${COL_NC}]"
 CROSS="[${COL_RED}✗${COL_NC}]"
 INFO="[i]"
 QST="[?]"
-DONE="${COL_GREEN} done!${COL_NC}"
 OVER="\\r[K"
--- a/advanced/Scripts/api.sh
+++ b/advanced/Scripts/api.sh
@@ -22,7 +22,8 @@ TestAPIAvailability() {
    local chaos_api_list authResponse authStatus authData apiAvailable DNSport

    # as we are running locally, we can get the port value from FTL directly
-    readonly utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
+    PI_HOLE_SCRIPT_DIR="/opt/pihole"
+    utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
    # shellcheck source=./advanced/Scripts/utils.sh
    . "${utilsfile}"

@@ -149,7 +150,6 @@ LoginAPI() {

    # Try to login again until the session is valid
    while [ ! "${validSession}" = true ]  ; do
-        echo "Authentication failed. Please enter your Pi-hole password"

        # Print the error message if there is one
        if  [ ! "${sessionError}" = "null"  ] && [ "${1}" = "verbose" ]; then
@@ -160,6 +160,14 @@ LoginAPI() {
            echo "Error: ${sessionMessage}"
        fi

+        if  [ "${1}" = "verbose" ]; then
+            # If we are not in verbose mode, no need to print the error message again
+            echo "Please enter your Pi-hole password"
+        else
+
+            echo "Authentication failed. Please enter your Pi-hole password"
+        fi
+
        # secretly read the password
        secretRead; printf '\n'

@@ -182,13 +190,20 @@ Authentication() {
        echo "No response from FTL server. Please check connectivity"
        exit 1
    fi
-    # obtain validity, session ID and sessionMessage from session response
-    validSession=$(echo "${sessionResponse}"| jq .session.valid 2>/dev/null)
-    SID=$(echo "${sessionResponse}"| jq --raw-output .session.sid 2>/dev/null)
-    sessionMessage=$(echo "${sessionResponse}"| jq --raw-output .session.message 2>/dev/null)

-    # obtain the error message from the session response
-    sessionError=$(echo "${sessionResponse}"| jq --raw-output .error.message 2>/dev/null)
+    # obtain validity, session ID, sessionMessage and error message from
+    # session response, apply default values if none returned
+    result=$(echo "${sessionResponse}" | jq -r '
+        (.session.valid // false),
+        (.session.sid // null),
+        (.session.message // null),
+        (.error.message // null)
+    ' 2>/dev/null)
+
+    validSession=$(echo "${result}" | sed -n '1p')
+    SID=$(echo "${result}" | sed -n '2p')
+    sessionMessage=$(echo "${result}" | sed -n '3p')
+    sessionError=$(echo "${result}" | sed -n '4p')

    if [ "${1}" = "verbose" ]; then
        if [ "${validSession}" = true ]; then
@@ -352,12 +367,9 @@ apiFunc() {
  if [ "${verbosity}" = "verbose" ]; then
    echo "Data:"
  fi
-
-  if command -v jq >/dev/null && echo "${data}" | jq . >/dev/null 2>&1; then
-    echo "${data}" | jq .
-  else
-    echo "${data}"
-  fi
+  # Attempt to print the data with jq, if it is not valid JSON, or not installed
+  # then print the plain text.
+  echo "${data}" | jq . 2>/dev/null || echo "${data}"

  # Delete the session
  LogoutAPI "${verbosity}"
--- a/advanced/Scripts/list.sh
+++ b/advanced/Scripts/list.sh
@@ -9,12 +9,12 @@
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.

-readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
-readonly utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
+PI_HOLE_SCRIPT_DIR="/opt/pihole"
+utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
 # shellcheck source="./advanced/Scripts/utils.sh"
 source "${utilsfile}"

-readonly apifile="${PI_HOLE_SCRIPT_DIR}/api.sh"
+apifile="${PI_HOLE_SCRIPT_DIR}/api.sh"
 # shellcheck source="./advanced/Scripts/api.sh"
 source "${apifile}"

--- a/advanced/Scripts/piholeARPTable.sh
+++ b/advanced/Scripts/piholeARPTable.sh
@@ -1,90 +0,0 @@
-#!/usr/bin/env bash
-
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2019 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# ARP table interaction
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-
-coltable="/opt/pihole/COL_TABLE"
-if [[ -f ${coltable} ]]; then
-# shellcheck source="./advanced/Scripts/COL_TABLE"
-    source ${coltable}
-fi
-
-readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
-utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
-# shellcheck source=./advanced/Scripts/utils.sh
-source "${utilsfile}"
-
-readonly PI_HOLE_FILES_DIR="/etc/.pihole"
-SKIP_INSTALL="true"
-# shellcheck source="./automated install/basic-install.sh"
-source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
-# stop_service() is defined in basic-install.sh
-# restart_service() is defined in basic-install.sh
-
-# Determine database location
-DBFILE=$(getFTLConfigValue "files.database")
-if [ -z "$DBFILE" ]; then
-    DBFILE="/etc/pihole/pihole-FTL.db"
-fi
-
-flushARP(){
-    local output
-    if [[ "${args[1]}" != "quiet" ]]; then
-        echo -ne "  ${INFO} Flushing network table ..."
-    fi
-
-    # Stop FTL to prevent database access
-    if ! output=$(stop_service pihole-FTL 2>&1); then
-        echo -e "${OVER}  ${CROSS} Failed to stop FTL"
-        echo "  Output: ${output}"
-        return 1
-    fi
-
-    # Truncate network_addresses table in pihole-FTL.db
-    # This needs to be done before we can truncate the network table due to
-    # foreign key constraints
-    if ! output=$(pihole-FTL sqlite3 -ni "${DBFILE}" "DELETE FROM network_addresses" 2>&1); then
-        echo -e "${OVER}  ${CROSS} Failed to truncate network_addresses table"
-        echo "  Database location: ${DBFILE}"
-        echo "  Output: ${output}"
-        return 1
-    fi
-
-    # Truncate network table in pihole-FTL.db
-    if ! output=$(pihole-FTL sqlite3 -ni "${DBFILE}" "DELETE FROM network" 2>&1); then
-        echo -e "${OVER}  ${CROSS} Failed to truncate network table"
-        echo "  Database location: ${DBFILE}"
-        echo "  Output: ${output}"
-        return 1
-    fi
-
-    # Flush ARP cache of the host
-    if ! output=$(ip -s -s neigh flush all 2>&1); then
-        echo -e "${OVER}  ${CROSS} Failed to flush ARP cache"
-        echo "  Output: ${output}"
-        return 1
-    fi
-
-    # Start FTL again
-    if ! output=$(restart_service pihole-FTL 2>&1); then
-        echo -e "${OVER}  ${CROSS} Failed to restart FTL"
-        echo "  Output: ${output}"
-        return 1
-    fi
-
-    if [[ "${args[1]}" != "quiet" ]]; then
-        echo -e "${OVER}  ${TICK} Flushed network table"
-    fi
-}
-
-args=("$@")
-
-case "${args[0]}" in
-    "arpflush"            ) flushARP;;
-esac
--- a/advanced/Scripts/piholeCheckout.sh
+++ b/advanced/Scripts/piholeCheckout.sh
@@ -26,7 +26,7 @@ source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
 warning1() {
    echo "  Please note that changing branches severely alters your Pi-hole subsystems"
    echo "  Features that work on the master branch, may not on a development branch"
-    echo -e "  ${COL_LIGHT_RED}This feature is NOT supported unless a Pi-hole developer explicitly asks!${COL_NC}"
+    echo -e "  ${COL_RED}This feature is NOT supported unless a Pi-hole developer explicitly asks!${COL_NC}"
    read -r -p "  Have you read and understood this? [y/N] " response
    case "${response}" in
        [yY][eE][sS]|[yY])
@@ -55,19 +55,19 @@ checkout() {

    # This is unlikely
    if ! is_repo "${PI_HOLE_FILES_DIR}" ; then
-        echo -e "  ${COL_LIGHT_RED}Error: Core Pi-hole repo is missing from system!"
+        echo -e "  ${COL_RED}Error: Core Pi-hole repo is missing from system!"
        echo -e "  Please re-run install script from https://github.com/pi-hole/pi-hole${COL_NC}"
        exit 1;
    fi

    if ! is_repo "${webInterfaceDir}" ; then
-        echo -e "  ${COL_LIGHT_RED}Error: Web Admin repo is missing from system!"
+        echo -e "  ${COL_RED}Error: Web Admin repo is missing from system!"
        echo -e "  Please re-run install script from https://github.com/pi-hole/pi-hole${COL_NC}"
        exit 1;
    fi

    if [[ -z "${1}" ]]; then
-        echo -e "  ${COL_LIGHT_RED}Invalid option${COL_NC}"
+        echo -e "  ${COL_RED}Invalid option${COL_NC}"
        echo -e "  Try 'pihole checkout --help' for more information."
        exit 1
    fi
@@ -238,7 +238,7 @@ checkout() {
        if "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" --unattended; then
            exit 0
        else
-            echo -e "  ${COL_LIGHT_RED} Error: Unable to complete update, please contact support${COL_NC}"
+            echo -e "  ${COL_RED} Error: Unable to complete update, please contact support${COL_NC}"
            exit 1
        fi
    fi
--- a/advanced/Scripts/piholeDebug.sh
+++ b/advanced/Scripts/piholeDebug.sh
@@ -367,7 +367,7 @@ check_firewalld() {
            # test common required service ports
            local firewalld_enabled_services
            firewalld_enabled_services=$(firewall-cmd --list-services)
-            local firewalld_expected_services=("http" "dns" "dhcp" "dhcpv6")
+            local firewalld_expected_services=("http" "https" "dns" "dhcp" "dhcpv6" "ntp")
            for i in "${firewalld_expected_services[@]}"; do
                if [[ "${firewalld_enabled_services}" =~ ${i} ]]; then
                    log_write "${TICK} ${COL_GREEN}  Allow Service: ${i}${COL_NC}";
@@ -388,14 +388,6 @@ check_firewalld() {
                else
                    log_write "${CROSS} ${COL_RED}  Local Interface Not Detected${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_FIREWALLD})"
                fi
-                # check FTL custom zone port: 4711
-                local firewalld_ftl_zone_ports
-                firewalld_ftl_zone_ports=$(firewall-cmd --zone=ftl --list-ports)
-                if [[ "${firewalld_ftl_zone_ports}" =~ "4711/tcp" ]]; then
-                    log_write "${TICK} ${COL_GREEN}  FTL Port 4711/tcp Detected${COL_NC}";
-                else
-                    log_write "${CROSS} ${COL_RED}  FTL Port 4711/tcp Not Detected${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_FIREWALLD})"
-                fi
            else
                log_write "${CROSS} ${COL_RED}FTL Custom Zone Not Detected${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_FIREWALLD})"
            fi
@@ -497,16 +489,25 @@ ping_gateway() {
    ping_ipv4_or_ipv6 "${protocol}"
    # Check if we are using IPv4 or IPv6
    # Find the default gateways using IPv4 or IPv6
-    local gateway gateway_addr gateway_iface
+    local gateway gateway_addr gateway_iface default_route

    log_write "${INFO} Default IPv${protocol} gateway(s):"

