Pull request: all: upd chlog

Merge in DNS/adguard-home from chlog to master

Squashed commit of the following:

commit bd9925fa46d1ca67b52938ffa8cef3262367cc40
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Tue Dec 21 15:01:04 2021 +0300

    all: upd chlog

.twosky.json

@@ -12,6 +12,7 @@
       "en": "English",
       "es": "Español",
       "fa": "فارسی",
+      "fi": "Suomi",
       "fr": "Français",
       "hr": "Hrvatski",
       "hu": "Magyar",
@@ -33,6 +34,7 @@
       "sv": "Svenska",
       "th": "ภาษาไทย",
       "tr": "Türkçe",
+      "uk": "Українська",
       "vi": "Tiếng Việt",
       "zh-cn": "简体中文",
       "zh-hk": "繁體中文（香港）",

CHANGELOG.md

@@ -10,13 +10,16 @@ and this project adheres to
 ## [Unreleased]
 
 <!--
-## [v0.107.0] - 2021-09-28 (APPROX.)
+## [v0.107.1] - 2022-01-25 (APPROX.)
 -->
 
+## [v0.107.0] - 2021-12-21
+
 ### Added
 
-- DNS server IP addresses to the `mobileconfig` API responses ([#3568],
-  [#3607]).
+- Upstream server information for responses from cache ([#3772]).  Note that old
+  log entries concerning cached responses won't include that information.
+- Finnish and Ukrainian translations.
 - Setting the timeout for IP address pinging in the "Fastest IP address" mode
   through the new `fastest_timeout` field in the configuration file ([#1992]).
 - Static IP address detection on FreeBSD ([#3289]).
@@ -48,6 +51,18 @@ and this project adheres to
 
 ### Changed
 
+- Port bindings are now checked for uniqueness ([#3835]).
+- The DNSSEC check now simply checks against the AD flag in the response
+  ([#3904]).
+- Client objects in the configuration file are now sorted ([#3933]).
+- Responses from cache are now labeled ([#3772]).
+- Better error message for ED25519 private keys, which are not widely supported
+  ([#3737]).
+- Cache now follows RFC more closely for negative answers ([#3707]).
+- `$dnsrewrite` rules and other DNS rewrites will now be applied even when the
+  protection is disabled ([#1558]).
+- DHCP gateway address, subnet mask, IP address range, and leases validations
+  ([#3529]).
 - The `systemd` service script will now create the `/var/log` directory when it
   doesn't exist ([#3579]).
 - Items in allowed clients, disallowed clients, and blocked hosts lists are now
@@ -116,7 +131,22 @@ In this release, the schema version has changed from 10 to 12.
 
 ### Fixed
 
-- Adding an IP into only one of the matching ipsets on Linux ([#3638]).
+- EDNS0 TCP keepalive option handling ([#3778]).
+- Rules with the `$denyallow` modifier applying to IP addresses when they
+  shouldn't ([#3175]).
+- The length of the EDNS0 client subnet option appearing too long for some
+  upstream servers ([#3887]).
+- Invalid redirection to the HTTPS web interface after saving enabled encryption
+  settings ([#3558]).
+- Incomplete propagation of the client's IP anonymization setting to the
+  statistics ([#3890]).
+- Incorrect `$dnsrewrite` results for entries from the operating system's hosts
+  file ([#3815]).
+- Matching against rules with `|` at the end of the domain name ([#3371]).
+- Incorrect assignment of explicitly configured DHCP options ([#3744]).
+- Occasional panic during shutdown ([#3655]).
+- Addition of IPs into only one as opposed to all matching ipsets on Linux
+  ([#3638]).
 - Removal of temporary filter files ([#3567]).
 - Panic when an upstream server responds with an empty question section
   ([#3551]).
@@ -152,6 +182,7 @@ In this release, the schema version has changed from 10 to 12.
 - Go 1.15 support.
 
