Merge pull request #1158 from pi-hole/development

[RELEASE] Pi-hole Core 2.12

README.md

@@ -42,7 +42,7 @@ _If you wish to read over the script before running it, run `nano basic-install.
 
 ```
 git clone --depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole
-cd Pi-hole/automated_installer/
+cd Pi-hole/automated\ install/
 bash basic-install.sh
 ```
 
@@ -55,17 +55,11 @@ bash basic-install.sh
 
 Once installed, [configure your router to have **DHCP clients use the Pi as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) and then any device that connects to your network will have ads blocked without any further configuration. Alternatively, you can manually set each device to [use the Raspberry Pi as its DNS server](http://pi-hole.net/faq/how-do-i-use-the-pi-hole-as-my-dns-server/).
 
-## Installing the Pi-hole (Click to Watch!)
+## What is Pi-hole and how do I install it?
 <p align="center">
-<a href=https://www.youtube.com/watch?v=TzFLJqUeirA><img src="https://assets.pi-hole.net/static/global.png"></a>
+<a href=https://www.youtube.com/watch?v=vKWjx1AQYgs><img src="https://assets.pi-hole.net/static/global.png"></a>
 </p>
 
-## Would you like to know more?
-
-**Watch the 60-second video below to get a quick overview**
-<p align="center">
-<a href=https://youtu.be/9Eti3xibiho><img src="https://assets.pi-hole.net/static/blackhole_web.png"></a>
-</p>
 
 ## Get Help Or Connect With Us On The Web
 
@@ -101,7 +95,7 @@ The [Web interface](https://github.com/pi-hole/AdminLTE#pi-hole-admin-dashboard)
 
 ### Whitelist and blacklist
 
-Domains can be whitelisted and blacklisted using either the web interface or the command line. See [the wiki page](https://github.com/pi-hole/pi-hole/wiki/Whitelisting-and-Blacklisting) for more details 
+Domains can be whitelisted and blacklisted using either the web interface or the command line. See [the wiki page](https://github.com/pi-hole/pi-hole/wiki/Whitelisting-and-Blacklisting) for more details
 <p align="center">
 <a href=https://github.com/pi-hole/pi-hole/wiki/Whitelisting-and-Blacklisting><img src="https://assets.pi-hole.net/static/controlpanel.png"></a>
 </p>
@@ -128,7 +122,7 @@ You can view [real-time stats](http://pi-hole.net/faq/install-the-real-time-lcd-
 ## Pi-hole Projects
 
 -   [Pi-hole stats in your Mac's menu bar](https://getbitbar.com/plugins/Network/pi-hole.1m.py)
--   [Get LED alerts for each blocked ad](http://www.stinebaugh.info/get-led-alerts-for-each-blocked-ad-using-pi-hole/)
+-   [Get LED alerts for each blocked ad](http://thetimmy.silvernight.org/pages/endisbutton/)
 -   [Pi-hole on Ubuntu 14.04 on VirtualBox](http://hbalagtas.blogspot.com/2016/02/adblocking-with-pi-hole-and-ubuntu-1404.html)
 -   [Docker Pi-hole container (x86 and ARM)](https://hub.docker.com/r/diginc/pi-hole/)
 -   [Splunk: Pi-hole Visualizser](https://splunkbase.splunk.com/app/3023/)

advanced/Scripts/chronometer.sh

@@ -17,56 +17,21 @@ gravity="/etc/pihole/gravity.list"
 
 . /etc/pihole/setupVars.conf
 
-CalcBlockedDomains() {
+# Borrowed/modified from https://gist.github.com/cjus/1047794
-	if [ -e "${gravity}" ]; then
+function GetJSONValue {
-		# if BOTH IPV4 and IPV6 are in use, then we need to divide total domains by 2.
+    retVal=$(echo $1 | sed 's/\\\\\//\//g' | \
-		if [[ -n "${IPV4_ADDRESS}" && -n "${IPV6_ADDRESS}" ]]; then
+                       sed 's/[{}]//g' | \
-			blockedDomainsTotal=$(wc -l /etc/pihole/gravity.list | awk '{print $1/2}')
+                       awk -v k="text" '{n=split($0,a,","); for (i=1; i<=n; i++) print a[i]}' | \
-		else
+                       sed 's/\"\:\"/\|/g' | \
-			# only one is set.
+                       sed 's/[\,]/ /g' | \
-			blockedDomainsTotal=$(wc -l /etc/pihole/gravity.list | awk '{print $1}')
+                       sed 's/\"//g' | \
-		fi
+                       grep -w $2)
-	else
+    echo ${retVal##*|}
-		blockedDomainsTotal="Err."
-	fi
-}
-
-CalcQueriesToday() {
-	if [ -e "${piLog}" ]; then
-		queriesToday=$(awk '/query\[/ {print $6}' < "${piLog}" | wc -l)
-	else
-		queriesToday="Err."
-	fi
-}
-
-CalcblockedToday() {
-	if [ -e "${piLog}" ] && [ -e "${gravity}" ];then
-		blockedToday=$(awk '/\/etc\/pihole\/gravity.list/ && !/address/ {print $6}' < "${piLog}" | wc -l)
-	else
-		blockedToday="Err."
-	fi
-}
-
-CalcPercentBlockedToday() {
-	if [ "${queriesToday}" != "Err." ] && [ "${blockedToday}" != "Err." ]; then
-		if [ "${queriesToday}" != 0 ]; then #Fixes divide by zero error :)
-			#scale 2 rounds the number down, so we'll do scale 4 and then trim the last 2 zeros
-			percentBlockedToday=$(echo "scale=4; ${blockedToday}/${queriesToday}*100" | bc)
-			percentBlockedToday=$(sed 's/.\{2\}$//' <<< "${percentBlockedToday}")
-		else
-			percentBlockedToday=0
-		fi
-	fi
 }
 
 outputJSON() {
-	CalcQueriesToday
+	json=$(curl -s -X GET http://127.0.0.1/admin/api.php?summaryRaw)
-	CalcblockedToday
+	echo ${json}
-	CalcPercentBlockedToday
-
-	CalcBlockedDomains
-
-	printf '{"domains_being_blocked":"%s","dns_queries_today":"%s","ads_blocked_today":"%s","ads_percentage_today":"%s"}\n' "$blockedDomainsTotal" "$queriesToday" "$blockedToday" "$percentBlockedToday"
 }
 
 normalChrono() {
@@ -87,22 +52,17 @@ normalChrono() {
 		# Uncomment to continually read the log file and display the current domain being blocked
 		#tail -f /var/log/pihole.log | awk '/\/etc\/pihole\/gravity.list/ {if ($7 != "address" && $7 != "name" && $7 != "/etc/pihole/gravity.list") print $7; else;}'
 
-		#uncomment next 4 lines to use original query count calculation
+		json=$(curl -s -X GET http://127.0.0.1/admin/api.php?summaryRaw)
-		#today=$(date "+%b %e")
-		#todaysQueryCount=$(cat /var/log/pihole.log | grep "$today" | awk '/query/ {print $7}' | wc -l)
-		#todaysQueryCountV4=$(cat /var/log/pihole.log | grep "$today" | awk '/query/ && /\[A\]/ {print $7}' | wc -l)
-		#todaysQueryCountV6=$(cat /var/log/pihole.log | grep "$today" | awk '/query/ && /\[AAAA\]/ {print $7}' | wc -l)
 
+    domains=$(printf "%'.f" $(GetJSONValue ${json} "domains_being_blocked")) #add commas in
+    queries=$(printf "%'.f" $(GetJSONValue ${json} "dns_queries_today"))
+    blocked=$(printf "%'.f" $(GetJSONValue ${json} "ads_blocked_today"))
+    LC_NUMERIC=C percentage=$(printf "%0.2f\n" $(GetJSONValue ${json} "ads_percentage_today")) #2 decimal places
 
-		CalcQueriesToday
+		echo "Blocking:      ${domains}"
-		CalcblockedToday
+		echo "Queries:       ${queries}"
-		CalcPercentBlockedToday
 
-		CalcBlockedDomains
+		echo "Pi-holed:      ${blocked} (${percentage}%)"
-
-		echo "Blocking:      ${blockedDomainsTotal}"
-		echo "Queries:       ${queriesToday}" #same total calculation as dashboard
-		echo "Pi-holed:      ${blockedToday} (${percentBlockedToday}%)"
 
 		sleep 5
 	done

advanced/Scripts/list.sh

@@ -15,6 +15,7 @@ basename=pihole
 piholeDir=/etc/${basename}
 whitelist=${piholeDir}/whitelist.txt
 blacklist=${piholeDir}/blacklist.txt
+readonly wildcardlist="/etc/dnsmasq.d/03-pihole-wildcard.conf"
 reload=false
 addmode=true
 verbose=true
@@ -47,13 +48,17 @@ helpFunc() {
 :::  -h, --help				Show this help dialog
 :::  -l, --list				Display your ${word}listed domains
 EOM
+if [[ "${letter}" == "b" ]]; then
+	echo ":::  -wild, --wildcard		Add whitecard entry (only blacklist)"
+fi
 	exit 0
 }
 
 EscapeRegexp() {
     # This way we may safely insert an arbitrary
     # string in our regular expressions
-    echo $* | sed "s/[]\\.|$(){}?+*^]/\\\\&/g" | sed "s/\\//\\\\\//g"
+    # Also remove leading "." if present
+    echo $* | sed 's/^\.*//' | sed "s/[]\.|$(){}?+*^]/\\\\&/g" | sed "s/\\//\\\\\//g"
 }
 
 HandleOther(){
@@ -61,7 +66,7 @@ HandleOther(){
 	domain=$(sed -e "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/" <<< "$1")
 
 	#check validity of domain
-	validDomain=$(perl -ne "print if /\b((?=[a-z0-9-]{1,63}\.)(xn--)?[a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,63}\b/" <<< "$domain")
+	validDomain=$(echo "${domain}" | perl -lne 'print if /^(?!.*[^a-z0-9-\.].*)\b((?=[a-z0-9-]{1,63}\.)(xn--)?[a-z0-9]+(-[a-z0-9]+)*\.)*[a-z]{2,63}\b/')
 	if [ -z "${validDomain}" ]; then
 		echo "::: $1 is not a valid argument or domain name"
 	else
@@ -89,22 +94,51 @@ AddDomain() {
 	list="$2"
     domain=$(EscapeRegexp "$1")
 