-    while IFS= read -r gateway; do
-        log_write "     $(cut -d ' ' -f 3 <<< "${gateway}")%$(cut -d ' ' -f 5 <<< "${gateway}")"
-    done < <(ip -"${protocol}" route | grep default)
+    while IFS= read -r default_route; do
+        gateway_addr=$(jq -r '.gateway' <<< "${default_route}")
+        gateway_iface=$(jq -r '.dev' <<< "${default_route}")
+        log_write "     ${gateway_addr}%${gateway_iface}"
+    done < <(ip -j -"${protocol}" route | jq -c '.[] | select(.dst == "default")')
+
+    # Find the first default route
+    default_route=$(ip -j -"${protocol}" route show default)
+    if echo "$default_route" | grep 'gateway' | grep -q 'dev'; then
+        gateway_addr=$(echo "$default_route" | jq -r -c '.[0].gateway')
+        gateway_iface=$(echo "$default_route" | jq -r -c '.[0].dev')
+    else
+        log_write "     Unable to determine gateway address for IPv${protocol}"
+    fi

-    gateway_addr=$(ip -"${protocol}" route | grep default | cut -d ' ' -f 3 | head -n 1)
-    gateway_iface=$(ip -"${protocol}" route | grep default | cut -d ' ' -f 5 | head -n 1)
    # If there was at least one gateway
    if [ -n "${gateway_addr}" ]; then
        # Append the interface to the gateway address if it is a link-local address
--- a/advanced/Scripts/piholeLogFlush.sh
+++ b/advanced/Scripts/piholeLogFlush.sh
@@ -17,12 +17,6 @@ utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
 # shellcheck source="./advanced/Scripts/utils.sh"
 source "${utilsfile}"

-SKIP_INSTALL="true"
-# shellcheck source="./automated install/basic-install.sh"
-source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
-# stop_service() is defined in basic-install.sh
-# restart_service() is defined in basic-install.sh
-
 # In case we're running at the same time as a system logrotate, use a
 # separate logrotate state file to prevent stepping on each other's
 # toes.
@@ -110,14 +104,13 @@ else
    fi

    # Stop FTL to make sure it doesn't write to the database while we're deleting data
-    stop_service pihole-FTL >/dev/null
-
+    service pihole-FTL stop

    # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
    deleted=$(pihole-FTL sqlite3 -ni "${DBFILE}" "DELETE FROM query_storage WHERE timestamp >= strftime('%s','now')-86400; select changes() from query_storage limit 1")

    # Restart FTL
-    restart_service pihole-FTL >/dev/null
+    service pihole-FTL restart
    if [[ "$*" != *"quiet"* ]]; then
        echo -e "${OVER}  ${TICK} Deleted ${deleted} queries from long-term query database"
    fi
--- a/advanced/Scripts/piholeNetworkFlush.sh
+++ b/advanced/Scripts/piholeNetworkFlush.sh
@@ -0,0 +1,84 @@
+#!/usr/bin/env bash
+
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2019 Pi-hole, LLC (https://pi-hole.net)
+# Network-wide ad blocking via your own hardware.
+#
+# Network table flush
+#
+# This file is copyright under the latest version of the EUPL.
+# Please see LICENSE file for your rights under this license.
+
+coltable="/opt/pihole/COL_TABLE"
+if [[ -f ${coltable} ]]; then
+# shellcheck source="./advanced/Scripts/COL_TABLE"
+    source ${coltable}
+fi
+
+readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
+utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
+# shellcheck source=./advanced/Scripts/utils.sh
+source "${utilsfile}"
+
+# Source api functions
+# shellcheck source="./advanced/Scripts/api.sh"
+. "${PI_HOLE_SCRIPT_DIR}/api.sh"
+
+flushNetwork(){
+    local output
+
+    echo -ne "  ${INFO} Flushing network table ..."
+
+    local data status error
+    # Authenticate with FTL
+    LoginAPI
+
+    # send query again
+    data=$(PostFTLData "action/flush/network" "" "status")
+
+    # Separate the status from the data
+    status=$(printf %s "${data#"${data%???}"}")
+    data=$(printf %s "${data%???}")
+
+    # If there is an .error object in the returned data, display it
+    local error
+    error=$(jq --compact-output <<< "${data}" '.error')
+    if [[ $error != "null" && $error != "" ]]; then
+        echo -e "${OVER}  ${CROSS} Failed to flush the network table:"
+        echo -e "      $(jq <<< "${data}" '.error')"
+        LogoutAPI
+        exit 1
+    elif [[ "${status}" == "200" ]]; then
+        echo -e "${OVER}  ${TICK} Flushed network table"
+    fi
+
+    # Delete session
+    LogoutAPI
+}
+
+flushArp(){
+    # Flush ARP cache of the host
+    if ! output=$(ip -s -s neigh flush all 2>&1); then
+        echo -e "${OVER}  ${CROSS} Failed to flush ARP cache"
+        echo "  Output: ${output}"
+        return 1
+    fi
+}
+
+# Process all options (if present)
+while [ "$#" -gt 0 ]; do
+    case "$1" in
+    "--arp" ) doARP=true ;;
+    esac
+    shift
+done
+
+flushNetwork
+
+if [[ "${doARP}" == true ]]; then
+    echo -ne "  ${INFO} Flushing ARP cache"
+    if flushArp; then
+        echo -e "${OVER}  ${TICK} Flushed ARP cache"
+    fi
+fi
+
--- a/advanced/Scripts/query.sh
+++ b/advanced/Scripts/query.sh
@@ -37,19 +37,16 @@ Options:
 }

 GenerateOutput() {
-    local data gravity_data lists_data num_gravity num_lists search_type_str
-    local gravity_data_csv lists_data_csv line current_domain url type color
+    local counts data num_gravity num_lists search_type_str
+    local gravity_data_csv lists_data_csv line url type color
    data="${1}"

-    # construct a new json for the list results where each object contains the domain and the related type
-    lists_data=$(printf %s "${data}" | jq '.search.domains | [.[] | {domain: .domain, type: .type}]')
-
-    # construct a new json for the gravity results where each object contains the adlist URL and the related domains
-    gravity_data=$(printf %s "${data}" | jq '.search.gravity  | group_by(.address,.type) | map({ address: (.[0].address), type: (.[0].type), domains: [.[] | .domain] })')
-
-    # number of objects in each json
-    num_gravity=$(printf %s "${gravity_data}" | jq length)
-    num_lists=$(printf %s "${lists_data}" | jq length)
+    # Get count of list and gravity matches
+    # Use JQ to count number of entries in lists and gravity
+    # (output is number of list matches then number of gravity matches)
+    counts=$(printf %s "${data}" | jq --raw-output '(.search.domains | length), (.search.gravity | group_by(.address,.type) | length)')
+    num_lists=$(echo "$counts" | sed -n '1p')
+    num_gravity=$(echo "$counts" | sed -n '2p')

    if [ "${partial}" = true ]; then
        search_type_str="partially"
@@ -62,7 +59,7 @@ GenerateOutput() {
    if [ "${num_lists}" -gt 0 ]; then
        # Convert the data to a csv, each line is a "domain,type" string
        # not using jq's @csv here as it quotes each value individually
-        lists_data_csv=$(printf %s "${lists_data}" | jq --raw-output '.[] | [.domain, .type] | join(",")')
+        lists_data_csv=$(printf %s "${data}" | jq --raw-output '.search.domains | map([.domain, .type] | join(",")) | join("\n")')

        # Generate output for each csv line, separating line in a domain and type substring at the ','
        echo "${lists_data_csv}" | while read -r line; do
@@ -71,11 +68,11 @@ GenerateOutput() {
    fi

    # Results from gravity
-    printf "%s\n\n" "Found ${num_gravity} adlists ${search_type_str} matching '${COL_BLUE}${domain}${COL_NC}'."
+    printf "%s\n\n" "Found ${num_gravity} lists ${search_type_str} matching '${COL_BLUE}${domain}${COL_NC}'."
    if [ "${num_gravity}" -gt 0 ]; then
-        # Convert the data to a csv, each line is a "URL,domain,domain,...." string
+        # Convert the data to a csv, each line is a "URL,type,domain,domain,...." string
        # not using jq's @csv here as it quotes each value individually
-        gravity_data_csv=$(printf %s "${gravity_data}" | jq --raw-output '.[] | [.address, .type, .domains[]] | join(",")')
+        gravity_data_csv=$(printf %s "${data}" | jq --raw-output '.search.gravity | group_by(.address,.type) | map([.[0].address, .[0].type, (.[] | .domain)] | join(",")) | join("\n")')

        # Generate line-by-line output for each csv line
        echo "${gravity_data_csv}" | while read -r line; do
@@ -97,15 +94,8 @@ GenerateOutput() {

            # cut off type, leaving "domain,domain,...."
            line=${line#*,}
-            # print each domain and remove it from the string until nothing is left
-            while [ ${#line} -gt 0 ]; do
-                current_domain=${line%%,*}
-                printf '    - %s\n' "${COL_GREEN}${current_domain}${COL_NC}"
-                # we need to remove the current_domain and the comma in two steps because
-                # the last domain won't have a trailing comma and the while loop wouldn't exit
-                line=${line#"${current_domain}"}
-                line=${line#,}
-            done
+            # Replace commas with newlines and format output
+            echo "${line}" | sed 's/,/\n/g' | sed "s/^/    - ${COL_GREEN}/" | sed "s/$/${COL_NC}/"
            printf "\n\n"
        done
    fi
--- a/advanced/Scripts/update.sh
+++ b/advanced/Scripts/update.sh
@@ -47,7 +47,7 @@ GitCheckUpdateAvail() {

    # Fetch latest changes in this repo
    if ! git fetch --quiet origin ; then
-        echo -e "\\n  ${COL_LIGHT_RED}Error: Unable to update local repository. Contact Pi-hole Support.${COL_NC}"
+        echo -e "\\n  ${COL_RED}Error: Unable to update local repository. Contact Pi-hole Support.${COL_NC}"
        exit 1
    fi

