2 # I, Ian Kelling, follow the GNU license recommendations at
3 # https://www.gnu.org/licenses/license-recommendations.en.html. They
4 # recommend that small programs, < 300 lines, be licensed under the
5 # Apache License 2.0. This file contains or is part of one or more small
6 # programs. If a small program grows beyond 300 lines, I plan to switch
9 # Copyright 2024 Ian Kelling
11 # Licensed under the Apache License, Version 2.0 (the "License");
12 # you may not use this file except in compliance with the License.
13 # You may obtain a copy of the License at
15 # http://www.apache.org/licenses/LICENSE-2.0
17 # Unless required by applicable law or agreed to in writing, software
18 # distributed under the License is distributed on an "AS IS" BASIS,
19 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 # See the License for the specific language governing permissions and
21 # limitations under the License.
24 # Usage: run to trust or untrust dns. public wifi sometimes needs to
25 # trust dns initially to log in.
28 [[ $EUID == 0 ]] ||
exec sudo
-E "${BASH_SOURCE[0]}" "$@"
30 source /a
/bin
/bash-bear-trap
/bash-bear
32 script_name
="${BASH_SOURCE[0]}"
33 script_name
="${script_name##*/}"
35 # removes malware and adult content
36 servers
=(1.1.1.3 1.0.0.3 2606:4700:4700::1113 2606:4700:4700::1003)
38 servers
=(1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001)
41 servers
=(8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844)
45 m
() { printf "%s\n" "$*"; "$@"; }
46 e
() { printf "%s\n" "$@"; }
48 local tmp tmpdir dest
="$1"
49 local base
="${dest##*/}"
54 tmp
=$
(rsync
-ic $tmpdir/"$base" "$dest")
62 # i symlinked the script to another name to make it work different
72 if [[ -e /etc
/NetworkManager
/conf.d
/dns.conf
]]; then
73 rm -fv /etc
/NetworkManager
/conf.d
/dns.conf
74 if [[ $
(systemctl is-active NetworkManager
) == active
]]; then
75 m systemctl restart NetworkManager
79 # https://github.com/jonathanio/update-systemd-resolved
80 # suggests this will help prevent leakage into a vpn interface
81 cat >/etc
/systemd
/resolved.conf.d
/untrusted-network.conf
<<EOF
85 # https://wiki.archlinux.org/index.php/Systemd-resolved#Manually
86 cat >/etc
/systemd
/resolved.conf.d
/untrusted-network.conf
<<EOF
93 i
/etc
/NetworkManager
/conf.d
/dns.conf
<<'EOF'
96 systemd-resolved=false
99 if $ir && [[ $
(systemctl is-active NetworkManager
) == active
]]; then
100 m systemctl restart NetworkManager
104 dhclient_restart
=false
106 if ! grep -qP '\bdomain-name-servers\b' /etc
/dhcp
/dhclient.conf
; then
107 sed -i 's/^ *request/request domain-name-servers,/' /etc
/dhcp
/dhclient.conf
108 dhclient_restart
=true
109 e
$0: dhclient_restart
=true
113 # wait for networkmanager to come back
114 for ((i
=0; i
<10; i
++)); do
115 if read -r _ _ _ _ gateway_if _
< <(ip route get
8.8.8.8); then
122 if [[ $gateway_if ]]; then
123 # we could do this, but dhclient is still running and will use its old settings
124 # from dependencies of ifupdown,
125 # from man dhclient-script
126 # from /etc/dhcp/dhclient-enter-hooks.d/resolved
127 # rm -f /run/systemd/resolved.conf.d/*$gateway_if*
130 if $dhclient_restart && grep -Pq "^ *auto ($gateway_if|.* $gateway_if( |$))" /etc
/network
/interfaces
; then
135 # At least on systemd 237 ifupdown it sets a global and this is not
136 # needed. we are way past that, but I dont think it hurts.
137 resolvectl revert
$gateway_if
139 e
$0: no gateway_if found
142 m systemctl restart systemd-resolved
146 # just for curiosity i did a
147 # wrapper around dhclient, then ifdown eth0; ifup eth0:
149 # Tue Mar 9 18:29:05 EST 2021
150 # args -4 -v -r -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases -I -df /var/lib/dhcp/dhclient6.eth0.leases eth0
161 # PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
162 # IFUPDOWN_eth0=pre-down
164 # Tue Mar 9 18:29:07 EST 2021
165 # args -1 -4 -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases -I -df /var/lib/dhcp/dhclient6.eth0.leases eth0
176 # PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
177 # IFUPDOWN_eth0=post-up