-	bool=true
+    if [[ "${list}" == "${whitelist}" || "${list}" == "${blacklist}" ]]; then
-	#Is the domain in the list we want to add it to?
-	grep -Ex -q "${domain}" ${list} > /dev/null 2>&1 || bool=false
 
-	if [[ "${bool}" == false ]]; then
+		bool=true
-	  #domain not found in the whitelist file, add it!
+		#Is the domain in the list we want to add it to?
-	  if [[ "${verbose}" == true ]]; then
+		grep -Ex -q "${domain}" "${list}" > /dev/null 2>&1 || bool=false
-		echo "::: Adding $1 to $list..."
+
-	  fi
+		if [[ "${bool}" == false ]]; then
-	  reload=true
+		  #domain not found in the whitelist file, add it!
-	  # Add it to the list we want to add it to
+		  if [[ "${verbose}" == true ]]; then
-	  echo "$1" >> ${list}
+			echo "::: Adding $1 to $list..."
-	else
+		  fi
-        if [[ "${verbose}" == true ]]; then
+		  reload=true
-            echo "::: ${1} already exists in ${list}, no need to add!"
+		  # Add it to the list we want to add it to
-        fi
+		  echo "$1" >> "${list}"
+		else
+	        if [[ "${verbose}" == true ]]; then
+	            echo "::: ${1} already exists in ${list}, no need to add!"
+	        fi
+		fi
+
+	elif [[ "${list}" == "${wildcardlist}" ]]; then
+
+		source "${piholeDir}/setupVars.conf"
+		#Remove the /* from the end of the IPv4addr.
+		IPV4_ADDRESS=${IPV4_ADDRESS%/*}
+		IPV6_ADDRESS=${IPV6_ADDRESS}
+
+		bool=true
+		#Is the domain in the list?
+		grep -e "address=\/${domain}\/" "${wildcardlist}" > /dev/null 2>&1 || bool=false
+
+		if [[ "${bool}" == false ]]; then
+		  if [[ "${verbose}" == true ]]; then
+			echo "::: Adding $1 to wildcard blacklist..."
+		  fi
+		  reload=true
+		  echo "address=/$1/${IPV4_ADDRESS}" >> "${wildcardlist}"
+		  if [[ ${#IPV6_ADDRESS} > 0 ]] ; then
+		    echo "address=/$1/${IPV6_ADDRESS}" >> "${wildcardlist}"
+		  fi
+		else
+	        if [[ "${verbose}" == true ]]; then
+	            echo "::: ${1} already exists in wildcard blacklist, no need to add!"
+	        fi
+		fi
 	fi
 }
 
@@ -112,18 +146,38 @@ RemoveDomain() {
     list="$2"
     domain=$(EscapeRegexp "$1")
 
-    bool=true
+    if [[ "${list}" == "${whitelist}" || "${list}" == "${blacklist}" ]]; then
-    #Is it in the list? Logic follows that if its whitelisted it should not be blacklisted and vice versa
+
-    grep -Ex -q "${domain}" ${list} > /dev/null 2>&1 || bool=false
+        bool=true
-    if [[ "${bool}" == true ]]; then
+        #Is it in the list? Logic follows that if its whitelisted it should not be blacklisted and vice versa
-        # Remove it from the other one
+        grep -Ex -q "${domain}" "${list}" > /dev/null 2>&1 || bool=false
-        echo "::: Removing $1 from $list..."
+        if [[ "${bool}" == true ]]; then
-        # /I flag: search case-insensitive
+            # Remove it from the other one
-        sed -i "/${domain}/Id" ${list}
+            echo "::: Removing $1 from $list..."
-        reload=true
+            # /I flag: search case-insensitive
-    else
+            sed -i "/${domain}/Id" "${list}"
-        if [[ "${verbose}" == true ]]; then
+            reload=true
-            echo "::: ${1} does not exist in ${list}, no need to remove!"
+        else
+            if [[ "${verbose}" == true ]]; then
+                echo "::: ${1} does not exist in ${list}, no need to remove!"
+            fi
+        fi
+
+    elif [[ "${list}" == "${wildcardlist}" ]]; then
+
+        bool=true
+        #Is it in the list?
+        grep -e "address=\/${domain}\/" "${wildcardlist}" > /dev/null 2>&1 || bool=false
+        if [[ "${bool}" == true ]]; then
+            # Remove it from the other one
+            echo "::: Removing $1 from $list..."
+            # /I flag: search case-insensitive
+            sed -i "/address=\/${domain}/Id" "${list}"
+            reload=true
+        else
+            if [[ "${verbose}" == true ]]; then
+                echo "::: ${1} does not exist in ${list}, no need to remove!"
+            fi
         fi
     fi
 }
@@ -153,6 +207,7 @@ for var in "$@"; do
 	case "${var}" in
 	    "-w" | "whitelist"   ) listMain="${whitelist}"; listAlt="${blacklist}";;
 	    "-b" | "blacklist"   ) listMain="${blacklist}"; listAlt="${whitelist}";;
+		"-wild" | "wildcard" ) listMain="${wildcardlist}";;
 		"-nr"| "--noreload"  ) reload=false;;
 		"-d" | "--delmode"   ) addmode=false;;
 		"-f" | "--force"     ) force=true;;

advanced/Scripts/piholeDebug.sh

@@ -122,6 +122,13 @@ version_check() {
 	&& log_echo -r "${light_ver}" || (log_echo "lighttpd not installed." && error_found=1)
 	local php_ver="$(php -v |& head -n1)" \
 	&& log_echo -r "${php_ver}" || (log_echo "PHP not installed." && error_found=1)
+
+	(local pi_hole_branch="$(cd /etc/.pihole/ && git rev-parse --abbrev-ref HEAD)" && log_echo -r "Pi-hole branch:  ${pi_hole_branch}") || log_echo "Unable to obtain Pi-hole branch"
+	(local pi_hole_rev="$(cd /etc/.pihole/ && git describe --long --dirty --tags)" && log_echo -r "Pi-hole rev:     ${pi_hole_rev}") || log_echo "Unable to obtain Pi-hole revision"
+
+	(local admin_branch="$(cd /var/www/html/admin && git rev-parse --abbrev-ref HEAD)" && log_echo -r "AdminLTE branch: ${admin_branch}") || log_echo "Unable to obtain AdminLTE branch"
+	(local admin_rev="$(cd /var/www/html/admin && git describe --long --dirty --tags)" && log_echo -r "AdminLTE rev:    ${admin_rev}") || log_echo "Unable to obtain AdminLTE revision"
+
 	return "${error_found}"
 }
 
@@ -354,10 +361,21 @@ files_check "${ADLISTFILE}"
 
 header_write "Analyzing gravity.list"
 
-	gravity_length=$(wc -l "${GRAVITYFILE}") \
+	gravity_length=$(grep -c ^ "${GRAVITYFILE}") \
 	&& log_write "${GRAVITYFILE} is ${gravity_length} lines long." \
 	|| log_echo "Warning: No gravity.list file found!"
 
+header_write "Analyzing pihole.log"
+
+  pihole_length=$(grep -c ^ "${PIHOLELOG}") \
+  && log_write "${PIHOLELOG} is ${pihole_length} lines long." \
+  || log_echo "Warning: No pihole.log file found!"
+
+  pihole_size=$(du -h "${PIHOLELOG}" | awk '{ print $1 }') \
+  && log_write "${PIHOLELOG} is ${pihole_size}." \
+  || log_echo "Warning: No pihole.log file found!"
+
+
 # Continuously append the pihole.log file to the pihole_debug.log file
 dumpPiHoleLog() {
 	trap '{ echo -e "\n::: Finishing debug write from interrupt... Quitting!" ; exit 1; }' INT

advanced/Scripts/piholeLogFlush.sh

@@ -11,5 +11,10 @@
 # (at your option) any later version.
 
 echo -n "::: Flushing /var/log/pihole.log ..."
-echo " " > /var/log/pihole.log
+# Test if logrotate is available on this system
+if command -v /usr/sbin/logrotate &> /dev/null; then
+  /usr/sbin/logrotate --force /etc/pihole/logrotate
+else
+  echo " " > /var/log/pihole.log
+fi
 echo "... done!"

advanced/Scripts/update.sh

@@ -91,12 +91,37 @@ GitCheckUpdateAvail() {
 
   # Fetch latest changes in this repo
   git fetch --quiet origin
-  status="$(git status -sb)"
+
+  # @ alone is a shortcut for HEAD. Older versions of git
+  # need @{0}
+  LOCAL="$(git rev-parse @{0})"
+
+  # The suffix @{upstream} to a branchname
+  # (short form <branchname>@{u}) refers
+  # to the branch that the branch specified
+  # by branchname is set to build on top of#
+  # (configured with branch.<name>.remote and
+  # branch.<name>.merge). A missing branchname
+  # defaults to the current one.
+  REMOTE="$(git rev-parse @{upstream})"
 
   # Change back to original directory
   cd "${curdir}"
 
-  if [[ $status == *"behind"* ]]; then
+  if [[ ${#LOCAL} == 0 ]]; then
+    echo "::: Error: Local revision could not be optained, ask Pi-hole support."
+    echo "::: Additional debugging output:"
+    git status
+    exit
+  fi
+  if [[ ${#REMOTE} == 0 ]]; then
+    echo "::: Error: Remote revision could not be optained, ask Pi-hole support."
+    echo "::: Additional debugging output:"
+    git status
+    exit
+  fi
+
+  if [[ "${LOCAL}" != "${REMOTE}" ]]; then
     # Local branch is behind remote branch -> Update
     return 0
   else

advanced/Scripts/webpage.sh

@@ -92,12 +92,17 @@ SetWebPassword(){
 ProcessDNSSettings() {
 	source "${setupVars}"
 
-	delete_dnsmasq_setting "server="
+	delete_dnsmasq_setting "server"
-	add_dnsmasq_setting "server" "${PIHOLE_DNS_1}"
 