@@ -76,13 +76,13 @@ GitCheckUpdateAvail() {


    if [[ "${#LOCAL}" == 0 ]]; then
-        echo -e "\\n  ${COL_LIGHT_RED}Error: Local revision could not be obtained, please contact Pi-hole Support"
+        echo -e "\\n  ${COL_RED}Error: Local revision could not be obtained, please contact Pi-hole Support"
        echo -e "  Additional debugging output:${COL_NC}"
        git status
        exit 1
    fi
    if [[ "${#REMOTE}" == 0 ]]; then
-        echo -e "\\n  ${COL_LIGHT_RED}Error: Remote revision could not be obtained, please contact Pi-hole Support"
+        echo -e "\\n  ${COL_RED}Error: Remote revision could not be obtained, please contact Pi-hole Support"
        echo -e "  Additional debugging output:${COL_NC}"
        git status
        exit 1
@@ -103,7 +103,7 @@ GitCheckUpdateAvail() {
 }

 main() {
-    local basicError="\\n  ${COL_LIGHT_RED}Unable to complete update, please contact Pi-hole Support${COL_NC}"
+    local basicError="\\n  ${COL_RED}Unable to complete update, please contact Pi-hole Support${COL_NC}"
    local core_update
    local web_update
    local FTL_update
@@ -120,7 +120,7 @@ main() {

    # This is unlikely
    if ! is_repo "${PI_HOLE_FILES_DIR}" ; then
-        echo -e "\\n  ${COL_LIGHT_RED}Error: Core Pi-hole repo is missing from system!"
+        echo -e "\\n  ${COL_RED}Error: Core Pi-hole repo is missing from system!"
        echo -e "  Please re-run install script from https://pi-hole.net${COL_NC}"
        exit 1;
    fi
@@ -132,11 +132,11 @@ main() {
        echo -e "  ${INFO} Pi-hole Core:\\t${COL_YELLOW}update available${COL_NC}"
    else
        core_update=false
-        echo -e "  ${INFO} Pi-hole Core:\\t${COL_LIGHT_GREEN}up to date${COL_NC}"
+        echo -e "  ${INFO} Pi-hole Core:\\t${COL_GREEN}up to date${COL_NC}"
    fi

    if ! is_repo "${ADMIN_INTERFACE_DIR}" ; then
-        echo -e "\\n  ${COL_LIGHT_RED}Error: Web Admin repo is missing from system!"
+        echo -e "\\n  ${COL_RED}Error: Web Admin repo is missing from system!"
        echo -e "  Please re-run install script from https://pi-hole.net${COL_NC}"
        exit 1;
    fi
@@ -146,7 +146,7 @@ main() {
        echo -e "  ${INFO} Web Interface:\\t${COL_YELLOW}update available${COL_NC}"
    else
        web_update=false
-        echo -e "  ${INFO} Web Interface:\\t${COL_LIGHT_GREEN}up to date${COL_NC}"
+        echo -e "  ${INFO} Web Interface:\\t${COL_GREEN}up to date${COL_NC}"
    fi

    local funcOutput
@@ -160,17 +160,18 @@ main() {
    else
        case $? in
            1)
-                echo -e "  ${INFO} FTL:\\t\\t${COL_LIGHT_GREEN}up to date${COL_NC}"
+                echo -e "  ${INFO} FTL:\\t\\t${COL_GREEN}up to date${COL_NC}"
                ;;
            2)
-                echo -e "  ${INFO} FTL:\\t\\t${COL_LIGHT_RED}Branch is not available.${COL_NC}\\n\\t\\t\\tUse ${COL_LIGHT_GREEN}pihole checkout ftl [branchname]${COL_NC} to switch to a valid branch."
+                echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Branch is not available.${COL_NC}\\n\\t\\t\\tUse ${COL_GREEN}pihole checkout ftl [branchname]${COL_NC} to switch to a valid branch."
+                exit 1
                ;;
            3)
-                echo -e "  ${INFO} FTL:\\t\\t${COL_LIGHT_RED}Something has gone wrong, cannot reach download server${COL_NC}"
+                echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Something has gone wrong, cannot reach download server${COL_NC}"
                exit 1
                ;;
            *)
-                echo -e "  ${INFO} FTL:\\t\\t${COL_LIGHT_RED}Something has gone wrong, contact support${COL_NC}"
+                echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Something has gone wrong, contact support${COL_NC}"
                exit 1
        esac
        FTL_update=false
@@ -187,7 +188,7 @@ main() {
    if [[ ! "${ftlBranch}" == "master" && ! "${ftlBranch}" == "development" ]]; then
        # Notify user that they are on a custom branch which might mean they they are lost
        # behind if a branch was merged to development and got abandoned
-        printf "  %b %bWarning:%b You are using FTL from a custom branch (%s) and might be missing future releases.\\n" "${INFO}" "${COL_LIGHT_RED}" "${COL_NC}" "${ftlBranch}"
+        printf "  %b %bWarning:%b You are using FTL from a custom branch (%s) and might be missing future releases.\\n" "${INFO}" "${COL_RED}" "${COL_NC}" "${ftlBranch}"
    fi

    if [[ "${core_update}" == false && "${web_update}" == false && "${FTL_update}" == false ]]; then
--- a/advanced/Scripts/utils.sh
+++ b/advanced/Scripts/utils.sh
@@ -73,7 +73,9 @@ getFTLPID() {
 # Example getFTLConfigValue dns.piholePTR
 #######################
 getFTLConfigValue(){
-  pihole-FTL --config -q "${1}"
+  # Pipe to cat to avoid pihole-FTL assuming this is an interactive command
+  # returning colored output.
+  pihole-FTL --config -q "${1}" | cat
 }

 #######################
@@ -86,9 +88,17 @@ getFTLConfigValue(){
 # setFTLConfigValue dns.upstreams '[ "8.8.8.8" , "8.8.4.4" ]'
 #######################
 setFTLConfigValue(){
-  pihole-FTL --config "${1}" "${2}" >/dev/null
-  if [ $? -eq 5 ]; then
-    printf "  %s %s set by environment variable. Please unset it to use this function\n" "${CROSS}" "${1}"
-    exit 5
-  fi
+    local err
+    { pihole-FTL --config "${1}" "${2}" >/dev/null; err="$?"; } || true
+
+    case $err in
+    0) ;;
+    5)
+        # FTL returns 5 if the value was set by an environment variable and is therefore read-only
+        printf "  %s %s set by environment variable. Please unset it to use this function\n" "${CROSS}" "${1}";
+        exit 5;;
+    *)
+        printf "  %s Failed to set %s. Try with sudo power\n" "${CROSS}" "${1}"
+        exit 1
+    esac
 }
--- a/advanced/bash-completion/pihole
+++ b/advanced/bash-completion/pihole
@@ -1,5 +1,5 @@
 _pihole() {
-    local cur prev opts opts_checkout opts_debug opts_logging opts_query opts_update opts_version
+    local cur prev opts opts_lists opts_checkout opts_debug opts_logging opts_query opts_update opts_networkflush
    COMPREPLY=()
    cur="${COMP_WORDS[COMP_CWORD]}"
    prev="${COMP_WORDS[COMP_CWORD-1]}"
@@ -7,7 +7,7 @@ _pihole() {

    case "${prev}" in
        "pihole")
-            opts="allow allow-regex allow-wild deny checkout debug disable enable flush help logging query repair regex reloaddns reloadlists status tail uninstall updateGravity updatePihole version wildcard arpflush api"
+            opts="allow allow-regex allow-wild deny checkout debug disable enable flush help logging query repair regex reloaddns reloadlists setpassword status tail uninstall updateGravity updatePihole version wildcard networkflush api"
            COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
        ;;
        "allow"|"deny"|"wildcard"|"regex"|"allow-regex"|"allow-wild")
@@ -34,9 +34,13 @@ _pihole() {
            opts_update="--check-only"
            COMPREPLY=( $(compgen -W "${opts_update}" -- ${cur}) )
        ;;
-        "core"|"admin"|"ftl")
+        "networkflush")
+            opts_networkflush="--arp"
+            COMPREPLY=( $(compgen -W "${opts_networkflush}" -- ${cur}) )
+        ;;
+        "core"|"web"|"ftl")
            if [[ "$prev2" == "checkout" ]]; then
-                opts_checkout="master dev"
+                opts_checkout="master development"
                COMPREPLY=( $(compgen -W "${opts_checkout}" -- ${cur}) )
            else
                return 1
--- a/install/basic-install.sh
+++ b/install/basic-install.sh
@@ -116,11 +116,11 @@ c=70
 PIHOLE_META_PACKAGE_CONTROL_APT=$(
    cat <<EOM
 Package: pihole-meta
-Version: 0.4
+Version: 0.5
 Maintainer: Pi-hole team <adblock@pi-hole.net>
 Architecture: all
 Description: Pi-hole dependency meta package
-Depends: awk,bash-completion,binutils,ca-certificates,cron|cron-daemon,curl,dialog,dnsutils,dns-root-data,git,grep,iproute2,iputils-ping,jq,libcap2,libcap2-bin,lshw,netcat-openbsd,procps,psmisc,sudo,unzip
+Depends: awk,bash-completion,binutils,ca-certificates,cron|cron-daemon,curl,dialog,dnsutils,dns-root-data,git,grep,iproute2,iputils-ping,jq,libcap2,libcap2-bin,lshw,procps,psmisc,sudo,unzip
 Section: contrib/metapackages
 Priority: optional
 EOM
@@ -130,12 +130,12 @@ EOM
 PIHOLE_META_PACKAGE_CONTROL_RPM=$(
    cat <<EOM
 Name: pihole-meta
-Version: 0.2
+Version: 0.3
 Release: 1
 License: EUPL
 BuildArch: noarch
 Summary: Pi-hole dependency meta package
-Requires: bash-completion,bind-utils,binutils,ca-certificates,chkconfig,cronie,curl,dialog,findutils,gawk,git,grep,iproute,jq,libcap,lshw,nmap-ncat,procps-ng,psmisc,sudo,unzip
+Requires: bash-completion,bind-utils,binutils,ca-certificates,chkconfig,cronie,curl,dialog,findutils,gawk,git,grep,iproute,jq,libcap,lshw,procps-ng,psmisc,sudo,unzip
 %description
 Pi-hole dependency meta package
 %prep
@@ -143,6 +143,9 @@ Pi-hole dependency meta package
 %files
 %install
 %changelog
+* Mon Jul 14 2025 Pi-hole Team - 0.3
+- Remove nmap-ncat from the list of dependencies
+
 * Wed May 28 2025 Pi-hole Team - 0.2
 - Add gawk to the list of dependencies

