Add rate-limit settings to dashboard

Signed-off-by: DL6ER <dl6er@dl6er.de>
pi-hole · Feb 19, 2022 · 1d67146 · 1d67146
1 parent e93212f
commit 1d67146
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 0 deletions.
diff --git a/scripts/pi-hole/php/savesettings.php b/scripts/pi-hole/php/savesettings.php
@@ -352,6 +352,13 @@ function addStaticDHCPLease($mac, $ip, $hostname) {
 				}
 				pihole_execute("-a -i ".$DNSinterface." -web");
 
+				// Add rate-limiting settings
+				if(isset($_POST["rate_limit_count"]) && isset($_POST["rate_limit_interval"]))
+				{
+					// Restart of FTL is delayed
+					pihole_execute("-a ratelimit " . intval($_POST["rate_limit_count"]) . " " . intval($_POST["rate_limit_interval"]) . " false");
+				}
+
 				// If there has been no error we can save the new DNS server IPs
 				if(!strlen($error))
 				{

diff --git a/settings.php b/settings.php
@@ -718,6 +718,19 @@ function convertseconds($argument)
                     </form>
                 </div>
                 <!-- ######################################################### DNS ######################################################### -->
+                <?php
+                    // Use default
+                    $rate_limit_count = 1000;
+                    $rate_limit_interval = 60;
+                    // Get rate limit from piholeFTL config array
+                    if (isset($piholeFTLConf["RATE_LIMIT"])) {
+                        $rl = explode("/", $piholeFTLConf["RATE_LIMIT"]);
+                        if(count($rl) == 2) {
+                            $rate_limit_count = intval($rl[0]);
+                            $rate_limit_interval = intval($rl[1]);
+                        }
+                    }
+                ?>
                 <div id="dns" class="tab-pane fade<?php if($tab === "dns"){ ?> in active<?php } ?>">
                     <form role="form" method="post">
                         <div class="row">
@@ -934,6 +947,18 @@ function convertseconds($argument)
                                                     <a href="https://dnssec.vs.uni-due.de/" rel="noopener" target="_blank">here</a>.</p>
                                                 </div>
                                                 <br>
+                                                <h4><a id="ratelimit"></a>Rate-limiting</h4>
+                                                <p>Block clients making more than <input type="number" name="rate_limit_count" value="<?=$rate_limit_count?>"> queries within
+                                                <input type="number" name="rate_limit_interval" value="<?=$rate_limit_interval?>"> seconds.</p>
+                                                <p>When a client makes too many queries in too short time, it
+                                                gets rate-limited. Rate-limited queries are answered with a
+                                                <code>REFUSED</code> reply and not further processed by FTL
+                                                and prevent Pi-holes getting overwhelmed by rogue clients.
+                                                It is important to note that rate-limiting is happening on a
+                                                per-client basis. Other clients can continue to use FTL while
+                                                rate-limited clients are short-circuited at the same time.</p>
+                                                <p>Rate-limiting may be disabled altogether by setting both values to zero.</p>
+                                                <br>
                                                 <h4>Conditional forwarding</h4>
                                                 <p>If not configured as your DHCP server, Pi-hole typically won't be able to
                                                    determine the names of devices on your local network.  As a