-	if [[ "${PIHOLE_DNS_2}" != "" ]]; then
+	COUNTER=1
-		add_dnsmasq_setting "server" "${PIHOLE_DNS_2}"
+	while [[ 1 ]]; do
-	fi
+		var=PIHOLE_DNS_${COUNTER}
+		if [ -z "${!var}" ]; then
+			break;
+		fi
+		add_dnsmasq_setting "server" "${!var}"
+		let COUNTER=COUNTER+1
+	done
 
 	delete_dnsmasq_setting "domain-needed"
 
@@ -111,32 +116,46 @@ ProcessDNSSettings() {
 		add_dnsmasq_setting "bogus-priv"
 	fi
 
+	delete_dnsmasq_setting "dnssec"
+	delete_dnsmasq_setting "trust-anchor="
+
+	if [[ "${DNSSEC}" == true ]]; then
+		echo "dnssec
+trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
+" >> "${dnsmasqconfig}"
+	fi
+
 }
 
 SetDNSServers(){
 
 	# Save setting to file
-	change_setting "PIHOLE_DNS_1" "${args[2]}"
+	delete_setting "PIHOLE_DNS"
+	IFS=',' read -r -a array <<< "${args[2]}"
+	for index in "${!array[@]}"
+	do
+		add_setting "PIHOLE_DNS_$((index+1))" "${array[index]}"
+	done
 
-	if [[ "${args[3]}" != "none" ]]; then
+	if [[ "${args[3]}" == "domain-needed" ]]; then
-		change_setting "PIHOLE_DNS_2" "${args[3]}"
-	else
-		change_setting "PIHOLE_DNS_2" ""
-	fi
-
-	if [[ "${args[4]}" == "domain-needed" ]]; then
 		change_setting "DNS_FQDN_REQUIRED" "true"
 	else
 		change_setting "DNS_FQDN_REQUIRED" "false"
 	fi
 
-	if [[ "${args[4]}" == "bogus-priv" || "${args[5]}" == "bogus-priv" ]]; then
+	if [[ "${args[4]}" == "bogus-priv" ]]; then
 		change_setting "DNS_BOGUS_PRIV" "true"
 	else
 		change_setting "DNS_BOGUS_PRIV" "false"
 	fi
 
-	ProcessDnsmasqSettings
+	if [[ "${args[5]}" == "dnssec" ]]; then
+		change_setting "DNSSEC" "true"
+	else
+		change_setting "DNSSEC" "false"
+	fi
+
+	ProcessDNSSettings
 
 	# Restart dnsmasq to load new configuration
 	RestartDNS
@@ -179,9 +198,10 @@ SetQueryLogOptions(){
 
 ProcessDHCPSettings() {
 
+	source "${setupVars}"
+
 	if [[ "${DHCP_ACTIVE}" == "true" ]]; then
 
-	source "${setupVars}"
 	interface=$(grep 'PIHOLE_INTERFACE=' /etc/pihole/setupVars.conf | sed "s/.*=//")
 
 	# Use eth0 as fallback interface
@@ -212,17 +232,24 @@ dhcp-authoritative
 dhcp-range=${DHCP_START},${DHCP_END},${leasetime}
 dhcp-option=option:router,${DHCP_ROUTER}
 dhcp-leasefile=/etc/pihole/dhcp.leases
-domain=${PIHOLE_DOMAIN}
 #quiet-dhcp
-#quiet-dhcp6
+" > "${dhcpconfig}"
+
+if [[ "${PIHOLE_DOMAIN}" != "none" ]]; then
+	echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}"
+fi
+
+	if [[ "${DHCP_IPv6}" == "true" ]]; then
+echo "#quiet-dhcp6
 #enable-ra
 dhcp-option=option6:dns-server,[::]
 dhcp-range=::100,::1ff,constructor:${interface},ra-names,slaac,${leasetime}
 ra-param=*,0,0
-" > "${dhcpconfig}"
+" >> "${dhcpconfig}"
+	fi
 
 	else
-		rm "${dhcpconfig}"
+		rm "${dhcpconfig}" &> /dev/null
 	fi
 }
 
@@ -234,6 +261,7 @@ EnableDHCP(){
 	change_setting "DHCP_ROUTER" "${args[4]}"
 	change_setting "DHCP_LEASETIME" "${args[5]}"
 	change_setting "PIHOLE_DOMAIN" "${args[6]}"
+	change_setting "DHCP_IPv6" "${args[7]}"
 
 	# Remove possible old setting from file
 	delete_dnsmasq_setting "dhcp-"

advanced/index.php

@@ -74,7 +74,9 @@ if($uri == "/")
 		<a class='safe33' id="whitelisting">Whitelist this page</a>
 		<a class='safe33' href='javascript:window.close()'>Close window</a>
 	</div>
-		<div style="width: 98%; text-align: center; padding: 10px;" hidden="true" id="whitelistingform">Password required!<br/>
+		<div style="width: 98%; text-align: center; padding: 10px;" hidden="true" id="whitelistingform">
+			<p>Note that whitelisting domains which are blocked using the wildcard method won't work.</p>
+			<p>Password required!</p><br/>
 		<form>
 			<input name="list" type="hidden" value="white"><br/>
 			Domain:<br/>
@@ -88,6 +90,16 @@ if($uri == "/")
 </main>
 <footer>Generated <?php echo date('D g:i A, M d'); ?> by Pi-hole <?php echo $piHoleVersion; ?></footer>
 <script src="http://pi.hole/admin/scripts/vendor/jquery.min.js"></script>
+<script>
+// Create event for when the output is appended to
+(function($) {
+    var origAppend = $.fn.append;
+
+    $.fn.append = function () {
+        return origAppend.apply(this, arguments).trigger("append");
+    };
+})(jQuery);
+</script>
 <script src="http://pi.hole/admin/scripts/pi-hole/js/queryads.js"></script>
 <script>
 function inIframe () {
@@ -115,6 +127,15 @@ else
 
 $( "#whitelisting" ).on( "click", function(){ $( "#whitelistingform" ).removeAttr( "hidden" ); });
 
+// Remove whitelist functionality if the domain was blocked because of a wildcard
+$( "#output" ).bind("append", function(){
+	if($( "#output" ).contents()[0].data.indexOf("Wildcard blocking") !== -1)
+	{
+		$( "#whitelisting" ).hide();
+		$( "#whitelistingform" ).hide();
+	}
+});
+
 function add() {
 	var domain = $("#domain");
 	var pw = $("#pw");

advanced/logrotate

@@ -0,0 +1,9 @@
+/var/log/pihole.log {
+	daily
+	copytruncate
+	rotate 5
+	compress
+	delaycompress
+	notifempty
+	nomail
+}

advanced/pihole.cron

@@ -23,4 +23,7 @@
 
 # Pi-hole: Flush the log daily at 00:00 so it doesn't get out of control
 #          Stats will be viewable in the Web interface thanks to the cron job above
+#          The flush script will use logrotate if available
 00 00   * * *   root    PATH="$PATH:/usr/local/bin/" pihole flush
+
+@reboot root /usr/sbin/logrotate /etc/pihole/logrotate

automated install/basic-install.sh

@@ -27,7 +27,8 @@ webInterfaceGitUrl="https://github.com/pi-hole/AdminLTE.git"
 webInterfaceDir="/var/www/html/admin"
 piholeGitUrl="https://github.com/pi-hole/pi-hole.git"
 PI_HOLE_LOCAL_REPO="/etc/.pihole"
-PI_HOLE_FILES=(chronometer list piholeDebug piholeLogFlush setupLCD update version)
+PI_HOLE_FILES=(chronometer list piholeDebug piholeLogFlush setupLCD update version gravity uninstall webpage)
+PI_HOLE_INSTALL_DIR="/opt/pihole"
 useUpdateVars=false
 
 IPV4_ADDRESS=""
@@ -52,24 +53,32 @@ reconfigure=false
 runUnattended=false
 
 # Compatibility
-
+distro_check() {
 if command -v apt-get &> /dev/null; then
   #Debian Family
   #############################################
   PKG_MANAGER="apt-get"
   UPDATE_PKG_CACHE="${PKG_MANAGER} update"
-  PKG_INSTALL="${PKG_MANAGER} --yes --no-install-recommends install"
+  PKG_INSTALL=(${PKG_MANAGER} --yes --no-install-recommends install)
   # grep -c will return 1 retVal on 0 matches, block this throwing the set -e with an OR TRUE
   PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
   # #########################################
   # fixes for dependancy differences
   # Debian 7 doesn't have iproute2 use iproute
-  ${PKG_MANAGER} install --dry-run iproute2 > /dev/null 2>&1 && IPROUTE_PKG="iproute2" || IPROUTE_PKG="iproute"
+  if ${PKG_MANAGER} install --dry-run iproute2 > /dev/null 2>&1; then
+    iproute_pkg="iproute2"
+  else
+    iproute_pkg="iproute"
+  fi
   # Prefer the php metapackage if it's there, fall back on the php5 pacakges
-  ${PKG_MANAGER} install --dry-run php > /dev/null 2>&1 && phpVer="php" || phpVer="php5"
+  if ${PKG_MANAGER} install --dry-run php > /dev/null 2>&1; then
+    phpVer="php"
+  else
+    phpVer="php5"
+  fi
   # #########################################
   INSTALLER_DEPS=(apt-utils debconf dhcpcd5 git whiptail)
-  PIHOLE_DEPS=(bc cron curl dnsmasq dnsutils ${IPROUTE_PKG} iputils-ping lighttpd lsof netcat ${phpVer}-common ${phpVer}-cgi sudo unzip wget)
+  PIHOLE_DEPS=(bc cron curl dnsmasq dnsutils ${iproute_pkg} iputils-ping lighttpd lsof netcat ${phpVer}-common ${phpVer}-cgi sudo unzip wget)
   LIGHTTPD_USER="www-data"
   LIGHTTPD_GROUP="www-data"
   LIGHTTPD_CFG="lighttpd.conf.debian"
@@ -85,7 +94,7 @@ elif command -v rpm &> /dev/null; then
 