@@ -164,6 +167,17 @@ for var in "$@"; do
    esac
 done

+if [[ "${runUnattended}" == true ]]; then
+    # In order to run an unattended setup, a pre-seeded /etc/pihole/pihole.toml must exist
+    if [[ ! -f "${PI_HOLE_CONFIG_DIR}/pihole.toml" ]]; then
+        printf "  %b Error: \"%s\" not found. Cannot run unattended setup\\n" "${CROSS}" "${PI_HOLE_CONFIG_DIR}/pihole.toml"
+        exit 1
+    fi
+    printf "  %b Performing unattended setup, no dialogs will be displayed\\n" "${INFO}"
+    # also disable debconf-apt-progress dialogs
+    export DEBIAN_FRONTEND="noninteractive"
+fi
+
 # If the color table file exists,
 if [[ -f "${coltable}" ]]; then
    # source it
@@ -173,13 +187,11 @@ if [[ -f "${coltable}" ]]; then
 else
    # Set these values so the installer can still run in color
    COL_NC='\e[0m' # No Color
-    COL_LIGHT_GREEN='\e[1;32m'
-    COL_LIGHT_RED='\e[1;31m'
-    TICK="[${COL_LIGHT_GREEN}✓${COL_NC}]"
-    CROSS="[${COL_LIGHT_RED}✗${COL_NC}]"
+    COL_GREEN='\e[1;32m'
+    COL_RED='\e[1;31m'
+    TICK="[${COL_GREEN}✓${COL_NC}]"
+    CROSS="[${COL_RED}✗${COL_NC}]"
    INFO="[i]"
-    # shellcheck disable=SC2034
-    DONE="${COL_LIGHT_GREEN} done!${COL_NC}"
    OVER="\\r\\033[K"
 fi

@@ -187,13 +199,13 @@ fi
 # This lets users know that it is a Pi-hole, LLC product
 show_ascii_berry() {
    echo -e "
-        ${COL_LIGHT_GREEN}.;;,.
+        ${COL_GREEN}.;;,.
        .ccccc:,.
         :cccclll:.      ..,,
          :ccccclll.   ;ooodc
           'ccll:;ll .oooodc
             .;cll.;;looo:.
-                 ${COL_LIGHT_RED}.. ','.
+                 ${COL_RED}.. ','.
                .',,,,,,'.
              .',,,,,,,,,,.
            .',,,,,,,,,,,,....
@@ -215,7 +227,7 @@ abort() {
    # remove any leftover build directory that may exist
    rm -rf /tmp/pihole-meta_*

-    echo -e "\\n\\n  ${COL_LIGHT_RED}Installation was interrupted${COL_NC}\\n"
+    echo -e "\\n\\n  ${COL_RED}Installation was interrupted${COL_NC}\\n"
    echo -e "Pi-hole's dependencies might be already installed. If you want to remove them you can try to\\n"
    echo -e "a) run 'pihole uninstall' \\n"
    echo -e "b) Remove the meta-package 'pihole-meta' manually \\n"
@@ -231,13 +243,11 @@ is_command() {
    command -v "${check_command}" >/dev/null 2>&1
 }

-is_pid1() {
-    # Checks to see if the given command runs as PID 1
-    local is_pid1="$1"
-
-    # select PID 1, format output to show only CMD column without header
-    # quietly grep for a match on the function passed parameter
-    ps --pid 1 --format comm= | grep -q "${is_pid1}"
+check_fresh_install() {
+    # in case of an update (can be a v5 -> v6 or v6 -> v6 update) or repair
+    if [[ -f "${PI_HOLE_V6_CONFIG}" ]] || [[ -f "/etc/pihole/setupVars.conf" ]]; then
+        fresh_install=false
+    fi
 }

 # Compatibility
@@ -256,8 +266,6 @@ package_manager_detect() {
        PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
        # The command we will use to remove packages (used in the uninstaller)
        PKG_REMOVE="${PKG_MANAGER} -y remove --purge"
-        # Update package cache
-        update_package_cache || exit 1

    # If apt-get is not found, check for rpm.
    elif is_command rpm; then
@@ -317,7 +325,7 @@ build_dependency_package(){
            printf "%b  %b %s\\n" "${OVER}" "${TICK}" "${str}"
        else
            printf "%b  %b %s\\n" "${OVER}" "${CROSS}" "${str}"
-            printf "%b Error: Building pihole-meta.deb failed. %b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
+            printf "%b Error: Building pihole-meta.deb failed. %b\\n" "${COL_RED}" "${COL_NC}"
            return 1
        fi

@@ -350,7 +358,7 @@ build_dependency_package(){
            printf "%b  %b %s\\n" "${OVER}" "${TICK}" "${str}"
        else
            printf "%b  %b %s\\n" "${OVER}" "${CROSS}" "${str}"
-            printf "%b Error: Building pihole-meta.rpm failed. %b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
+            printf "%b Error: Building pihole-meta.rpm failed. %b\\n" "${COL_RED}" "${COL_NC}"
            return 1
        fi

@@ -492,7 +500,7 @@ getGitFiles() {
        printf "%b  %b %s\\n" "${OVER}" "${TICK}" "${str}"
        # Update the repo, returning an error message on failure
        update_repo "${directory}" || {
-            printf "\\n  %b: Could not update local repository. Contact support.%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
+            printf "\\n  %b: Could not update local repository. Contact support.%b\\n" "${COL_RED}" "${COL_NC}"
            exit 1
        }
    # If it's not a .git repo,
@@ -501,7 +509,7 @@ getGitFiles() {
        printf "%b  %b %s\\n" "${OVER}" "${CROSS}" "${str}"
        # Attempt to make the repository, showing an error on failure
        make_repo "${directory}" "${remoteRepo}" || {
-            printf "\\n  %bError: Could not update local repository. Contact support.%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
+            printf "\\n  %bError: Could not update local repository. Contact support.%b\\n" "${COL_RED}" "${COL_NC}"
            exit 1
        }
    fi
@@ -586,7 +594,10 @@ Do you wish to continue with an IPv6-only installation?\\n\\n" \
 # Get available interfaces that are UP
 get_available_interfaces() {
    # There may be more than one so it's all stored in a variable
-    availableInterfaces=$(ip --oneline link show up | awk '{print $2}' |  grep -v "^lo" | cut -d':' -f1 | cut -d'@' -f1)
+    # The ip command list all interfaces that are in the up state
+    # The awk command filters out any interfaces that have the LOOPBACK flag set
+    # while using the characters ": " or "@" as a field separator for awk
+    availableInterfaces=$(ip --oneline link show up | awk -F ': |@' '!/<.*LOOPBACK.*>/ {print $2}')
 }

 # A function for displaying the dialogs the user sees when first running the installer
@@ -816,7 +827,7 @@ setDNS() {
    result=$?
    case ${result} in
    "${DIALOG_CANCEL}" | "${DIALOG_ESC}")
-        printf "  %b Cancel was selected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
+        printf "  %b Cancel was selected, exiting installer%b\\n" "${COL_RED}" "${COL_NC}"
        exit 1
        ;;
    esac
@@ -853,7 +864,7 @@ If you want to specify a port other than 53, separate it with a hash.\
            result=$?
            case ${result} in
            "${DIALOG_CANCEL}" | "${DIALOG_ESC}")
-                printf "  %b Cancel was selected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
+                printf "  %b Cancel was selected, exiting installer%b\\n" "${COL_RED}" "${COL_NC}"
                exit 1
                ;;
            esac
@@ -907,7 +918,7 @@ If you want to specify a port other than 53, separate it with a hash.\
                    DNSSettingsCorrect=False
                    ;;
                "${DIALOG_ESC}")
-                    printf "  %b Escape pressed, exiting installer at DNS Settings%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
+                    printf "  %b Escape pressed, exiting installer at DNS Settings%b\\n" "${COL_RED}" "${COL_NC}"
                    exit 1
                    ;;
                esac
@@ -958,7 +969,7 @@ setLogging() {
        ;;
    "${DIALOG_ESC}")
        # User pressed <ESC>
-        printf "  %b Escape pressed, exiting installer at Query Logging choice.%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
+        printf "  %b Escape pressed, exiting installer at Query Logging choice.%b\\n" "${COL_RED}" "${COL_NC}"
        exit 1
        ;;
    esac
@@ -983,7 +994,7 @@ setPrivacyLevel() {
        printf "  %b Using privacy level: %s\\n" "${INFO}" "${PRIVACY_LEVEL}"
        ;;
    "${DIALOG_CANCEL}" | "${DIALOG_ESC}")
-        printf "  %b Cancelled privacy level selection.%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
+        printf "  %b Cancelled privacy level selection.%b\\n" "${COL_RED}" "${COL_NC}"
        exit 1
        ;;
    esac
@@ -1017,7 +1028,7 @@ chooseBlocklists() {
        ;;
    "${DIALOG_ESC}")
        # User pressed <ESC>
-        printf "  %b Escape pressed, exiting installer at blocklist choice.%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
+        printf "  %b Escape pressed, exiting installer at blocklist choice.%b\\n" "${COL_RED}" "${COL_NC}"
        exit 1
        ;;
    esac
@@ -1143,7 +1154,7 @@ installScripts() {
    else
        # Otherwise, show an error and exit
        printf "%b  %b %s\\n" "${OVER}" "${CROSS}" "${str}"
-        printf "\\t\\t%bError: Local repo %s not found, exiting installer%b\\n" "${COL_LIGHT_RED}" "${PI_HOLE_LOCAL_REPO}" "${COL_NC}"
+        printf "\\t\\t%bError: Local repo %s not found, exiting installer%b\\n" "${COL_RED}" "${PI_HOLE_LOCAL_REPO}" "${COL_NC}"
        return 1
    fi
 }
@@ -1158,13 +1169,13 @@ installConfigs() {
    # Install empty custom.list file if it does not exist
    if [[ ! -r "${PI_HOLE_CONFIG_DIR}/hosts/custom.list" ]]; then
        if ! install -D -T -o pihole -g pihole -m 660 /dev/null "${PI_HOLE_CONFIG_DIR}/hosts/custom.list" &>/dev/null; then
-            printf "  %b Error: Unable to initialize configuration file %s/custom.list\\n" "${COL_LIGHT_RED}" "${PI_HOLE_CONFIG_DIR}/hosts"
+            printf "  %b Error: Unable to initialize configuration file %s/custom.list\\n" "${COL_RED}" "${PI_HOLE_CONFIG_DIR}/hosts"
            return 1
        fi
    fi

