Add new option dns.listeningMode = NONE

Signed-off-by: DL6ER <dl6er@dl6er.de>
2023-10-11 22:08:31 +02:00 · 2023-10-11 22:08:31 +02:00 · 3630bb1adb
parent 80d4a0efec
commit 3630bb1adb
5 changed files with 16 additions and 2 deletions
--- a/src/config/config.c
+++ b/src/config/config.c
@ -509,7 +509,8 @@ void initConfig(struct config *conf)
 			{ "LOCAL", "Allow only local requests. This setting accepts DNS queries only from hosts whose address is on a local subnet, i.e., a subnet for which an interface exists on the server. It is intended to be set as a default on installation, to allow unconfigured installations to be useful but also safe from being used for DNS amplification attacks if (accidentally) running public." },
 			{ "SINGLE", "Permit all origins, accept only on the specified interface. Respond only to queries arriving on the specified interface. The loopback (lo) interface is automatically added to the list of interfaces to use when this option is used. Make sure your Pi-hole is properly firewalled!" },
 			{ "BIND", "By default, FTL binds the wildcard address. If this is not what you want, you can use this option as it forces FTL to really bind only the interfaces it is listening on. Note that this may result in issues when the interface may go down (cable unplugged, etc.). About the only time when this is useful is when running another nameserver on the same port on the same machine. This may also happen if you run a virtualization API such as libvirt. When this option is used, IP alias interface labels (e.g. enp2s0:0) are checked rather than interface names." },
-			{ "ALL", "Permit all origins, accept on all interfaces. Make sure your Pi-hole is properly firewalled! This truly allows any traffic to be replied to and is a dangerous thing to do as your Pi-hole could become an open resolver. You should always ask yourself if the first option doesn't work for you as well." }
+			{ "ALL", "Permit all origins, accept on all interfaces. Make sure your Pi-hole is properly firewalled! This truly allows any traffic to be replied to and is a dangerous thing to do as your Pi-hole could become an open resolver. You should always ask yourself if the first option doesn't work for you as well." },
+			{ "NONE", "Do not add any configuration concerning the listening mode to the dnsmasq configuration file. This is useful if you want to manually configure the listening mode in auxiliary configuration files. This option is really meant for advanced users only, support for this option may be limited." }
 		};
 		CONFIG_ADD_ENUM_OPTIONS(conf->dns.listeningMode.a, listeningMode);
 	}
--- a/src/config/dnsmasq_config.c
+++ b/src/config/dnsmasq_config.c
@ -360,6 +360,9 @@ bool __attribute__((const)) write_dnsmasq_config(struct config *conf, bool test_
 			fprintf(pihole_conf, "interface=%s\n", interface);
 			fputs("bind-interfaces\n", pihole_conf);
 			break;
+		case LISTEN_NONE:
+			fputs("# No interface configuration applied, make sure to cover this yourself\n", pihole_conf);
+			break;
 	}
 	fputs("\n", pihole_conf);

--- a/src/datastructure.c
+++ b/src/datastructure.c
@ -1051,6 +1051,8 @@ const char * __attribute__ ((const)) get_listeningMode_str(const enum listening_
 			return "SINGLE";
 		case LISTEN_BIND:
 			return "BIND";
+		case LISTEN_NONE:
+			return "NONE";
 	}
 	return NULL;
 }
@ -1065,6 +1067,8 @@ int __attribute__ ((pure)) get_listeningMode_val(const char *listeningMode)
 		return LISTEN_SINGLE;
 	else if(strcasecmp(listeningMode, "BIND") == 0)
 		return LISTEN_BIND;
+	else if(strcasecmp(listeningMode, "NONE") == 0)
+		return LISTEN_NONE;

 	// Invalid value
 	return -1;
--- a/src/enums.h
+++ b/src/enums.h
@ -288,7 +288,8 @@ enum listening_mode {
 	LISTEN_LOCAL,
 	LISTEN_ALL,
 	LISTEN_SINGLE,
-	LISTEN_BIND
+	LISTEN_BIND,
+	LISTEN_NONE
 } __attribute__ ((packed));

 enum fifo_logs {
--- a/test/pihole.toml
+++ b/test/pihole.toml
@ -159,6 +159,11 @@
  #       properly firewalled! This truly allows any traffic to be replied to and is a
  #       dangerous thing to do as your Pi-hole could become an open resolver. You
  #       should always ask yourself if the first option doesn't work for you as well.
+  #   - "NONE"
+  #       Do not add any configuration concerning the listening mode to the dnsmasq
+  #       configuration file. This is useful if you want to manually configure the
+  #       listening mode in auxiliary configuration files. This option is really meant
+  #       for advanced users only, support for this option may be limited.
  listeningMode = "LOCAL"

  # Log DNS queries and replies to pihole.log