 # Fedora and family update cache on every PKG_INSTALL call, no need for a separate update.
   UPDATE_PKG_CACHE=":"
-  PKG_INSTALL="${PKG_MANAGER} install -y"
+  PKG_INSTALL=(${PKG_MANAGER} install -y)
   PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l"
   INSTALLER_DEPS=(git iproute net-tools newt procps-ng)
   PIHOLE_DEPS=(bc bind-utils cronie curl dnsmasq findutils lighttpd lighttpd-fastcgi nmap-ncat php php-common php-cli sudo unzip wget)
@@ -102,8 +111,8 @@ else
   echo "OS distribution not supported"
   exit
 fi
+}
 
-####### FUNCTIONS ##########
 is_repo() {
   # Use git to check if directory is currently under VCS, return the value 128
   # if directory is not a repo. Return 1 if directory does not exist.
@@ -168,15 +177,19 @@ getGitFiles() {
 }
 
 find_IPv4_information() {
+  local route
   # Find IP used to route to outside world
-  IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}')
+  route=$(ip route get 8.8.8.8)
-  IPV4_ADDRESS=$(ip route get 8.8.8.8| awk '{print $7}')
+  IPv4dev=$(awk '{for (i=1; i<=NF; i++) if ($i~/dev/) print $(i+1)}' <<< "${route}")
-  IPv4gw=$(ip route get 8.8.8.8 | awk '{print $3}')
+  IPv4bare=$(awk '{print $7}' <<< "${route}")
+  IPV4_ADDRESS=$(ip -o -f inet addr show | grep "${IPv4bare}" |  awk '{print $4}' | awk 'END {print}')
+  IPv4gw=$(awk '{print $3}' <<< "${route}")
+
 }
 
 get_available_interfaces() {
   # Get available UP interfaces.
-  availableInterfaces=$(ip -o link | grep "state UP" | awk '{print $2}' | cut -d':' -f1 | cut -d'@' -f1)
+  availableInterfaces=$(ip -o link | grep -v "state DOWN\|lo" | awk '{print $2}' | cut -d':' -f1 | cut -d'@' -f1)
 }
 
 welcomeDialogs() {
@@ -235,32 +248,28 @@ chooseInterface() {
   # Loop sentinel variable
   local firstLoop=1
 
-  if [[ $(echo ${availableInterfaces} | wc -l) -eq 1 ]]; then
-      PIHOLE_INTERFACE=${availableInterfaces}
-      return
-  fi
-
-  while read -r line; do
-    mode="OFF"
-    if [[ ${firstLoop} -eq 1 ]]; then
-      firstLoop=0
-      mode="ON"
-    fi
-    interfacesArray+=("${line}" "available" "${mode}")
-  done <<< "${availableInterfaces}"
-
   # Find out how many interfaces are available to choose from
   interfaceCount=$(echo "${availableInterfaces}" | wc -l)
-  chooseInterfaceCmd=(whiptail --separate-output --radiolist "Choose An Interface (press space to select)" ${r} ${c} ${interfaceCount})
+
-  chooseInterfaceOptions=$("${chooseInterfaceCmd[@]}" "${interfacesArray[@]}" 2>&1 >/dev/tty)
+  if [[ ${interfaceCount} -eq 1 ]]; then
-  if [[ $? = 0 ]]; then
+      PIHOLE_INTERFACE="${availableInterfaces}"
-    for desiredInterface in ${chooseInterfaceOptions}; do
-      PIHOLE_INTERFACE=${desiredInterface}
-      echo "::: Using interface: $PIHOLE_INTERFACE"
-    done
   else
-    echo "::: Cancel selected, exiting...."
+      while read -r line; do
-    exit 1
+        mode="OFF"
+        if [[ ${firstLoop} -eq 1 ]]; then
+          firstLoop=0
+          mode="ON"
+        fi
+        interfacesArray+=("${line}" "available" "${mode}")
+      done <<< "${availableInterfaces}"
+
+      chooseInterfaceCmd=(whiptail --separate-output --radiolist "Choose An Interface (press space to select)" ${r} ${c} ${interfaceCount})
+      chooseInterfaceOptions=$("${chooseInterfaceCmd[@]}" "${interfacesArray[@]}" 2>&1 >/dev/tty) || \
+      { echo "::: Cancel selected. Exiting"; exit 1; }
+      for desiredInterface in ${chooseInterfaceOptions}; do
+        PIHOLE_INTERFACE=${desiredInterface}
+        echo "::: Using interface: $PIHOLE_INTERFACE"
+      done
   fi
 }
 
@@ -281,41 +290,37 @@ use4andor6() {
   cmd=(whiptail --separate-output --checklist "Select Protocols (press space to select)" ${r} ${c} 2)
   options=(IPv4 "Block ads over IPv4" on
   IPv6 "Block ads over IPv6" on)
-  choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)
+  choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty) || { echo "::: Cancel selected. Exiting"; exit 1; }
-  if [[ $? = 0 ]];then
+  for choice in ${choices}
-    for choice in ${choices}
+  do
-    do
+    case ${choice} in
-      case ${choice} in
+    IPv4  )   useIPv4=true;;
-      IPv4  )   useIPv4=true;;
+    IPv6  )   useIPv6=true;;
-      IPv6  )   useIPv6=true;;
+    esac
-      esac
+  done
-    done
+  if [[ ${useIPv4} ]]; then
-    if [[ ${useIPv4} ]]; then
+    find_IPv4_information
-      find_IPv4_information
+    getStaticIPv4Settings
-      getStaticIPv4Settings
+    setStaticIPv4
-      setStaticIPv4
+  fi
-    fi
+  if [[ ${useIPv6} ]]; then
-    if [[ ${useIPv6} ]]; then
+    useIPv6dialog
-      useIPv6dialog
+  fi
-    fi
+    echo "::: IPv4 address: ${IPV4_ADDRESS}"
-      echo "::: IPv4 address: ${IPV4_ADDRESS}"
+    echo "::: IPv6 address: ${IPV6_ADDRESS}"
-      echo "::: IPv6 address: ${IPV6_ADDRESS}"
+  if [ ! ${useIPv4} ] && [ ! ${useIPv6} ]; then
-    if [ ! ${useIPv4} ] && [ ! ${useIPv6} ]; then
+    echo "::: Cannot continue, neither IPv4 or IPv6 selected"
-      echo "::: Cannot continue, neither IPv4 or IPv6 selected"
+    echo "::: Exiting"
-      echo "::: Exiting"
-      exit 1
-    fi
-  else
-    echo "::: Cancel selected. Exiting..."
     exit 1
   fi
 }
 
 getStaticIPv4Settings() {
+  local ipSettingsCorrect
   # Ask if the user wants to use DHCP settings as their static IP
-  if (whiptail --backtitle "Calibrating network interface" --title "Static IP Address" --yesno "Do you want to use your current network settings as a static address?
+  if whiptail --backtitle "Calibrating network interface" --title "Static IP Address" --yesno "Do you want to use your current network settings as a static address?
           IP address:    ${IPV4_ADDRESS}
-          Gateway:       ${IPv4gw}" ${r} ${c}); then
+          Gateway:       ${IPv4gw}" ${r} ${c}; then
     # If they choose yes, let the user know that the IP address will not be available via DHCP and may cause a conflict.
     whiptail --msgbox --backtitle "IP information" --title "FYI: IP Conflict" "It is possible your router could still try to assign this IP to a device, which would cause a conflict.  But in most cases the router is smart enough to not do that.
 If you are worried, either manually set the address, or modify the DHCP reservation pool so it does not include the IP you want.
@@ -326,36 +331,29 @@ It is also possible to use a DHCP reservation, but if you are going to do that,
     # Start by getting the IPv4 address (pre-filling it with info gathered from DHCP)
     # Start a loop to let the user enter their information with the chance to go back and edit it if necessary
     until [[ ${ipSettingsCorrect} = True ]]; do
+
       # Ask for the IPv4 address
-      IPV4_ADDRESS=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 address" --inputbox "Enter your desired IPv4 address" ${r} ${c} "${IPV4_ADDRESS}" 3>&1 1>&2 2>&3)
+      IPV4_ADDRESS=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 address" --inputbox "Enter your desired IPv4 address" ${r} ${c} "${IPV4_ADDRESS}" 3>&1 1>&2 2>&3) || \
-      if [[ $? = 0 ]]; then
-      echo "::: Your static IPv4 address:    ${IPV4_ADDRESS}"
-      # Ask for the gateway
-      IPv4gw=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 gateway (router)" --inputbox "Enter your desired IPv4 default gateway" ${r} ${c} "${IPv4gw}" 3>&1 1>&2 2>&3)
-      if [[ $? = 0 ]]; then
-        echo "::: Your static IPv4 gateway:    ${IPv4gw}"
-        # Give the user a chance to review their settings before moving on
-        if (whiptail --backtitle "Calibrating network interface" --title "Static IP Address" --yesno "Are these settings correct?
-          IP address:    ${IPV4_ADDRESS}
-          Gateway:       ${IPv4gw}" ${r} ${c}); then
-          # After that's done, the loop ends and we move on
-          ipSettingsCorrect=True
-        else
-          # If the settings are wrong, the loop continues
-          ipSettingsCorrect=False
-        fi
-      else
-        # Cancelling gateway settings window
-        ipSettingsCorrect=False
-        echo "::: Cancel selected. Exiting..."
-        exit 1
-      fi
-    else
       # Cancelling IPv4 settings window
-      ipSettingsCorrect=False
+      { ipSettingsCorrect=False; echo "::: Cancel selected. Exiting..."; exit 1; }
-      echo "::: Cancel selected. Exiting..."
+      echo "::: Your static IPv4 address:    ${IPV4_ADDRESS}"
-      exit 1
+
-    fi
+      # Ask for the gateway
+      IPv4gw=$(whiptail --backtitle "Calibrating network interface" --title "IPv4 gateway (router)" --inputbox "Enter your desired IPv4 default gateway" ${r} ${c} "${IPv4gw}" 3>&1 1>&2 2>&3) || \
+      # Cancelling gateway settings window
+      { ipSettingsCorrect=False; echo "::: Cancel selected. Exiting..."; exit 1; }
+      echo "::: Your static IPv4 gateway:    ${IPv4gw}"
+
+      # Give the user a chance to review their settings before moving on
+      if whiptail --backtitle "Calibrating network interface" --title "Static IP Address" --yesno "Are these settings correct?
+        IP address:    ${IPV4_ADDRESS}
+        Gateway:       ${IPv4gw}" ${r} ${c}; then
+        # After that's done, the loop ends and we move on
+        ipSettingsCorrect=True
+        else
+        # If the settings are wrong, the loop continues
+        ipSettingsCorrect=False
+      fi
     done
     # End the if statement for DHCP vs. static
   fi
@@ -439,95 +437,88 @@ valid_ip() {
 }
 
