From 63e2a7f3d6ad1975122834cd4f9460b49e736fb7 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Mon, 7 Dec 2020 10:11:00 -0800 Subject: [PATCH 1/2] Remove FTL's API port range We only use 4711, there is no more autoranging for the telnet API. --- docs/main/prerequisites.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/main/prerequisites.md b/docs/main/prerequisites.md index 114e7dc..0c284d2 100644 --- a/docs/main/prerequisites.md +++ b/docs/main/prerequisites.md @@ -62,7 +62,7 @@ Due to the complexity of different ways of setting an IP address across differen | pihole-FTL | 67 (DHCP) | IPv4 UDP | The DHCP server is an optional feature that requires additional ports. | | pihole-FTL | 547 (DHCPv6) | IPv6 UDP | The DHCP server is an optional feature that requires additional ports. | | lighttpd | 80 (HTTP) | TCP | If you have another Web server already running, such as Apache, Pi-hole's Web server will not work. You can either disable the other Web server or change the port on which `lighttpd` listens, which allows you keep both Web servers running. | -| pihole-FTL | 4711-4720 | TCP | FTL is our API engine and uses port 4711 on the localhost interface. This port should not be accessible from any other interface.| +| pihole-FTL | 4711 | TCP | FTL is our API engine and uses port 4711 on the localhost interface. This port should not be accessible from any other interface.| !!! info The use of lighttpd on port _80_ is optional if you decide not to install the Web dashboard during installation. @@ -88,7 +88,7 @@ iptables -I INPUT 1 -s 127.0.0.0/8 -p udp -m udp --dport 53 -j ACCEPT iptables -I INPUT 1 -s 192.168.0.0/16 -p tcp -m tcp --dport 53 -j ACCEPT iptables -I INPUT 1 -s 192.168.0.0/16 -p udp -m udp --dport 53 -j ACCEPT iptables -I INPUT 1 -p udp --dport 67:68 --sport 67:68 -j ACCEPT -iptables -I INPUT 1 -p tcp -m tcp --dport 4711:4720 -i lo -j ACCEPT +iptables -I INPUT 1 -p tcp -m tcp --dport 4711 -i lo -j ACCEPT iptables -I INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT ``` From a16b5acb17737c5c388a956de92acf03c4cc01f4 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 10 Dec 2020 17:59:03 +0000 Subject: [PATCH 2/2] [Security] Bump ini from 1.3.5 to 1.3.7 Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.7. **This update includes a security fix.** - [Release notes](https://github.com/isaacs/ini/releases) - [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.7) Signed-off-by: dependabot-preview[bot] --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 98e6d92..1bfe101 100644 --- a/package-lock.json +++ b/package-lock.json @@ -938,9 +938,9 @@ "dev": true }, "ini": { - "version": "1.3.5", - "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.5.tgz", - "integrity": "sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw==", + "version": "1.3.7", + "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.7.tgz", + "integrity": "sha512-iKpRpXP+CrP2jyrxvg1kMUpXDyRUFDWurxbnVT1vQPx+Wz9uCYsMIqYuSBLV+PAaZG/d7kRLKRFc9oDMsH+mFQ==", "dev": true }, "is-arrayish": {