X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=untrusted-network;h=b4fdb70e0e5304af943e683d34d0074d77c56e2b;hb=7d5e9e87105fafa2243603f958c8b41cdaa7f0ad;hp=8fc3d7baedb561b8669d4e70e2d59b29083b2298;hpb=eb9b839bb5a91c60cc4f6eb9d7e38ffbf73f0e90;p=distro-setup

diff --git a/untrusted-network b/untrusted-network
index 8fc3d7b..b4fdb70 100755
--- a/untrusted-network
+++ b/untrusted-network
@@ -3,17 +3,22 @@
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
-[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
 
 # Usage: use when switching from a trusted network to an untrusted one,
 # like public wifi.
 
-cat >/etc/dnsmasq.d/untrusted-network.conf <<'EOF'
+if [[ ! -s /etc/dnsmasq.d/untrusted-network.conf ]]; then
+  cat >/etc/dnsmasq.d/untrusted-network.conf <<'EOF'
 server=8.8.4.4
 server=8.8.8.8
 server=2001:4860:4860::8844
 server=2001:4860:4860::8888
 no-resolv
+# https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
+stop-dns-rebind
 EOF
 
-systemctl reload dnsmasq
+  nscd -i hosts
+  systemctl restart dnsmasq
+fi