 setDNS() {
-  DNSChooseCmd=(whiptail --separate-output --radiolist "Select Upstream DNS Provider. To use your own, select Custom." ${r} ${c} 6)
+  local DNSSettingsCorrect
-  DNSChooseOptions=(Google "" on
-      OpenDNS "" off
-      Level3 "" off
-      Norton "" off
-      Comodo "" off
-      Custom "" off)
-  DNSchoices=$("${DNSChooseCmd[@]}" "${DNSChooseOptions[@]}" 2>&1 >/dev/tty)
-  if [[ $? = 0 ]];then
-    case ${DNSchoices} in
-      Google)
-        echo "::: Using Google DNS servers."
-        PIHOLE_DNS_1="8.8.8.8"
-        PIHOLE_DNS_2="8.8.4.4"
-        ;;
-      OpenDNS)
-        echo "::: Using OpenDNS servers."
-        PIHOLE_DNS_1="208.67.222.222"
-        PIHOLE_DNS_2="208.67.220.220"
-        ;;
-      Level3)
-        echo "::: Using Level3 servers."
-        PIHOLE_DNS_1="4.2.2.1"
-        PIHOLE_DNS_2="4.2.2.2"
-        ;;
-      Norton)
-        echo "::: Using Norton ConnectSafe servers."
-        PIHOLE_DNS_1="199.85.126.10"
-        PIHOLE_DNS_2="199.85.127.10"
-        ;;
-      Comodo)
-        echo "::: Using Comodo Secure servers."
-        PIHOLE_DNS_1="8.26.56.26"
-        PIHOLE_DNS_2="8.20.247.20"
-        ;;
-      Custom)
-        until [[ ${DNSSettingsCorrect} = True ]]; do
-        strInvalid="Invalid"
-        if [ ! ${PIHOLE_DNS_1} ]; then
-          if [ ! ${PIHOLE_DNS_2} ]; then
-            prePopulate=""
-          else
-            prePopulate=", ${PIHOLE_DNS_2}"
-          fi
-        elif  [ ${PIHOLE_DNS_1} ] && [ ! ${PIHOLE_DNS_2} ]; then
-          prePopulate="${PIHOLE_DNS_1}"
-        elif [ ${PIHOLE_DNS_1} ] && [ ${PIHOLE_DNS_2} ]; then
-          prePopulate="${PIHOLE_DNS_1}, ${PIHOLE_DNS_2}"
-        fi
 
-        piholeDNS=$(whiptail --backtitle "Specify Upstream DNS Provider(s)"  --inputbox "Enter your desired upstream DNS provider(s), seperated by a comma.\n\nFor example '8.8.8.8, 8.8.4.4'" ${r} ${c} "${prePopulate}" 3>&1 1>&2 2>&3)
+  DNSChooseOptions=(Google ""
+      OpenDNS ""
+      Level3 ""
+      Norton ""
+      Comodo ""
+      Custom "")
+  DNSchoices=$(whiptail --separate-output --menu "Select Upstream DNS Provider. To use your own, select Custom." ${r} ${c} 6 \
+    "${DNSChooseOptions[@]}" 2>&1 >/dev/tty) || \
+    { echo "::: Cancel selected. Exiting"; exit 1; }
+  case ${DNSchoices} in
+    Google)
+      echo "::: Using Google DNS servers."
+      PIHOLE_DNS_1="8.8.8.8"
+      PIHOLE_DNS_2="8.8.4.4"
+      ;;
+    OpenDNS)
+      echo "::: Using OpenDNS servers."
+      PIHOLE_DNS_1="208.67.222.222"
+      PIHOLE_DNS_2="208.67.220.220"
+      ;;
+    Level3)
+      echo "::: Using Level3 servers."
+      PIHOLE_DNS_1="4.2.2.1"
+      PIHOLE_DNS_2="4.2.2.2"
+      ;;
+    Norton)
+      echo "::: Using Norton ConnectSafe servers."
+      PIHOLE_DNS_1="199.85.126.10"
+      PIHOLE_DNS_2="199.85.127.10"
+      ;;
+    Comodo)
+      echo "::: Using Comodo Secure servers."
+      PIHOLE_DNS_1="8.26.56.26"
+      PIHOLE_DNS_2="8.20.247.20"
+      ;;
+    Custom)
+      until [[ ${DNSSettingsCorrect} = True ]]; do
+      strInvalid="Invalid"
+      if [ ! ${PIHOLE_DNS_1} ]; then
+        if [ ! ${PIHOLE_DNS_2} ]; then
+          prePopulate=""
+        else
+          prePopulate=", ${PIHOLE_DNS_2}"
+        fi
+      elif  [ ${PIHOLE_DNS_1} ] && [ ! ${PIHOLE_DNS_2} ]; then
+        prePopulate="${PIHOLE_DNS_1}"
+      elif [ ${PIHOLE_DNS_1} ] && [ ${PIHOLE_DNS_2} ]; then
+        prePopulate="${PIHOLE_DNS_1}, ${PIHOLE_DNS_2}"
+      fi
 
-        if [[ $? = 0 ]]; then
+      piholeDNS=$(whiptail --backtitle "Specify Upstream DNS Provider(s)"  --inputbox "Enter your desired upstream DNS provider(s), seperated by a comma.\n\nFor example '8.8.8.8, 8.8.4.4'" ${r} ${c} "${prePopulate}" 3>&1 1>&2 2>&3) || \
-          PIHOLE_DNS_1=$(echo "${piholeDNS}" | sed 's/[, \t]\+/,/g' | awk -F, '{print$1}')
+      { echo "::: Cancel selected. Exiting"; exit 1; }
-          PIHOLE_DNS_2=$(echo "${piholeDNS}" | sed 's/[, \t]\+/,/g' | awk -F, '{print$2}')
+      PIHOLE_DNS_1=$(echo "${piholeDNS}" | sed 's/[, \t]\+/,/g' | awk -F, '{print$1}')
-          if ! valid_ip "${PIHOLE_DNS_1}" || [ ! "${PIHOLE_DNS_1}" ]; then
+      PIHOLE_DNS_2=$(echo "${piholeDNS}" | sed 's/[, \t]\+/,/g' | awk -F, '{print$2}')
-            PIHOLE_DNS_1=${strInvalid}
+      if ! valid_ip "${PIHOLE_DNS_1}" || [ ! "${PIHOLE_DNS_1}" ]; then
-          fi
+        PIHOLE_DNS_1=${strInvalid}
-          if ! valid_ip "${PIHOLE_DNS_2}" && [ "${PIHOLE_DNS_2}" ]; then
+      fi
-            PIHOLE_DNS_2=${strInvalid}
+      if ! valid_ip "${PIHOLE_DNS_2}" && [ "${PIHOLE_DNS_2}" ]; then
-          fi
+        PIHOLE_DNS_2=${strInvalid}
-        else
+      fi
-          echo "::: Cancel selected, exiting...."
+      if [[ ${PIHOLE_DNS_1} == "${strInvalid}" ]] || [[ ${PIHOLE_DNS_2} == "${strInvalid}" ]]; then
-          exit 1
+        whiptail --msgbox --backtitle "Invalid IP" --title "Invalid IP" "One or both entered IP addresses were invalid. Please try again.\n\n    DNS Server 1:   $PIHOLE_DNS_1\n    DNS Server 2:   ${PIHOLE_DNS_2}" ${r} ${c}
+        if [[ ${PIHOLE_DNS_1} == "${strInvalid}" ]]; then
+          PIHOLE_DNS_1=""
         fi
-        if [[ ${PIHOLE_DNS_1} == "${strInvalid}" ]] || [[ ${PIHOLE_DNS_2} == "${strInvalid}" ]]; then
+        if [[ ${PIHOLE_DNS_2} == "${strInvalid}" ]]; then
-          whiptail --msgbox --backtitle "Invalid IP" --title "Invalid IP" "One or both entered IP addresses were invalid. Please try again.\n\n    DNS Server 1:   $PIHOLE_DNS_1\n    DNS Server 2:   ${PIHOLE_DNS_2}" ${r} ${c}
+          PIHOLE_DNS_2=""
-          if [[ ${PIHOLE_DNS_1} == "${strInvalid}" ]]; then
-            PIHOLE_DNS_1=""
-          fi
-          if [[ ${PIHOLE_DNS_2} == "${strInvalid}" ]]; then
-            PIHOLE_DNS_2=""
-          fi
-          DNSSettingsCorrect=False
-        else
-          if (whiptail --backtitle "Specify Upstream DNS Provider(s)" --title "Upstream DNS Provider(s)" --yesno "Are these settings correct?\n    DNS Server 1:   $PIHOLE_DNS_1\n    DNS Server 2:   ${PIHOLE_DNS_2}" ${r} ${c}); then
-          DNSSettingsCorrect=True
-        else
-        # If the settings are wrong, the loop continues
-          DNSSettingsCorrect=False
-          fi
         fi
-        done
+        DNSSettingsCorrect=False
-        ;;
+      else
-    esac
+        if (whiptail --backtitle "Specify Upstream DNS Provider(s)" --title "Upstream DNS Provider(s)" --yesno "Are these settings correct?\n    DNS Server 1:   $PIHOLE_DNS_1\n    DNS Server 2:   ${PIHOLE_DNS_2}" ${r} ${c}); then
-  else
+        DNSSettingsCorrect=True
-    echo "::: Cancel selected. Exiting..."
+      else
-    exit 1
+      # If the settings are wrong, the loop continues
-  fi
+        DNSSettingsCorrect=False
+        fi
+      fi
+      done
+      ;;
+  esac
 }
 
 setLogging() {
@@ -610,35 +601,35 @@ clean_existing() {
   # Clean an exiting installation to prepare for upgrade/reinstall
   # ${1} Directory to clean; ${2} Array of files to remove
   local clean_directory="${1}"
-  local old_files=${2}
+  shift
+  local old_files=( "$@" )
 
   for script in "${old_files[@]}"; do
-    rm -f "${clean_directory}${script}.sh"
+    rm -f "${clean_directory}/${script}.sh"
   done
 }
 
 installScripts() {
   # Install the scripts from repository to their various locations
-  readonly install_dir="/opt/pihole/"
 
   echo ":::"
   echo -n "::: Installing scripts from ${PI_HOLE_LOCAL_REPO}..."
 