    # Install pihole-FTL systemd or init.d service, based on whether systemd is the init system or not
-    if is_pid1 systemd; then
+    if ps -p 1 -o comm= | grep -q systemd; then
        install -T -m 0644 "${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole-FTL.systemd" '/etc/systemd/system/pihole-FTL.service'

        # Remove init.d service if present
@@ -1232,12 +1243,9 @@ stop_service() {
    # Can softfail, as process may not be installed when this is called
    local str="Stopping ${1} service"
    printf "  %b %s..." "${INFO}" "${str}"
-    # If systemd is PID 1,
-    if is_pid1 systemd; then
-        # use that to restart the service
+    if is_command systemctl; then
        systemctl -q stop "${1}" || true
    else
-        # Otherwise, fall back to the service command
        service "${1}" stop >/dev/null || true
    fi
    printf "%b  %b %s...\\n" "${OVER}" "${TICK}" "${str}"
@@ -1248,8 +1256,8 @@ restart_service() {
    # Local, named variables
    local str="Restarting ${1} service"
    printf "  %b %s..." "${INFO}" "${str}"
-    # If systemd is PID 1,
-    if is_pid1 systemd; then
+    # If systemctl exists,
+    if is_command systemctl; then
        # use that to restart the service
        systemctl -q restart "${1}"
    else
@@ -1264,8 +1272,8 @@ enable_service() {
    # Local, named variables
    local str="Enabling ${1} service to start on reboot"
    printf "  %b %s..." "${INFO}" "${str}"
-    # If systemd is PID1,
-    if is_pid1 systemd; then
+    # If systemctl exists,
+    if is_command systemctl; then
        # use that to enable the service
        systemctl -q enable "${1}"
    else
@@ -1280,8 +1288,8 @@ disable_service() {
    # Local, named variables
    local str="Disabling ${1} service"
    printf "  %b %s..." "${INFO}" "${str}"
-    # If systemd is PID1,
-    if is_pid1 systemd; then
+    # If systemctl exists,
+    if is_command systemctl; then
        # use that to disable the service
        systemctl -q disable "${1}"
    else
@@ -1292,8 +1300,8 @@ disable_service() {
 }

 check_service_active() {
-    # If systemd is PID1,
-    if is_pid1 systemd; then
+    # If systemctl exists,
+    if is_command systemctl; then
        # use that to check the status of the service
        systemctl -q is-enabled "${1}" 2>/dev/null
    else
@@ -1340,7 +1348,7 @@ update_package_cache() {
            UPDATE_PKG_CACHE="apt update"
        fi
        printf "%b  %b %s\\n" "${OVER}" "${CROSS}" "${str}"
-        printf "  %b Error: Unable to update package cache. Please try \"%s\"%b\\n" "${COL_LIGHT_RED}" "sudo ${UPDATE_PKG_CACHE}" "${COL_NC}"
+        printf "  %b Error: Unable to update package cache. Please try \"%s\"%b\\n" "${COL_RED}" "sudo ${UPDATE_PKG_CACHE}" "${COL_NC}"
        return 1
    fi
 }
@@ -1358,7 +1366,7 @@ notify_package_updates_available() {
        printf "%b  %b %s... up to date!\\n\\n" "${OVER}" "${TICK}" "${str}"
    else
        printf "%b  %b %s... %s updates available\\n" "${OVER}" "${TICK}" "${str}" "${updatesToInstall}"
-        printf "  %b %bIt is recommended to update your OS after installing the Pi-hole!%b\\n\\n" "${INFO}" "${COL_LIGHT_GREEN}" "${COL_NC}"
+        printf "  %b %bIt is recommended to update your OS after installing the Pi-hole!%b\\n\\n" "${INFO}" "${COL_GREEN}" "${COL_NC}"
    fi
 }

@@ -1375,11 +1383,11 @@ install_dependent_packages() {
                rm /tmp/pihole-meta.deb
            else
                printf "%b  %b %s\\n" "${OVER}" "${CROSS}" "${str}"
-                printf "  %b Error: Unable to install Pi-hole dependency package.\\n" "${COL_LIGHT_RED}"
+                printf "  %b Error: Unable to install Pi-hole dependency package.\\n" "${COL_RED}"
                return 1
            fi
        else
-            printf "  %b Error: Unable to find Pi-hole dependency package.\\n" "${COL_LIGHT_RED}"
+            printf "  %b Error: Unable to find Pi-hole dependency package.\\n" "${COL_RED}"
            return 1
        fi
    # Install Fedora/CentOS packages
@@ -1390,11 +1398,11 @@ install_dependent_packages() {
                rm /tmp/pihole-meta.rpm
            else
                printf "%b  %b %s\\n" "${OVER}" "${CROSS}" "${str}"
-                printf "  %b Error: Unable to install Pi-hole dependency package.\\n" "${COL_LIGHT_RED}"
+                printf "  %b Error: Unable to install Pi-hole dependency package.\\n" "${COL_RED}"
                return 1
            fi
        else
-            printf "  %b Error: Unable to find Pi-hole dependency package.\\n" "${COL_LIGHT_RED}"
+            printf "  %b Error: Unable to find Pi-hole dependency package.\\n" "${COL_RED}"
            return 1
        fi

@@ -1623,13 +1631,13 @@ checkSelinux() {
    if [[ "${SELINUX_ENFORCING}" -eq 1 ]] && [[ -z "${PIHOLE_SELINUX}" ]]; then
        printf "  Pi-hole does not provide an SELinux policy as the required changes modify the security of your system.\\n"
        printf "  Please refer to https://wiki.centos.org/HowTos/SELinux if SELinux is required for your deployment.\\n"
-        printf "      This check can be skipped by setting the environment variable %bPIHOLE_SELINUX%b to %btrue%b\\n" "${COL_LIGHT_RED}" "${COL_NC}" "${COL_LIGHT_RED}" "${COL_NC}"
+        printf "      This check can be skipped by setting the environment variable %bPIHOLE_SELINUX%b to %btrue%b\\n" "${COL_RED}" "${COL_NC}" "${COL_RED}" "${COL_NC}"
        printf "      e.g: export PIHOLE_SELINUX=true\\n"
        printf "      By setting this variable to true you acknowledge there may be issues with Pi-hole during or after the install\\n"
-        printf "\\n  %bSELinux Enforcing detected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"
+        printf "\\n  %bSELinux Enforcing detected, exiting installer%b\\n" "${COL_RED}" "${COL_NC}"
        exit 1
    elif [[ "${SELINUX_ENFORCING}" -eq 1 ]] && [[ -n "${PIHOLE_SELINUX}" ]]; then
-        printf "  %b %bSELinux Enforcing detected%b. PIHOLE_SELINUX env variable set - installer will continue\\n" "${INFO}" "${COL_LIGHT_RED}" "${COL_NC}"
+        printf "  %b %bSELinux Enforcing detected%b. PIHOLE_SELINUX env variable set - installer will continue\\n" "${INFO}" "${COL_RED}" "${COL_NC}"
    fi
 }

@@ -1727,13 +1735,13 @@ clone_or_reset_repos() {
        # Reset the Core repo
        resetRepo ${PI_HOLE_LOCAL_REPO} ||
            {
-                printf "  %b Unable to reset %s, exiting installer%b\\n" "${COL_LIGHT_RED}" "${PI_HOLE_LOCAL_REPO}" "${COL_NC}"
+                printf "  %b Unable to reset %s, exiting installer%b\\n" "${COL_RED}" "${PI_HOLE_LOCAL_REPO}" "${COL_NC}"
                exit 1
            }
        # Reset the Web repo
        resetRepo ${webInterfaceDir} ||
            {
-                printf "  %b Unable to reset %s, exiting installer%b\\n" "${COL_LIGHT_RED}" "${webInterfaceDir}" "${COL_NC}"
+                printf "  %b Unable to reset %s, exiting installer%b\\n" "${COL_RED}" "${webInterfaceDir}" "${COL_NC}"
                exit 1
            }
    # Otherwise, a fresh installation is happening
@@ -1741,13 +1749,13 @@ clone_or_reset_repos() {
        # so get git files for Core
        getGitFiles ${PI_HOLE_LOCAL_REPO} ${piholeGitUrl} ||
            {
-                printf "  %b Unable to clone %s into %s, unable to continue%b\\n" "${COL_LIGHT_RED}" "${piholeGitUrl}" "${PI_HOLE_LOCAL_REPO}" "${COL_NC}"
+                printf "  %b Unable to clone %s into %s, unable to continue%b\\n" "${COL_RED}" "${piholeGitUrl}" "${PI_HOLE_LOCAL_REPO}" "${COL_NC}"
                exit 1
            }
        # get the Web git files
        getGitFiles ${webInterfaceDir} ${webInterfaceGitUrl} ||
            {
-                printf "  %b Unable to clone %s into ${webInterfaceDir}, exiting installer%b\\n" "${COL_LIGHT_RED}" "${webInterfaceGitUrl}" "${COL_NC}"
+                printf "  %b Unable to clone %s into ${webInterfaceDir}, exiting installer%b\\n" "${COL_RED}" "${webInterfaceGitUrl}" "${COL_NC}"
                exit 1
            }
    fi
@@ -1797,8 +1805,12 @@ FTLinstall() {
            # Before stopping FTL, we download the macvendor database
            curl -sSL "https://ftl.pi-hole.net/macvendor.db" -o "${PI_HOLE_CONFIG_DIR}/macvendor.db" || true

-            # Stop pihole-FTL service if available
-            stop_service pihole-FTL >/dev/null
+
+            # If the binary already exists in /usr/bin, then we need to stop the service
+            # If the binary does not exist (fresh installs), then we can skip this step.
+            if [[ -f /usr/bin/pihole-FTL ]]; then
+                stop_service pihole-FTL >/dev/null
+            fi

            # Install the new version with the correct permissions
            install -T -m 0755 "${binary}" /usr/bin/pihole-FTL
@@ -1823,7 +1835,7 @@ FTLinstall() {
                return 1
            }
            printf "%b  %b %s\\n" "${OVER}" "${CROSS}" "${str}"
-            printf "  %b Error: Download of %s/%s failed (checksum error)%b\\n" "${COL_LIGHT_RED}" "${url}" "${binary}" "${COL_NC}"
+            printf "  %b Error: Download of %s/%s failed (checksum error)%b\\n" "${COL_RED}" "${url}" "${binary}" "${COL_NC}"

            # Remove temp dir
            remove_dir "${tempdir}"
@@ -1837,7 +1849,7 @@ FTLinstall() {
        }
        printf "%b  %b %s\\n" "${OVER}" "${CROSS}" "${str}"
        # The URL could not be found
-        printf "  %b Error: URL %s/%s not found%b\\n" "${COL_LIGHT_RED}" "${url}" "${binary}" "${COL_NC}"
+        printf "  %b Error: URL %s/%s not found%b\\n" "${COL_RED}" "${url}" "${binary}" "${COL_NC}"

