From c5df104a6653ae08b5d226de345a9f2cd53cf26b Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 30 May 2019 16:41:37 +0200 Subject: [PATCH] Add dhcp-ignore-names option when enabling DHCP service. We currently remove anything that starts with "dhcp-" to have a clean configuration and removed these lines without noticing when enabling the DHCP server. Signed-off-by: DL6ER --- advanced/01-pihole.conf | 5 ----- advanced/Scripts/webpage.sh | 8 ++++++++ 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/advanced/01-pihole.conf b/advanced/01-pihole.conf index 40a117fe..cd74e186 100644 --- a/advanced/01-pihole.conf +++ b/advanced/01-pihole.conf @@ -41,8 +41,3 @@ log-facility=/var/log/pihole.log local-ttl=2 log-async - -# If a DHCP client claims that its name is "wpad", ignore that. -# This fixes a security hole. see CERT Vulnerability VU#598349 -dhcp-name-match=set:wpad-ignore,wpad -dhcp-ignore-names=tag:wpad-ignore diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh index ea699efa..583579b6 100755 --- a/advanced/Scripts/webpage.sh +++ b/advanced/Scripts/webpage.sh @@ -366,6 +366,14 @@ EnableDHCP() { delete_dnsmasq_setting "dhcp-" delete_dnsmasq_setting "quiet-dhcp" + # If a DHCP client claims that its name is "wpad", ignore that. + # This fixes a security hole. see CERT Vulnerability VU#598349 + # We also ignore "localhost" as Windows behaves strangely if a + # device claims this host name + add_dnsmasq_setting "dhcp-name-match=set:hostname-ignore,wpad +dhcp-name-match=set:hostname-ignore,localhost +dhcp-ignore-names=tag:hostname-ignore" + ProcessDHCPSettings RestartDNS