   # Clear out script files from Pi-hole scripts directory.
-  clean_existing "${install_dir}" "${PI_HOLE_FILES}"
+  clean_existing "${PI_HOLE_INSTALL_DIR}" "${PI_HOLE_FILES[@]}"
 
   # Install files from local core repository
   if is_repo "${PI_HOLE_LOCAL_REPO}"; then
     cd "${PI_HOLE_LOCAL_REPO}"
-    install -o "${USER}" -Dm755 -d /opt/pihole
+    install -o "${USER}" -Dm755 -d "${PI_HOLE_INSTALL_DIR}"
-    install -o "${USER}" -Dm755 -t /opt/pihole/ gravity.sh
+    install -o "${USER}" -Dm755 -t "${PI_HOLE_INSTALL_DIR}" gravity.sh
-    install -o "${USER}" -Dm755 -t /opt/pihole/ ./advanced/Scripts/*.sh
+    install -o "${USER}" -Dm755 -t "${PI_HOLE_INSTALL_DIR}" ./advanced/Scripts/*.sh
-    install -o "${USER}" -Dm755 -t /opt/pihole/ ./automated\ install/uninstall.sh
+    install -o "${USER}" -Dm755 -t "${PI_HOLE_INSTALL_DIR}" ./automated\ install/uninstall.sh
     install -o "${USER}" -Dm755 -t /usr/local/bin/ pihole
     install -Dm644 ./advanced/bash-completion/pihole /etc/bash_completion.d/pihole
     echo " done."
   else
-    echo " *** ERROR: Local repo ${core_repo} not found, exiting."
+    echo " *** ERROR: Local repo ${PI_HOLE_LOCAL_REPO} not found, exiting."
     exit 1
   fi
 }
@@ -757,7 +748,7 @@ install_dependent_packages() {
       fi
     done
     if [[ ${#installArray[@]} -gt 0 ]]; then
-      debconf-apt-progress -- ${PKG_INSTALL} "${installArray[@]}"
+      debconf-apt-progress -- "${PKG_INSTALL[@]}" "${installArray[@]}"
       return
     fi
       return 0
@@ -774,7 +765,7 @@ install_dependent_packages() {
     fi
   done
     if [[ ${#installArray[@]} -gt 0 ]]; then
-      ${PKG_INSTALL} "${installArray[@]}" &> /dev/null
+      "${PKG_INSTALL[@]}" "${installArray[@]}" &> /dev/null
       return
     fi
     return 0
@@ -818,21 +809,23 @@ installPiholeWeb() {
     if [ -f "/var/www/html/pihole/blockingpage.css" ]; then
       echo ":::     Existing blockingpage.css detected, not overwriting"
     else
-      echo -n ":::     index.css missing, replacing... "
+      echo -n ":::     blockingpage.css missing, replacing... "
       cp /etc/.pihole/advanced/blockingpage.css /var/www/html/pihole
       echo " done!"
     fi
 
   else
-    mkdir /var/www/html/pihole
+    echo ":::     Creating directory for blocking page"
+    install -d /var/www/html/pihole
+    install -D /etc/.pihole/advanced/{index,blockingpage}.* /var/www/html/pihole/
     if [ -f /var/www/html/index.lighttpd.html ]; then
       mv /var/www/html/index.lighttpd.html /var/www/html/index.lighttpd.orig
     else
       printf "\n:::\tNo default index.lighttpd.html file found... not backing up"
     fi
-    cp /etc/.pihole/advanced/index.* /var/www/html/pihole/.
     echo " done!"
   fi
+
   # Install Sudoer file
   echo ":::"
   echo -n "::: Installing sudoer file..."
@@ -878,29 +871,42 @@ runGravity() {
 create_pihole_user() {
   # Check if user pihole exists and create if not
   echo "::: Checking if user 'pihole' exists..."
-  id -u pihole &> /dev/null && echo "::: User 'pihole' already exists" || (echo "::: User 'pihole' doesn't exist. Creating..." && useradd -r -s /usr/sbin/nologin pihole)
+  if id -u pihole &> /dev/null; then
+    echo "::: User 'pihole' already exists"
+  else
+    echo "::: User 'pihole' doesn't exist. Creating..."
+    useradd -r -s /usr/sbin/nologin pihole
+  fi
 }
 
 configureFirewall() {
   # Allow HTTP and DNS traffic
   if firewall-cmd --state &> /dev/null; then
-    echo "::: Configuring FirewallD for httpd and dnsmasq.."
+    whiptail --title "Firewall in use" --yesno "We have detected a running firewall\n\nPi-hole currently requires HTTP and DNS port access.\n\n\n\nInstall Pi-hole default firewall rules?" ${r} ${c} || \
+    { echo -e ":::\n::: Not installing firewall rulesets."; return 0; }
+    echo -e ":::\n:::\n Configuring FirewallD for httpd and dnsmasq."
     firewall-cmd --permanent --add-port=80/tcp --add-port=53/tcp --add-port=53/udp
     firewall-cmd --reload
+    return 0
   # Check for proper kernel modules to prevent failure
-  elif modinfo ip_tables &> /dev/null; then
+  elif modinfo ip_tables &> /dev/null && command -v iptables &> /dev/null; then
     # If chain Policy is not ACCEPT or last Rule is not ACCEPT
     # then check and insert our Rules above the DROP/REJECT Rule.
     if iptables -S INPUT | head -n1 | grep -qv '^-P.*ACCEPT$' || iptables -S INPUT | tail -n1 | grep -qv '^-\(A\|P\).*ACCEPT$'; then
+      whiptail --title "Firewall in use" --yesno "We have detected a running firewall\n\nPi-hole currently requires HTTP and DNS port access.\n\n\n\nInstall Pi-hole default firewall rules?" ${r} ${c} || \
+      { echo -e ":::\n::: Not installing firewall rulesets."; return 0; }
+      echo -e ":::\n::: Installing new IPTables firewall rulesets."
       # Check chain first, otherwise a new rule will duplicate old ones
-      echo "::: Configuring iptables for httpd and dnsmasq.."
       iptables -C INPUT -p tcp -m tcp --dport 80 -j ACCEPT &> /dev/null || iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT
       iptables -C INPUT -p tcp -m tcp --dport 53 -j ACCEPT &> /dev/null || iptables -I INPUT 1 -p tcp -m tcp --dport 53 -j ACCEPT
       iptables -C INPUT -p udp -m udp --dport 53 -j ACCEPT &> /dev/null || iptables -I INPUT 1 -p udp -m udp --dport 53 -j ACCEPT
+      return 0
     fi
   else
-    echo "::: No active firewall detected.. skipping firewall configuration."
+    echo -e ":::\n::: No active firewall detected.. skipping firewall configuration."
+    return 0
   fi
+  echo -e ":::\n::: Skipping firewall configuration."
 }
 
 finalExports() {
@@ -930,6 +936,24 @@ finalExports() {
   fi
 }
 
+installLogrotate() {
+  # Install the logrotate script
+  echo ":::"
+  echo -n "::: Installing latest logrotate script..."
+  cp /etc/.pihole/advanced/logrotate /etc/pihole/logrotate
+  # Different operating systems have different user / group
+  # settings for logrotate that makes it impossible to create
+  # a static logrotate file that will work with e.g.
+  # Rasbian and Ubuntu at the same time. Hence, we have to
+  # customize the logrotate script here in order to reflect
+  # the local properties of the /var/log directory
+  logusergroup="$(stat -c '%U %G' /var/log)"
+  if [[ ! -z $logusergroup ]]; then
+    echo "su ${logusergroup}" >> /etc/pihole/logrotate
+  fi
+  echo " done!"
+}
+
 installPihole() {
   # Install base files and web interface
   create_pihole_user
@@ -949,6 +973,7 @@ installPihole() {
   CreateLogFile
   installPiholeWeb
   installCron
+  installLogrotate
   configureFirewall
   finalExports
   runGravity
@@ -972,14 +997,14 @@ accountForRefactor() {
 updatePihole() {
   accountForRefactor
   # Source ${setupVars} for use in the rest of the functions.
-  . ${setupVars}
+  source ${setupVars}
   # Install base files and web interface
   installScripts
   installConfigs
   CreateLogFile
   installPiholeWeb
   installCron
-  configureFirewall
+  installLogrotate
   finalExports #re-export setupVars.conf to account for any new vars added in new versions
   runGravity
 }
@@ -993,15 +1018,11 @@ checkSelinux() {
     enforceMode=$(getenforce)
     echo "${enforceMode}"
     if [[ "${enforceMode}" == "Enforcing" ]]; then
-      if (whiptail --title "SELinux Enforcing Detected" --yesno "SELinux is being Enforced on your system!\n\nPi-hole currently does not support SELinux, but you may still continue with the installation.\n\nNote: Admin UI Will not function fully without setting your policies correctly\n\nContinue installing Pi-hole?" ${r} ${c}); then
+      whiptail --title "SELinux Enforcing Detected" --yesno "SELinux is being Enforced on your system!\n\nPi-hole currently does not support SELinux, but you may still continue with the installation.\n\nNote: Admin UI Will not function fully without setting your policies correctly\n\nContinue installing Pi-hole?" ${r} ${c} || \
-          echo ":::"
+      { echo ":::"; echo "::: Not continuing install after SELinux Enforcing detected."; exit 1; }
-          echo "::: Continuing installation with SELinux Enforcing."
+      echo ":::"
-          echo "::: Please refer to official SELinux documentation to create a custom policy."
+      echo "::: Continuing installation with SELinux Enforcing."
-      else
+      echo "::: Please refer to official SELinux documentation to create a custom policy."
-          echo ":::"
-          echo "::: Not continuing install after SELinux Enforcing detected."
-          exit 1
-      fi
     fi
   fi
 }
@@ -1037,23 +1058,19 @@ update_dialogs() {
 