        # Remove temp dir
        remove_dir "${tempdir}"
@@ -1914,7 +1926,7 @@ get_binary_name() {
        # Something else - we try to use 32bit executable and warn the user
        if [[ ! "${machine}" == "i686" ]]; then
            printf "%b  %b %s...\\n" "${OVER}" "${CROSS}" "${str}"
-            printf "  %b %bNot able to detect architecture (unknown: %s), trying x86 (32bit) executable%b\\n" "${INFO}" "${COL_LIGHT_RED}" "${machine}" "${COL_NC}"
+            printf "  %b %bNot able to detect architecture (unknown: %s), trying x86 (32bit) executable%b\\n" "${INFO}" "${COL_RED}" "${machine}" "${COL_NC}"
            printf "  %b Contact Pi-hole Support if you experience issues (e.g: FTL not running)\\n" "${INFO}"
        else
            printf "%b  %b Detected 32bit (i686) architecture\\n" "${OVER}" "${TICK}"
@@ -1952,12 +1964,12 @@ FTLcheckUpdate() {
        path="${ftlBranch}/${binary}"

        # Check whether or not the binary for this FTL branch actually exists. If not, then there is no update!
+        local status
        if ! check_download_exists "$path"; then
-            local status
            status=$?
            if [ "${status}" -eq 1 ]; then
                printf "  %b Branch \"%s\" is not available.\\n" "${INFO}" "${ftlBranch}"
-                printf "  %b Use %bpihole checkout ftl [branchname]%b to switch to a valid branch.\\n" "${INFO}" "${COL_LIGHT_GREEN}" "${COL_NC}"
+                printf "  %b Use %bpihole checkout ftl [branchname]%b to switch to a valid branch.\\n" "${INFO}" "${COL_GREEN}" "${COL_NC}"
            elif [ "${status}" -eq 2 ]; then
                printf "  %b Unable to download from ftl.pi-hole.net. Please check your Internet connection and try again later.\\n" "${CROSS}"
                return 3
@@ -2043,6 +2055,11 @@ FTLdetect() {

    if FTLcheckUpdate "${1}"; then
        FTLinstall "${1}" || return 1
+    else
+        case $? in
+            1) :;; # FTL is up-to-date
+            *) exit 1;; # 404 (2), other HTTP or curl error (3), unknown (4)
+        esac
    fi
 }

@@ -2170,7 +2187,7 @@ main() {
    else
        # Otherwise, they do not have enough privileges, so let the user know
        printf "  %b %s\\n" "${INFO}" "${str}"
-        printf "  %b %bScript called with non-root privileges%b\\n" "${INFO}" "${COL_LIGHT_RED}" "${COL_NC}"
+        printf "  %b %bScript called with non-root privileges%b\\n" "${INFO}" "${COL_RED}" "${COL_NC}"
        printf "      The Pi-hole requires elevated privileges to install and run\\n"
        printf "      Please check the installer for any concerns regarding this requirement\\n"
        printf "      Make sure to download this script from a trusted source\\n\\n"
@@ -2194,7 +2211,7 @@ main() {
            # Otherwise, tell the user they need to run the script as root, and bail
            printf "%b  %b Sudo utility check\\n" "${OVER}" "${CROSS}"
            printf "  %b Sudo is needed for the Web Interface to run pihole commands\\n\\n" "${INFO}"
-            printf "  %b %bPlease re-run this installer as root${COL_NC}\\n" "${INFO}" "${COL_LIGHT_RED}"
+            printf "  %b %bPlease re-run this installer as root${COL_NC}\\n" "${INFO}" "${COL_RED}"
            exit 1
        fi
    fi
@@ -2205,9 +2222,17 @@ main() {
    # Check for availability of either the "service" or "systemctl" commands
    check_service_command

+    # Check if this is a fresh install or an update/repair
+    check_fresh_install
+
    # Check for supported package managers so that we may install dependencies
    package_manager_detect

+    # Update package cache only on apt based systems
+    if is_command apt-get; then
+            update_package_cache || exit 1
+    fi
+
    # Notify user of package availability
    notify_package_updates_available

@@ -2228,18 +2253,6 @@ main() {
        exit 1
    fi

-    # in case of an update (can be a v5 -> v6 or v6 -> v6 update) or repair
-    if [[ -f "${PI_HOLE_V6_CONFIG}" ]] || [[ -f "/etc/pihole/setupVars.conf" ]]; then
-        # retain settings
-        fresh_install=false
-        # if it's running unattended,
-        if [[ "${runUnattended}" == true ]]; then
-            printf "  %b Performing unattended setup, no dialogs will be displayed\\n" "${INFO}"
-            # also disable debconf-apt-progress dialogs
-            export DEBIAN_FRONTEND="noninteractive"
-        fi
-    fi
-
    if [[ "${fresh_install}" == true ]]; then
        # Display welcome dialogs
        welcomeDialogs
@@ -2379,8 +2392,10 @@ main() {
        printf "  %b If you have not done so already, the above IP should be set to static.\\n" "${INFO}"

        printf "  %b View the web interface at http://pi.hole:${WEBPORT}/admin or http://%s/admin\\n\\n" "${INFO}" "${IPV4_ADDRESS%/*}:${WEBPORT}"
-        printf "  %b Web Interface password: %b%s%b\\n" "${INFO}" "${COL_LIGHT_GREEN}" "${pw}" "${COL_NC}"
+        printf "  %b Web Interface password: %b%s%b\\n" "${INFO}" "${COL_GREEN}" "${pw}" "${COL_NC}"
        printf "  %b This can be changed using 'pihole setpassword'\\n\\n" "${INFO}"
+        printf "  %b To allow your user to use all CLI functions without authentication, refer to\\n" "${INFO}"
+        printf "    our documentation at: https://docs.pi-hole.net/main/post-install/\\n\\n"

        # Final dialog message to the user
        dialog --no-shadow --keep-tite \
@@ -2389,7 +2404,11 @@ main() {
 \\n\\nIPv4:	${IPV4_ADDRESS%/*}\
 \\nIPv6:	${IPV6_ADDRESS:-"Not Configured"}\
 \\nIf you have not done so already, the above IP should be set to static.\
-\\nView the web interface at http://pi.hole/admin:${WEBPORT} or http://${IPV4_ADDRESS%/*}:${WEBPORT}/admin\\n\\nYour Admin Webpage login password is ${pw}" "${r}" "${c}"
+\\nView the web interface at http://pi.hole/admin:${WEBPORT} or http://${IPV4_ADDRESS%/*}:${WEBPORT}/admin\\n\\nYour Admin Webpage login password is ${pw}\
+\\n
+\\n
+\\nTo allow your user to use all CLI functions without authentication,\
+\\nrefer to https://docs.pi-hole.net/main/post-install/" "${r}" "${c}"

        INSTALL_TYPE="Installation"
    else
@@ -2398,7 +2417,7 @@ main() {

    # Display where the log file is
    printf "\\n  %b The install log is located at: %s\\n" "${INFO}" "${installLogLoc}"
-    printf "  %b %b%s complete! %b\\n" "${TICK}" "${COL_LIGHT_GREEN}" "${INSTALL_TYPE}" "${COL_NC}"
+    printf "  %b %b%s complete! %b\\n" "${TICK}" "${COL_GREEN}" "${INSTALL_TYPE}" "${COL_NC}"

    if [[ "${INSTALL_TYPE}" == "Update" ]]; then
        printf "\\n"
--- a/install/uninstall.sh
+++ b/install/uninstall.sh
@@ -13,19 +13,14 @@ source "/opt/pihole/COL_TABLE"
 # shellcheck source="./advanced/Scripts/utils.sh"
 source "/opt/pihole/utils.sh"

-SKIP_INSTALL="true"
-# shellcheck source="./automated install/basic-install.sh"
-source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
-# stop_service() is defined in basic-install.sh
-
 ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome")
 readonly ADMIN_INTERFACE_DIR

 while true; do
-    read -rp "  ${QST} Are you sure you would like to remove ${COL_WHITE}Pi-hole${COL_NC}? [y/N] " answer
+    read -rp "  ${QST} Are you sure you would like to remove ${COL_BOLD}Pi-hole${COL_NC}? [y/N] " answer
    case ${answer} in
        [Yy]* ) break;;
-        * ) echo -e "${OVER}  ${COL_LIGHT_GREEN}Uninstall has been canceled${COL_NC}"; exit 0;;
+        * ) echo -e "${OVER}  ${COL_GREEN}Uninstall has been canceled${COL_NC}"; exit 0;;
    esac
 done

@@ -107,7 +102,11 @@ removePiholeFiles() {
    # Remove FTL
    if command -v pihole-FTL &> /dev/null; then
        echo -ne "  ${INFO} Removing pihole-FTL..."
-        stop_service pihole-FTL
+        if [[ -x "$(command -v systemctl)" ]]; then
+            systemctl stop pihole-FTL
+        else
+            service pihole-FTL stop
+        fi
        ${SUDO} rm -f /etc/systemd/system/pihole-FTL.service
        if [[ -d '/etc/systemd/system/pihole-FTL.service.d' ]]; then
            read -rp "  ${QST} FTL service override directory /etc/systemd/system/pihole-FTL.service.d detected. Do you wish to remove this from your system? [y/N] " answer
@@ -151,11 +150,11 @@ removePiholeFiles() {

    echo -e "\\n   We're sorry to see you go, but thanks for checking out Pi-hole!
       If you need help, reach out to us on GitHub, Discourse, Reddit or Twitter
-       Reinstall at any time: ${COL_WHITE}curl -sSL https://install.pi-hole.net | bash${COL_NC}
+       Reinstall at any time: ${COL_BOLD}curl -sSL https://install.pi-hole.net | bash${COL_NC}

-      ${COL_LIGHT_RED}Please reset the DNS on your router/clients to restore internet connectivity${COL_NC}
+      ${COL_RED}Please reset the DNS on your router/clients to restore internet connectivity${COL_NC}
      ${INFO} Pi-hole's meta package has been removed, use the 'autoremove' function from your package manager to remove unused dependencies${COL_NC}
-      ${COL_LIGHT_GREEN}Uninstallation Complete! ${COL_NC}"
+      ${COL_GREEN}Uninstallation Complete! ${COL_NC}"
 }

 ######### SCRIPT ###########
--- a/gravity.sh
+++ b/gravity.sh
@@ -50,7 +50,7 @@ etag_support=false

