Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve interface settings #2011

Merged
merged 3 commits into from
Dec 20, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions scripts/pi-hole/php/savesettings.php
Original file line number Diff line number Diff line change
Expand Up @@ -332,6 +332,10 @@ function addStaticDHCPLease($mac, $ip, $hostname) {
{
$DNSinterface = "single";
}
elseif($_POST["DNSinterface"] === "bind")
{
$DNSinterface = "bind";
}
elseif($_POST["DNSinterface"] === "all")
{
$DNSinterface = "all";
Expand Down
53 changes: 33 additions & 20 deletions settings.php
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,8 @@
if (isset($setupVars["DNSMASQ_LISTENING"])) {
if ($setupVars["DNSMASQ_LISTENING"] === "single") {
$DNSinterface = "single";
} elseif ($setupVars["DNSMASQ_LISTENING"] === "bind") {
$DNSinterface = "bind";
} elseif ($setupVars["DNSMASQ_LISTENING"] === "all") {
$DNSinterface = "all";
} else {
Expand Down Expand Up @@ -830,34 +832,45 @@ function convertseconds($argument)
<div class="col-lg-6">
<div class="box box-warning">
<div class="box-header with-border">
<h1 class="box-title">Interface listening behavior</h1>
<h1 class="box-title">Interface settings</h1>
</div>
<div class="box-body">
<div class="row">
<div class="col-lg-12">
<div class="form-group">
<div>
<input type="radio" name="DNSinterface" id="DNSinterface1" value="local"
<?php if ($DNSinterface == "local"){ ?>checked<?php } ?>>
<label for="DNSinterface1"><strong>Listen on all interfaces</strong><br>Allows only queries from devices that are at most one hop away (local devices)</label>
</div>
<div>
<input type="radio" name="DNSinterface" id="DNSinterface2" value="single"
<?php if ($DNSinterface == "single"){ ?>checked<?php } ?>>
<label for="DNSinterface2"><strong>Listen only on interface <?php echo htmlentities($piHoleInterface); ?></strong></label>
<div class="no-danger-area">
<h4>Recommended setting</h4>
<div>
<input type="radio" name="DNSinterface" id="DNSinterface1" value="local"
<?php if ($DNSinterface == "local"){ ?>checked<?php } ?>>
<label for="DNSinterface1"><strong>Allow only local requests</strong><br>Allows only queries from devices that are at most one hop away (local devices)</label>
</div>
</div>
<div>
<input type="radio" name="DNSinterface" id="DNSinterface3" value="all"
<?php if ($DNSinterface == "all"){ ?>checked<?php } ?>>
<label for="DNSinterface3"><strong>Listen on all interfaces, permit all origins</strong></label>
<div class="danger-area">
<h4>Potentially dangerous options</h4>Make sure your Pi-hole is properly firewalled!
<div>
<input type="radio" name="DNSinterface" id="DNSinterface2" value="single"
<?php if ($DNSinterface == "single"){ ?>checked<?php } ?>>
<label for="DNSinterface2"><strong>Respond only on interface <?php echo htmlentities($piHoleInterface); ?></strong></label>
</div>
<div>
<input type="radio" name="DNSinterface" id="DNSinterface3" value="bind"
<?php if ($DNSinterface == "bind"){ ?>checked<?php } ?>>
<label for="DNSinterface3"><strong>Bind only to interface <?php echo htmlentities($piHoleInterface); ?></strong></label>
</div>
<div>
<input type="radio" name="DNSinterface" id="DNSinterface4" value="all"
<?php if ($DNSinterface == "all"){ ?>checked<?php } ?>>
<label for="DNSinterface4"><strong>Permit all origins</strong></label>
</div>
<p>These options are dangerous on devices
directly connected to the Internet such as cloud instances and are only safe if your
Pi-hole is properly firewalled. In a typical at-home setup where your Pi-hole is
located within your local network (and you have <strong>not</strong> forwarded port 53
in your router!) they are safe to use.</p>
</div>
</div>
<p>Note that the last option should not be used on devices which are
directly connected to the Internet. This option is safe if your
Pi-hole is located within your local network, i.e. protected behind
your router, and you have not forwarded port 53 to this device. In
virtually all other cases you have to make sure that your Pi-hole is
properly firewalled.</p>
<p>See <a href="https://docs.pi-hole.net/ftldns/interfaces/" target="_blank">our documentation</a> for further technical details.</p>
</div>
</div>
</div>
Expand Down
18 changes: 18 additions & 0 deletions style/pi-hole.css
Original file line number Diff line number Diff line change
Expand Up @@ -441,3 +441,21 @@ td.details-control {
.navbar-nav {
height: 50px;
}

.no-danger-area {
margin: 0.5em 0 1em;
border-left: 2px solid green;
border-right: 2px solid green;
padding: 1px 1em 0.5em;
box-shadow: 0 0 2px -1px #bbb;
border-radius: 6px;
}

.danger-area {
margin: 0.5em 0 1em;
border-left: 2px solid red;
border-right: 2px solid red;
padding: 1px 1em 0.5em;
box-shadow: 0 0 2px -1px #bbb;
border-radius: 6px;
}