   UpdateCmd=$(whiptail --title "Existing Install Detected!" --menu "\n\nWe have detected an existing install.\n\nPlease choose from the following options: \n($strAdd)" ${r} ${c} 2 \
   "${opt1a}"  "${opt1b}" \
-  "${opt2a}"  "${opt2b}" 3>&2 2>&1 1>&3)
+  "${opt2a}"  "${opt2b}" 3>&2 2>&1 1>&3) || \
+  { echo "::: Cancel selected. Exiting"; exit 1; }
 
-  if [[ $? = 0 ]];then
+  case ${UpdateCmd} in
-    case ${UpdateCmd} in
+    ${opt1a})
-      ${opt1a})
+      echo "::: ${opt1a} option selected."
-        echo "::: ${opt1a} option selected."
+      useUpdateVars=true
-        useUpdateVars=true
+      ;;
-        ;;
+    ${opt2a})
-      ${opt2a})
+      echo "::: ${opt2a} option selected"
-        echo "::: ${opt2a} option selected"
+      useUpdateVars=false
-        useUpdateVars=false
+      ;;
-        ;;
     esac
-  else
-    echo "::: Cancel selected. Exiting..."
-    exit 1
-  fi
 }
 
 main() {
@@ -1072,7 +1089,7 @@ main() {
 
     if command -v sudo &> /dev/null; then
       echo "::: Utility sudo located."
-      exec curl -sSL https://install.pi-hole.net | sudo bash "$@"
+      exec curl -sSL https://raw.githubusercontent.com/pi-hole/pi-hole/master/automated%20install/basic-install.sh | sudo bash "$@"
       exit $?
     else
       echo "::: sudo is needed for the Web interface to run pihole commands.  Please run this script as root and it will be automatically installed."
@@ -1080,6 +1097,9 @@ main() {
     fi
   fi
 
+  # Check for supported distribution
+  distro_check
+
   # Check arguments for the undocumented flags
   for var in "$@"; do
     case "$var" in
@@ -1170,11 +1190,11 @@ main() {
   pw=""
   if [[ $(grep 'WEBPASSWORD' -c /etc/pihole/setupVars.conf) == 0 ]] ; then
       pw=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8)
-      pihole -a -p ${pw}
+      /usr/local/bin/pihole -a -p "${pw}"
   fi
 
   if [[ "${useUpdateVars}" == false ]]; then
-      displayFinalMessage ${pw}
+      displayFinalMessage "${pw}"
   fi
 
   echo "::: Restarting services..."

gravity.sh

@@ -76,7 +76,7 @@ gravity_collapse() {
 		#custom file found, use this instead of default
 		echo -n "::: Custom adList file detected. Reading..."
 		sources=()
-		while read -r line; do
+		while IFS= read -r line || [[ -n "$line" ]]; do
 			#Do not read commented out or blank lines
 			if [[ ${line} = \#* ]] || [[ ! ${line} ]]; then
 				echo "" > /dev/null
@@ -89,7 +89,7 @@ gravity_collapse() {
 		#no custom file found, use defaults!
 		echo -n "::: No custom adlist file detected, reading from default file..."
 		sources=()
-		while read -r line; do
+		while IFS= read -r line || [[ -n "$line" ]]; do
 			#Do not read commented out or blank lines
 			if [[ ${line} = \#* ]] || [[ ! ${line} ]]; then
 				echo "" > /dev/null
@@ -388,7 +388,7 @@ if [[ "${forceGrav}" == true ]]; then
 fi
 
 #Overwrite adlists.default from /etc/.pihole in case any changes have been made. Changes should be saved in /etc/adlists.list
-#cp /etc/.pihole/adlists.default /etc/pihole/adlists.default
+cp /etc/.pihole/adlists.default /etc/pihole/adlists.default
 gravity_collapse
 gravity_spinup
 if [[ "${skipDownload}" == false ]]; then

pihole

@@ -11,6 +11,7 @@
 # (at your option) any later version.
 
 PI_HOLE_SCRIPT_DIR="/opt/pihole"
+readonly wildcardlist="/etc/dnsmasq.d/03-pihole-wildcard.conf"
 # Must be root to use this tool
 if [[ ! $EUID -eq 0 ]];then
   if [ -x "$(command -v sudo)" ];then
@@ -38,6 +39,11 @@ blacklistFunc() {
   exit 0
 }
 
+wildcardFunc() {
+  "${PI_HOLE_SCRIPT_DIR}"/list.sh "$@"
+  exit 0
+}
+
 debugFunc() {
   "${PI_HOLE_SCRIPT_DIR}"/piholeDebug.sh
   exit 0
@@ -63,11 +69,6 @@ updateGravityFunc() {
   exit 0
 }
 
-setupLCDFunction() {
-  "${PI_HOLE_SCRIPT_DIR}"/setupLCD.sh
-  exit 0
-}
-
 scanList(){
   domain="${1}"
   list="${2}"
@@ -79,19 +80,52 @@ scanList(){
   fi
 }
 
+processWildcards() {
+  IFS="." read -r -a array <<< "${1}"
+  for (( i=${#array[@]}-1; i>=0; i-- )); do
+    ar=""
+    for (( j=${#array[@]}-1; j>${#array[@]}-i-2; j-- )); do
+      if [[ $j == $((${#array[@]}-1)) ]]; then
+        ar="${array[$j]}"
+      else
+        ar="${array[$j]}.${ar}"
+      fi
+    done
+    echo "${ar}"
+  done
+}
+
 queryFunc() {
   domain="${2}"
   method="${3}"
   lists=( /etc/pihole/list.* /etc/pihole/blacklist.txt)
   for list in ${lists[@]}; do
-    result=$(scanList ${domain} ${list} ${method})
+    if [ -e "${list}" ]; then
+      result=$(scanList ${domain} ${list} ${method})
+      # Remove empty lines before couting number of results
+      count=$(sed '/^\s*$/d' <<< "$result" | wc -l)
+      echo "::: ${list} (${count} results)"
+      if [[ ${count} > 0 ]]; then
+        echo "${result}"
+      fi
+      echo ""
+    else
+      echo "::: ${list} does not exist"
+      echo ""
+    fi
+  done
+
+  # Scan for possible wildcard matches
+  local wildcards=($(processWildcards "${domain}"))
+  for domain in ${wildcards[@]}; do
+    result=$(scanList "\/${domain}\/" ${wildcardlist})
     # Remove empty lines before couting number of results
     count=$(sed '/^\s*$/d' <<< "$result" | wc -l)
-    echo "::: ${list} (${count} results)"
     if [[ ${count} > 0 ]]; then
+      echo "::: Wildcard blocking ${domain} (${count} results)"
       echo "${result}"
+      echo ""
     fi
-    echo ""
   done
   exit 0
 }
@@ -248,7 +282,6 @@ helpFunc() {
 :::  -up, updatePihole        Update Pi-hole
 :::  -r, reconfigure          Reconfigure or Repair Pi-hole
 :::  -g, updateGravity        Update the list of ad-serving domains
-:::  -s, setupLCD             Automatically configures the Pi to use the 2.8 LCD screen to display stats on it
 :::  -c, chronometer          Calculates stats and displays to an LCD
 :::  -h, help                 Show this help dialog
 :::  -v, version              Show current versions
@@ -275,12 +308,12 @@ fi
 case "${1}" in
   "-w" | "whitelist"            ) whitelistFunc "$@";;
   "-b" | "blacklist"            ) blacklistFunc "$@";;
+  "-wild" | "wildcard"          ) wildcardFunc "$@";;
   "-d" | "debug"                ) debugFunc;;
   "-f" | "flush"                ) flushFunc;;
   "-up" | "updatePihole"        ) updatePiholeFunc;;
   "-r"  | "reconfigure"         ) reconfigurePiholeFunc;;
   "-g" | "updateGravity"        ) updateGravityFunc "$@";;
-  "-s" | "setupLCD"             ) setupLCDFunction;;
   "-c" | "chronometer"          ) chronometerFunc "$@";;
   "-h" | "help"                 ) helpFunc;;
   "-v" | "version"              ) versionFunc "$@";;

test/test_automated_install.py

@@ -64,35 +64,237 @@ def test_setupVars_saved_to_file(Pihole):
     for k,v in SETUPVARS.iteritems():
         assert "{}={}".format(k, v) in output
 
-def test_configureFirewall_firewalld_no_errors(Pihole):
+def test_configureFirewall_firewalld_running_no_errors(Pihole):
-    ''' confirms firewalld rules are applied when appopriate '''
+    ''' confirms firewalld rules are applied when firewallD is running '''
-    mock_command('firewall-cmd', '0', Pihole)
+    # firewallD returns 'running' as status
+    mock_command('firewall-cmd', {'*':('running', 0)}, Pihole)
+    # Whiptail dialog returns Ok for user prompt
+    mock_command('whiptail', {'*':('', 0)}, Pihole)
     configureFirewall = Pihole.run('''
     source /opt/pihole/basic-install.sh
     configureFirewall
     ''')
-    expected_stdout = '::: Configuring FirewallD for httpd and dnsmasq.'
+    expected_stdout = 'Configuring FirewallD for httpd and dnsmasq.'
     assert expected_stdout in configureFirewall.stdout
     firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout
     assert 'firewall-cmd --state' in firewall_calls
     assert 'firewall-cmd --permanent --add-port=80/tcp --add-port=53/tcp --add-port=53/udp' in firewall_calls
     assert 'firewall-cmd --reload' in firewall_calls
 