 # Check gravity temp directory
 if [ ! -d "${GRAVITY_TMPDIR}" ] || [ ! -w "${GRAVITY_TMPDIR}" ]; then
-  echo -e "  ${COL_LIGHT_RED}Gravity temporary directory does not exist or is not a writeable directory, falling back to /tmp. ${COL_NC}"
+  echo -e "  ${COL_RED}Gravity temporary directory does not exist or is not a writeable directory, falling back to /tmp. ${COL_NC}"
  GRAVITY_TMPDIR="/tmp"
 fi

@@ -608,8 +608,10 @@ compareLists() {
 # Download specified URL and perform checks on HTTP status and file content
 gravity_DownloadBlocklistFromUrl() {
  local url="${1}" adlistID="${2}" saveLocation="${3}" compression="${4}" gravity_type="${5}" domain="${6}"
-  local modifiedOptions="" listCurlBuffer str httpCode success="" ip cmd_ext
+  local listCurlBuffer str httpCode success="" ip customUpstreamResolver=""
  local file_path permissions ip_addr port blocked=false download=true
+  # modifiedOptions is an array to store all the options used to check if the adlist has been changed upstream
+  local modifiedOptions=()

  # Create temp file to store content on disk instead of RAM
  # We don't use '--suffix' here because not all implementations of mktemp support it, e.g. on Alpine
@@ -626,14 +628,14 @@ gravity_DownloadBlocklistFromUrl() {
      # Save HTTP ETag to the specified file. An ETag is a caching related header,
      # usually returned in a response. If no ETag is sent by the server, an empty
      # file is created and can later be used consistently.
-      modifiedOptions="--etag-save ${saveLocation}.etag"
+      modifiedOptions=("${modifiedOptions[@]}" --etag-save "${saveLocation}".etag)

      if [[ -f "${saveLocation}.etag" ]]; then
        # This option makes a conditional HTTP request for the specific ETag read
        # from the given file by sending a custom If-None-Match header using the
        # stored ETag. This way, the server will only send the file if it has
        # changed since the last request.
-        modifiedOptions="${modifiedOptions} --etag-compare ${saveLocation}.etag"
+        modifiedOptions=("${modifiedOptions[@]}" --etag-compare "${saveLocation}".etag)
      fi
    fi

@@ -646,7 +648,7 @@ gravity_DownloadBlocklistFromUrl() {
      # Interstingly, this option is not supported by raw.githubusercontent.com
      # URLs, however, it is still supported by many older web servers which may
      # not support the HTTP ETag method so we keep it as a fallback.
-      modifiedOptions="${modifiedOptions} -z ${saveLocation}"
+      modifiedOptions=("${modifiedOptions[@]}" -z "${saveLocation}")
    fi
  fi

@@ -712,7 +714,7 @@ gravity_DownloadBlocklistFromUrl() {
      fi
      echo -e "${OVER}  ${CROSS} ${str} ${domain} is blocked by one of your lists. Using DNS server ${upstream} instead"
      echo -ne "  ${INFO} ${str} Pending..."
-      cmd_ext="--resolve $domain:$port:$ip"
+      customUpstreamResolver="--resolve $domain:$port:$ip"
    fi
  fi

@@ -750,9 +752,7 @@ gravity_DownloadBlocklistFromUrl() {
  fi

  if [[ "${download}" == true ]]; then
-    # See https://github.com/pi-hole/pi-hole/issues/6159 for justification of the below disable directive
-    # shellcheck disable=SC2086
-    httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression} ${cmd_ext} ${modifiedOptions} -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2>/dev/null)
+    httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression:+${compression}} ${customUpstreamResolver:+${customUpstreamResolver}} "${modifiedOptions[@]}" -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2>/dev/null)
  fi

  case $url in
@@ -821,13 +821,13 @@ gravity_DownloadBlocklistFromUrl() {
  if [[ "${done}" != "true" ]]; then
    # Determine if cached list has read permission
    if [[ -r "${saveLocation}" ]]; then
-      echo -e "  ${CROSS} List download failed: ${COL_LIGHT_GREEN}using previously cached list${COL_NC}"
+      echo -e "  ${CROSS} List download failed: ${COL_GREEN}using previously cached list${COL_NC}"
      # Set list status to "download-failed/cached"
      database_adlist_status "${adlistID}" "3"
      # Add domains to database table file
      pihole-FTL "${gravity_type}" parseList "${saveLocation}" "${gravityTEMPfile}" "${adlistID}"
    else
-      echo -e "  ${CROSS} List download failed: ${COL_LIGHT_RED}no cached list available${COL_NC}"
+      echo -e "  ${CROSS} List download failed: ${COL_RED}no cached list available${COL_NC}"
      # Manually reset these two numbers because we do not call parseList here
      database_adlist_number "${adlistID}" 0 0
      database_adlist_status "${adlistID}" "4"
@@ -864,7 +864,7 @@ gravity_ShowCount() {

 # Trap Ctrl-C
 gravity_Trap() {
-  trap '{ echo -e "\\n\\n  ${INFO} ${COL_LIGHT_RED}User-abort detected${COL_NC}"; gravity_Cleanup "error"; }' INT
+  trap '{ echo -e "\\n\\n  ${INFO} ${COL_RED}User-abort detected${COL_NC}"; gravity_Cleanup "error"; }' INT
 }

 # Clean up after Gravity upon exit or cancellation
--- a/manpages/pihole.8
+++ b/manpages/pihole.8
@@ -105,9 +105,9 @@ Available commands and options:
    Flush the Pi-hole log
 .br

-\fB-r, reconfigure\fR
+\fB-r, repair\fR
 .br
-    Reconfigure or Repair Pi-hole subsystems
+    Repair Pi-hole subsystems
 .br

 \fB-t, tail\fR [arg]
@@ -317,9 +317,10 @@ Switching Pi-hole subsystem branches
    Switch to core development branch
 .br

-\fBpihole arpflush\fR
+\fBpihole networkflush\fR
 .br
-    Flush information stored in Pi-hole's network tables
+    Flush information stored in Pi-hole's network table
+    Add '--arp' to additionally flush the ARP table
 .br

 \fBpihole api stats/summary\fR
--- a/104
+++ b/104
@@ -9,7 +9,7 @@
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.

-readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
+PI_HOLE_SCRIPT_DIR="/opt/pihole"

 # PI_HOLE_BIN_DIR is not readonly here because in some functions (checkout),
 # they might get set again when the installer is sourced. This causes an
@@ -20,7 +20,7 @@ readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE"
 # shellcheck source=./advanced/Scripts/COL_TABLE
 source "${colfile}"

-readonly utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
+utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
 # shellcheck source=./advanced/Scripts/utils.sh
 source "${utilsfile}"

@@ -96,8 +96,18 @@ flushFunc() {
  exit 0
 }

+# Deprecated function, should be removed in the future
+# use networkFlush instead
 arpFunc() {
-  "${PI_HOLE_SCRIPT_DIR}"/piholeARPTable.sh "$@"
+  shift
+  echo -e "  ${INFO} The 'arpflush' command is deprecated, use 'networkflush' instead"
+  "${PI_HOLE_SCRIPT_DIR}"/piholeNetworkFlush.sh "$@"
+  exit 0
+}
+
+networkFlush() {
+  shift
+  "${PI_HOLE_SCRIPT_DIR}"/piholeNetworkFlush.sh "$@"
  exit 0
 }

@@ -147,10 +157,11 @@ uninstallFunc() {

 versionFunc() {
  exec "${PI_HOLE_SCRIPT_DIR}"/version.sh
+  exit 0
 }

 reloadDNS() {
-  local svcOption svc str output status pid icon FTL_PID_FILE
+  local svcOption svc str output status pid icon FTL_PID_FILE sigrtmin
  svcOption="${1:-reload}"

  # get the current path to the pihole-FTL.pid
@@ -169,7 +180,10 @@ reloadDNS() {
      str="FTL is not running"
      icon="${INFO}"
    else
-      svc="kill -RTMIN ${pid}"
+      sigrtmin="$(pihole-FTL sigrtmin 2>/dev/null)"
+      # Make sure sigrtmin is a number, otherwise fallback to RTMIN
+      [[ "${sigrtmin}" =~ ^[0-9]+$ ]] || unset sigrtmin
+      svc="kill -${sigrtmin:-RTMIN} ${pid}"
      str="Reloading DNS lists"
      icon="${TICK}"
    fi
@@ -238,7 +252,7 @@ Time:
    fi

    if [[ ${error} == true ]];then
-      echo -e "  ${COL_LIGHT_RED}Unknown format for blocking timer!${COL_NC}"
+      echo -e "  ${COL_RED}Unknown format for blocking timer!${COL_NC}"
      echo -e "  Try 'pihole disable --help' for more information."
      exit 1
    fi
@@ -264,6 +278,7 @@ Time:
  LogoutAPI

  echo -e "${OVER}  ${TICK} ${str}"
+  exit 0
 }

 piholeLogging() {
@@ -293,7 +308,7 @@ Options:
    echo -e "  ${INFO} Enabling logging..."
    local str="Logging has been enabled!"
  else
-    echo -e "  ${COL_LIGHT_RED}Invalid option${COL_NC}
+    echo -e "  ${COL_RED}Invalid option${COL_NC}
  Try 'pihole logging --help' for more information."
    exit 1
  fi
@@ -389,14 +404,14 @@ tailFunc() {
  echo -e "  ${INFO} Press Ctrl-C to exit"

  # Get logfile path
-  readonly LOGFILE
  LOGFILE=$(getFTLConfigValue files.log.dnsmasq)
+  readonly LOGFILE

  # Strip date from each line
  # Color blocklist/denylist/wildcard entries as red
  # Color A/AAAA/DHCP strings as white
  # Color everything else as gray
-  tail -f $LOGFILE | grep --line-buffered "${1}" | sed -E \
+  tail -f $LOGFILE | grep --line-buffered -- "${1}" | sed -E \
    -e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \
    -e "s,(.*(denied |gravity blocked ).*),${COL_RED}&${COL_NC}," \
    -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \
@@ -519,7 +534,8 @@ Options:
  reloadlists         Update the lists WITHOUT flushing the cache or restarting the DNS server
  checkout            Switch Pi-hole subsystems to a different GitHub branch
                        Add '-h' for more info on checkout usage
-  arpflush            Flush information stored in Pi-hole's network tables";
+  networkflush        Flush information stored in Pi-hole's network tables
+                        Add '--arp' to additionally flush the ARP table ";
  exit 0
 }