+def test_configureFirewall_firewalld_disabled_no_errors(Pihole):
+    ''' confirms firewalld rules are not applied when firewallD is not running '''
+    # firewallD returns non-running status
+    mock_command('firewall-cmd', {'*':('not running', '1')}, Pihole)
+    configureFirewall = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    configureFirewall
+    ''')
+    expected_stdout = 'No active firewall detected.. skipping firewall configuration.'
+    assert expected_stdout in configureFirewall.stdout
+
+def test_configureFirewall_firewalld_enabled_declined_no_errors(Pihole):
+    ''' confirms firewalld rules are not applied when firewallD is running, user declines ruleset '''
+    # firewallD returns running status
+    mock_command('firewall-cmd', {'*':('running', 0)}, Pihole)
+    # Whiptail dialog returns Cancel for user prompt
+    mock_command('whiptail', {'*':('', 1)}, Pihole)
+    configureFirewall = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    configureFirewall
+    ''')
+    expected_stdout = 'Not installing firewall rulesets.'
+    assert expected_stdout in configureFirewall.stdout
+
+def test_configureFirewall_no_firewall(Pihole):
+    ''' confirms firewall skipped no daemon is running '''
+    configureFirewall = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    configureFirewall
+    ''')
+    expected_stdout = 'No active firewall detected'
+    assert expected_stdout in configureFirewall.stdout
+
+def test_configureFirewall_IPTables_enabled_declined_no_errors(Pihole):
+    ''' confirms IPTables rules are not applied when IPTables is running, user declines ruleset '''
+    # iptables command exists
+    mock_command('iptables', {'*':('', '0')}, Pihole)
+    # modinfo returns always true (ip_tables module check)
+    mock_command('modinfo', {'*':('', '0')}, Pihole)
+    # Whiptail dialog returns Cancel for user prompt
+    mock_command('whiptail', {'*':('', '1')}, Pihole)
+    configureFirewall = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    configureFirewall
+    ''')
+    expected_stdout = 'Not installing firewall rulesets.'
+    assert expected_stdout in configureFirewall.stdout
+
+def test_configureFirewall_IPTables_enabled_rules_exist_no_errors(Pihole):
+    ''' confirms IPTables rules are not applied when IPTables is running and rules exist '''
+    # iptables command exists and returns 0 on calls (should return 0 on iptables -C)
+    mock_command('iptables', {'-S':('-P INPUT DENY', '0')}, Pihole)
+    # modinfo returns always true (ip_tables module check)
+    mock_command('modinfo', {'*':('', '0')}, Pihole)
+    # Whiptail dialog returns Cancel for user prompt
+    mock_command('whiptail', {'*':('', '0')}, Pihole)
+    configureFirewall = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    configureFirewall
+    ''')
+    expected_stdout = 'Installing new IPTables firewall rulesets'
+    assert expected_stdout in configureFirewall.stdout
+    firewall_calls = Pihole.run('cat /var/log/iptables').stdout
+    assert 'iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT' not in firewall_calls
+    assert 'iptables -I INPUT 1 -p tcp -m tcp --dport 53 -j ACCEPT' not in firewall_calls
+    assert 'iptables -I INPUT 1 -p udp -m udp --dport 53 -j ACCEPT' not in firewall_calls
+
+def test_configureFirewall_IPTables_enabled_not_exist_no_errors(Pihole):
+    ''' confirms IPTables rules are applied when IPTables is running and rules do not exist '''
+    # iptables command and returns 0 on calls (should return 1 on iptables -C)
+    mock_command('iptables', {'-S':('-P INPUT DENY', '0'), '-C':('', 1), '-I':('', 0)}, Pihole)
+    # modinfo returns always true (ip_tables module check)
+    mock_command('modinfo', {'*':('', '0')}, Pihole)
+    # Whiptail dialog returns Cancel for user prompt
+    mock_command('whiptail', {'*':('', '0')}, Pihole)
+    configureFirewall = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    configureFirewall
+    ''')
+    expected_stdout = 'Installing new IPTables firewall rulesets'
+    assert expected_stdout in configureFirewall.stdout
+    firewall_calls = Pihole.run('cat /var/log/iptables').stdout
+    assert 'iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT' in firewall_calls
+    assert 'iptables -I INPUT 1 -p tcp -m tcp --dport 53 -j ACCEPT' in firewall_calls
+    assert 'iptables -I INPUT 1 -p udp -m udp --dport 53 -j ACCEPT' in firewall_calls
+
+def test_installPiholeWeb_fresh_install_no_errors(Pihole):
+    ''' confirms all web page assets from Core repo are installed on a fresh build '''
+    installWeb = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    installPiholeWeb
+    ''')
+    assert 'Installing pihole custom index page...' in installWeb.stdout
+    assert 'No default index.lighttpd.html file found... not backing up' in installWeb.stdout
+    web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
+    assert 'index.php' in web_directory
+    assert 'index.js' in web_directory
+    assert 'blockingpage.css' in web_directory
+
+def test_installPiholeWeb_empty_directory_no_errors(Pihole):
+    ''' confirms all web page assets from Core repo are installed in an emtpy directory '''
+    installWeb = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    mkdir -p /var/www/html/pihole
+    installPiholeWeb
+    ''')
+    assert 'Installing pihole custom index page...' in installWeb.stdout
+    assert 'No default index.lighttpd.html file found... not backing up' not in installWeb.stdout
+    assert 'index.php missing, replacing...' in installWeb.stdout
+    assert 'index.js missing, replacing...' in installWeb.stdout
+    assert 'blockingpage.css missing, replacing...' in installWeb.stdout
+    web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
+    assert 'index.php' in web_directory
+    assert 'index.js' in web_directory
+    assert 'blockingpage.css' in web_directory
+
+def test_installPiholeWeb_index_php_no_errors(Pihole):
+    ''' confirms all web page assets from Core repo are installed when necessary '''
+    installWeb = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    mkdir -p /var/www/html/pihole
+    touch /var/www/html/pihole/index.php
+    installPiholeWeb
+    ''')
+    assert 'Installing pihole custom index page...' in installWeb.stdout
+    assert 'No default index.lighttpd.html file found... not backing up' not in installWeb.stdout
+    assert 'Existing index.php detected, not overwriting' in installWeb.stdout
+    assert 'index.js missing, replacing...' in installWeb.stdout
+    assert 'blockingpage.css missing, replacing...' in installWeb.stdout
+    web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
+    assert 'index.php' in web_directory
+    assert 'index.js' in web_directory
+    assert 'blockingpage.css' in web_directory
+
+def test_installPiholeWeb_index_js_no_errors(Pihole):
+    ''' confirms all web page assets from Core repo are installed when necessary '''
+    installWeb = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    mkdir -p /var/www/html/pihole
+    touch /var/www/html/pihole/index.js
+    installPiholeWeb
+    ''')
+    assert 'Installing pihole custom index page...' in installWeb.stdout
+    assert 'No default index.lighttpd.html file found... not backing up' not in installWeb.stdout
+    assert 'index.php missing, replacing...' in installWeb.stdout
+    assert 'Existing index.js detected, not overwriting' in installWeb.stdout
+    assert 'blockingpage.css missing, replacing...' in installWeb.stdout
+    web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
+    assert 'index.php' in web_directory
+    assert 'index.js' in web_directory
+    assert 'blockingpage.css' in web_directory
+
+def test_installPiholeWeb_blockingpage_css_no_errors(Pihole):
+    ''' confirms all web page assets from Core repo are installed when necessary '''
+    installWeb = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    mkdir -p /var/www/html/pihole
+    touch /var/www/html/pihole/blockingpage.css
+    installPiholeWeb
+    ''')
+    assert 'Installing pihole custom index page...' in installWeb.stdout
+    assert 'No default index.lighttpd.html file found... not backing up' not in installWeb.stdout
+    assert 'index.php missing, replacing...' in installWeb.stdout
+    assert 'index.js missing, replacing...' in installWeb.stdout
+    assert 'Existing blockingpage.css detected, not overwriting' in installWeb.stdout
+    web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
+    assert 'index.php' in web_directory
+    assert 'index.js' in web_directory
+    assert 'blockingpage.css' in web_directory
+
+def test_installPiholeWeb_already_populated_no_errors(Pihole):
+    ''' confirms all web page assets from Core repo are installed when necessary '''
+    installWeb = Pihole.run('''
+    source /opt/pihole/basic-install.sh
+    mkdir -p /var/www/html/pihole
+    touch /var/www/html/pihole/index.php
+    touch /var/www/html/pihole/index.js
+    touch /var/www/html/pihole/blockingpage.css
+    installPiholeWeb
+    ''')
+    assert 'Installing pihole custom index page...' in installWeb.stdout
+    assert 'No default index.lighttpd.html file found... not backing up' not in installWeb.stdout
+    assert 'Existing index.php detected, not overwriting' in installWeb.stdout
+    assert 'index.php missing, replacing...' not in installWeb.stdout
+    assert 'Existing index.js detected, not overwriting' in installWeb.stdout
+    assert 'index.js missing, replacing...' not in installWeb.stdout
+    assert 'Existing blockingpage.css detected, not overwriting' in installWeb.stdout
+    assert 'blockingpage.css missing, replacing... ' not in installWeb.stdout
+    web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
+    assert 'index.php' in web_directory
+    assert 'index.js' in web_directory
+    assert 'blockingpage.css' in web_directory
 
 # Helper functions
-def mock_command(script, result, container):
+def mock_command(script, args, container):
     ''' Allows for setup of commands we don't really want to have to run for real in unit tests '''
-    ''' TODO: support array of results that enable the results to change over multiple executions of a command '''
     full_script_path = '/usr/local/bin/{}'.format(script)
     mock_script = dedent('''\
     #!/bin/bash -e
     echo "\$0 \$@" >> /var/log/{script}
-    exit {retcode}
+    case "\$1" in'''.format(script=script))
-    '''.format(script=script, retcode=result))
+    for k, v in args.iteritems():
+        case = dedent('''
+        {arg})
+        echo {res}
+        exit {retcode}
+        ;;'''.format(arg=k, res=v[0], retcode=v[1]))
+        mock_script += case
+    mock_script += dedent('''
+    esac''')
     container.run('''
     cat <<EOF> {script}\n{content}\nEOF
     chmod +x {script}
-    '''.format(script=full_script_path, content=mock_script))
+    rm -f /var/log/{scriptlog}'''.format(script=full_script_path, content=mock_script, scriptlog=script))
 
 def run_script(Pihole, script):
     result = Pihole.run(script)