@@ -528,7 +544,7 @@ if [[ $# = 0 ]]; then
 fi

 # functions that do not require sudo power
-need_root=1
+need_root=
 case "${1}" in
  "-h" | "help" | "--help"        ) helpFunc;;
  "-v" | "version"                ) versionFunc;;
@@ -536,31 +552,32 @@ case "${1}" in
  "-q" | "query"                  ) queryFunc "$@";;
  "status"                        ) statusFunc "$2";;
  "tricorder"                     ) tricorderFunc;;
+  "allow" | "allowlist"           ) listFunc "$@";;
+  "deny" | "denylist"             ) listFunc "$@";;
+  "--wild" | "wildcard"           ) listFunc "$@";;
+  "--regex" | "regex"             ) listFunc "$@";;
+  "--allow-regex" | "allow-regex" ) listFunc "$@";;
+  "--allow-wild" | "allow-wild"   ) listFunc "$@";;
+  "enable"                        ) piholeEnable true "$2";;
+  "disable"                       ) piholeEnable false "$2";;
+  "api"                           ) shift; apiFunc "$@"; exit 0;;

  # we need to add all arguments that require sudo power to not trigger the * argument
-  "allow" | "allowlist"           ) need_root=0;;
-  "deny" | "denylist"             ) need_root=0;;
-  "--wild" | "wildcard"           ) need_root=0;;
-  "--regex" | "regex"             ) need_root=0;;
-  "--allow-regex" | "allow-regex" ) need_root=0;;
-  "--allow-wild" | "allow-wild"   ) need_root=0;;
-  "-f" | "flush"                  ) ;;
-  "-up" | "updatePihole"          ) ;;
-  "-r"  | "repair"                ) ;;
-  "-l" | "logging"                ) ;;
-  "uninstall"                     ) ;;
-  "enable"                        ) need_root=0;;
-  "disable"                       ) need_root=0;;
-  "-d" | "debug"                  ) ;;
-  "-g" | "updateGravity"          ) ;;
-  "reloaddns"                     ) ;;
-  "reloadlists"                   ) ;;
-  "setpassword"                   ) ;;
-  "checkout"                      ) ;;
-  "updatechecker"                 ) ;;
-  "arpflush"                      ) ;;
-  "-t" | "tail"                   ) ;;
-  "api"                           ) need_root=0;;
+  "-f" | "flush"                  ) need_root=true;;
+  "-up" | "updatePihole"          ) need_root=true;;
+  "-r"  | "repair"                ) need_root=true;;
+  "-l" | "logging"                ) need_root=true;;
+  "uninstall"                     ) need_root=true;;
+  "-d" | "debug"                  ) need_root=true;;
+  "-g" | "updateGravity"          ) need_root=true;;
+  "reloaddns"                     ) need_root=true;;
+  "reloadlists"                   ) need_root=true;;
+  "setpassword"                   ) need_root=true;;
+  "checkout"                      ) need_root=true;;
+  "updatechecker"                 ) need_root=true;;
+  "arpflush"                      ) need_root=true;; # Deprecated, use networkflush instead
+  "networkflush"                  ) need_root=true;;
+  "-t" | "tail"                   ) need_root=true;;
  *                               ) helpFunc;;
 esac

@@ -570,22 +587,17 @@ if [[ -z ${USER} ]]; then
  USER=$(whoami)
 fi

-# Check if the current user is neither root nor pihole and if the command
+# Check if the current user is not root and if the command
 # requires root. If so, exit with an error message.
-if [[ $EUID -ne 0 && ${USER} != "pihole" && need_root -eq 1 ]];then
-  echo -e "  ${CROSS} The Pi-hole command requires root privileges, try:"
+# Add an exception for the user "pihole" to allow the webserver running gravity
+if [[ ( $EUID -ne 0 && ${USER} != "pihole" ) && -n "${need_root}" ]]; then
+  echo -e "  ${CROSS} This Pi-hole command requires root privileges, try:"
  echo -e "      ${COL_GREEN}sudo pihole $*${COL_NC}"
  exit 1
 fi

 # Handle redirecting to specific functions based on arguments
 case "${1}" in
-  "allow" | "allowlist"           ) listFunc "$@";;
-  "deny" | "denylist"             ) listFunc "$@";;
-  "--wild" | "wildcard"           ) listFunc "$@";;
-  "--regex" | "regex"             ) listFunc "$@";;
-  "--allow-regex" | "allow-regex" ) listFunc "$@";;
-  "--allow-wild" | "allow-wild"   ) listFunc "$@";;
  "-d" | "debug"                  ) debugFunc "$@";;
  "-f" | "flush"                  ) flushFunc "$@";;
  "-up" | "updatePihole"          ) updatePiholeFunc "$@";;
@@ -593,15 +605,13 @@ case "${1}" in
  "-g" | "updateGravity"          ) updateGravityFunc "$@";;
  "-l" | "logging"                ) piholeLogging "$@";;
  "uninstall"                     ) uninstallFunc;;
-  "enable"                        ) piholeEnable true "$2";;
-  "disable"                       ) piholeEnable false "$2";;
  "reloaddns"                     ) reloadDNS "reload";;
  "reloadlists"                   ) reloadDNS "reload-lists";;
  "setpassword"                   ) SetWebPassword "$@";;
  "checkout"                      ) piholeCheckoutFunc "$@";;
  "updatechecker"                 ) shift; updateCheckFunc "$@";;
-  "arpflush"                      ) arpFunc "$@";;
+  "arpflush"                      ) arpFunc "$@";; # Deprecated, use networkflush instead
+  "networkflush"                  ) networkFlush "$@";;
  "-t" | "tail"                   ) tailFunc "$2";;
-  "api"                           ) shift; apiFunc "$@";;
  *                               ) helpFunc;;
 esac
--- a/test/_centos_10.Dockerfile
+++ b/test/_centos_10.Dockerfile
@@ -1,7 +1,7 @@
 FROM quay.io/centos/centos:stream10
 # Disable SELinux
 RUN echo "SELINUX=disabled" > /etc/selinux/config
-RUN yum install -y --allowerasing curl git
+RUN yum install -y --allowerasing curl git initscripts

 ENV GITDIR=/etc/.pihole
 ENV SCRIPTDIR=/opt/pihole
--- a/test/_centos_9.Dockerfile
+++ b/test/_centos_9.Dockerfile
@@ -1,7 +1,7 @@
 FROM quay.io/centos/centos:stream9
 # Disable SELinux
 RUN echo "SELINUX=disabled" > /etc/selinux/config
-RUN yum install -y --allowerasing curl git
+RUN yum install -y --allowerasing curl git initscripts

 ENV GITDIR=/etc/.pihole
 ENV SCRIPTDIR=/opt/pihole
--- a/test/_fedora_40.Dockerfile
+++ b/test/_fedora_40.Dockerfile
@@ -1,5 +1,5 @@
 FROM fedora:40
-RUN dnf install -y git
+RUN dnf install -y git initscripts

 ENV GITDIR=/etc/.pihole
 ENV SCRIPTDIR=/opt/pihole
--- a/test/_fedora_41.Dockerfile
+++ b/test/_fedora_41.Dockerfile
@@ -1,5 +1,5 @@
 FROM fedora:41
-RUN dnf install -y git
+RUN dnf install -y git initscripts

 ENV GITDIR=/etc/.pihole
 ENV SCRIPTDIR=/opt/pihole
--- a/test/_fedora_42.Dockerfile
+++ b/test/_fedora_42.Dockerfile
@@ -1,5 +1,5 @@
 FROM fedora:42
-RUN dnf install -y git gawk
+RUN dnf install -y git initscripts

 ENV GITDIR=/etc/.pihole
 ENV SCRIPTDIR=/opt/pihole
--- a/test/requirements.txt
+++ b/test/requirements.txt
@@ -1,6 +1,6 @@
 pyyaml == 6.0.2
-pytest == 8.3.5
-pytest-xdist == 3.6.1
+pytest == 8.4.1
+pytest-xdist == 3.8.0
 pytest-testinfra == 10.2.2
-tox == 4.26.0
+tox == 4.28.4
 pytest-clarity == 1.0.1
--- a/test/test_any_automated_install.py
+++ b/test/test_any_automated_install.py
@@ -66,14 +66,6 @@ def test_installPihole_fresh_install_readableFiles(host):
    mock_command("dialog", {"*": ("", "0")}, host)
    # mock git pull
    mock_command_passthrough("git", {"pull": ("", "0")}, host)
-    # mock PID 1 to pretend to be systemd
-    mock_command_2(
-        "ps",
-        {
-            "--pid 1": ("systemd", "0"),
-        },
-        host,
-    )
    # mock systemctl to not start FTL
    mock_command_2(
        "systemctl",
@@ -81,7 +73,6 @@ def test_installPihole_fresh_install_readableFiles(host):
            "enable pihole-FTL": ("", "0"),
            "restart pihole-FTL": ("", "0"),
            "start pihole-FTL": ("", "0"),
-            "stop pihole-FTL": ("", "0"),
            "*": ('echo "systemctl call with $@"', "0"),
        },
        host,
@@ -98,10 +89,8 @@ def test_installPihole_fresh_install_readableFiles(host):
    export DEBIAN_FRONTEND=noninteractive
    umask 0027
    runUnattended=true
-    fresh_install=false
    source /opt/pihole/basic-install.sh > /dev/null
    runUnattended=true
-    fresh_install=false
    main
    /opt/pihole/pihole-FTL-prestart.sh
    """
@@ -140,6 +129,13 @@ def test_installPihole_fresh_install_readableFiles(host):
    check_macvendor = test_cmd.format("r", "/etc/pihole/macvendor.db", piholeuser)
    actual_rc = host.run(check_macvendor).rc
    assert exit_status_success == actual_rc
+    # check readable and executable /etc/init.d/pihole-FTL
+    check_init = test_cmd.format("x", "/etc/init.d/pihole-FTL", piholeuser)
+    actual_rc = host.run(check_init).rc
+    assert exit_status_success == actual_rc
+    check_init = test_cmd.format("r", "/etc/init.d/pihole-FTL", piholeuser)
+    actual_rc = host.run(check_init).rc
+    assert exit_status_success == actual_rc
    # check readable and executable manpages
    if maninstalled is True:
        check_man = test_cmd.format("x", "/usr/local/share/man", piholeuser)
@@ -475,6 +471,7 @@ def test_package_manager_has_pihole_deps(host):
        """
    source /opt/pihole/basic-install.sh
    package_manager_detect
+    update_package_cache
    build_dependency_package
    install_dependent_packages
    """
@@ -491,6 +488,7 @@ def test_meta_package_uninstall(host):
        """
    source /opt/pihole/basic-install.sh
    package_manager_detect
+    update_package_cache
    build_dependency_package
    install_dependent_packages
    """