 [#1381]: https://github.com/AdguardTeam/AdGuardHome/issues/1381
+[#1558]: https://github.com/AdguardTeam/AdGuardHome/issues/1558
 [#1691]: https://github.com/AdguardTeam/AdGuardHome/issues/1691
 [#1898]: https://github.com/AdguardTeam/AdGuardHome/issues/1898
 [#1992]: https://github.com/AdguardTeam/AdGuardHome/issues/1992
@@ -172,6 +203,7 @@ In this release, the schema version has changed from 10 to 12.
 [#3162]: https://github.com/AdguardTeam/AdGuardHome/issues/3162
 [#3166]: https://github.com/AdguardTeam/AdGuardHome/issues/3166
 [#3172]: https://github.com/AdguardTeam/AdGuardHome/issues/3172
+[#3175]: https://github.com/AdguardTeam/AdGuardHome/issues/3175
 [#3184]: https://github.com/AdguardTeam/AdGuardHome/issues/3184
 [#3185]: https://github.com/AdguardTeam/AdGuardHome/issues/3185
 [#3186]: https://github.com/AdguardTeam/AdGuardHome/issues/3186
@@ -186,6 +218,7 @@ In this release, the schema version has changed from 10 to 12.
 [#3335]: https://github.com/AdguardTeam/AdGuardHome/issues/3335
 [#3343]: https://github.com/AdguardTeam/AdGuardHome/issues/3343
 [#3351]: https://github.com/AdguardTeam/AdGuardHome/issues/3351
+[#3371]: https://github.com/AdguardTeam/AdGuardHome/issues/3371
 [#3372]: https://github.com/AdguardTeam/AdGuardHome/issues/3372
 [#3417]: https://github.com/AdguardTeam/AdGuardHome/issues/3417
 [#3419]: https://github.com/AdguardTeam/AdGuardHome/issues/3419
@@ -195,14 +228,28 @@ In this release, the schema version has changed from 10 to 12.
 [#3450]: https://github.com/AdguardTeam/AdGuardHome/issues/3450
 [#3457]: https://github.com/AdguardTeam/AdGuardHome/issues/3457
 [#3506]: https://github.com/AdguardTeam/AdGuardHome/issues/3506
+[#3529]: https://github.com/AdguardTeam/AdGuardHome/issues/3529
 [#3538]: https://github.com/AdguardTeam/AdGuardHome/issues/3538
 [#3551]: https://github.com/AdguardTeam/AdGuardHome/issues/3551
+[#3558]: https://github.com/AdguardTeam/AdGuardHome/issues/3558
 [#3564]: https://github.com/AdguardTeam/AdGuardHome/issues/3564
 [#3567]: https://github.com/AdguardTeam/AdGuardHome/issues/3567
 [#3568]: https://github.com/AdguardTeam/AdGuardHome/issues/3568
 [#3579]: https://github.com/AdguardTeam/AdGuardHome/issues/3579
 [#3607]: https://github.com/AdguardTeam/AdGuardHome/issues/3607
 [#3638]: https://github.com/AdguardTeam/AdGuardHome/issues/3638
+[#3655]: https://github.com/AdguardTeam/AdGuardHome/issues/3655
+[#3707]: https://github.com/AdguardTeam/AdGuardHome/issues/3707
+[#3737]: https://github.com/AdguardTeam/AdGuardHome/issues/3737
+[#3744]: https://github.com/AdguardTeam/AdGuardHome/issues/3744
+[#3772]: https://github.com/AdguardTeam/AdGuardHome/issues/3772
+[#3778]: https://github.com/AdguardTeam/AdGuardHome/issues/3778
+[#3815]: https://github.com/AdguardTeam/AdGuardHome/issues/3815
+[#3835]: https://github.com/AdguardTeam/AdGuardHome/issues/3835
+[#3887]: https://github.com/AdguardTeam/AdGuardHome/issues/3887
+[#3890]: https://github.com/AdguardTeam/AdGuardHome/issues/3890
+[#3904]: https://github.com/AdguardTeam/AdGuardHome/issues/3904
+[#3933]: https://github.com/AdguardTeam/AdGuardHome/pull/3933
 
 
 
@@ -566,11 +613,12 @@ In this release, the schema version has changed from 10 to 12.
 
 
 <!--
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.0...HEAD
-[v0.107.0]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.106.3...v0.107.0
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.1...HEAD
+[v0.107.1]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.0...v0.107.1
 -->
 
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.106.3...HEAD
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.0...HEAD
+[v0.107.0]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.106.3...v0.107.0
 [v0.106.3]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.106.2...v0.106.3
 [v0.106.2]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.106.1...v0.106.2
 [v0.106.1]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.106.0...v0.106.1

README.md

@@ -280,29 +280,29 @@ Edge:
 curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -c edge
 ```
 
-* Beta channel builds
-    * Linux: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_amd64.tar.gz), [32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_386.tar.gz)
-    * Linux ARM: [32-bit ARMv6](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_armv6.tar.gz) (recommended for Raspberry Pi), [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_arm64.tar.gz), [32-bit ARMv5](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_armv5.tar.gz), [32-bit ARMv7](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_armv7.tar.gz)
-    * Linux MIPS: [32-bit MIPS](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mips_softfloat.tar.gz), [32-bit MIPSLE](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mipsle_softfloat.tar.gz), [64-bit MIPS](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mips64_softfloat.tar.gz), [64-bit MIPSLE](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mips64le_softfloat.tar.gz)
-    * Windows: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_windows_amd64.zip), [32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_windows_386.zip)
-    * macOS: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_darwin_amd64.zip), [32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_darwin_386.zip)
-    * macOS ARM: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_darwin_arm64.zip)
-    * FreeBSD: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_amd64.tar.gz), [32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_386.tar.gz)
-    * FreeBSD ARM: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_arm64.tar.gz), [32-bit ARMv5](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_armv5.tar.gz), [32-bit ARMv6](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_armv6.tar.gz), [32-bit ARMv7](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_armv7.tar.gz)
-    * OpenBSD: (coming soon)
-    * OpenBSD ARM: (coming soon)
+ *  Beta channel builds
+     *  Linux: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_amd64.tar.gz), [32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_386.tar.gz)
+     *  Linux ARM: [32-bit ARMv6](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_armv6.tar.gz) (recommended for Raspberry Pi OS stable), [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_arm64.tar.gz), [32-bit ARMv5](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_armv5.tar.gz), [32-bit ARMv7](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_armv7.tar.gz)
+     *  Linux MIPS: [32-bit MIPS](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mips_softfloat.tar.gz), [32-bit MIPSLE](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mipsle_softfloat.tar.gz), [64-bit MIPS](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mips64_softfloat.tar.gz), [64-bit MIPSLE](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mips64le_softfloat.tar.gz)
+     *  Windows: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_windows_amd64.zip), [32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_windows_386.zip)
+     *  macOS: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_darwin_amd64.zip), [32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_darwin_386.zip)
+     *  macOS ARM: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_darwin_arm64.zip)
+     *  FreeBSD: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_amd64.tar.gz), [32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_386.tar.gz)
+     *  FreeBSD ARM: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_arm64.tar.gz), [32-bit ARMv5](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_armv5.tar.gz), [32-bit ARMv6](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_armv6.tar.gz), [32-bit ARMv7](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_armv7.tar.gz)
+     *  OpenBSD: (coming soon)
+     *  OpenBSD ARM: (coming soon)
 
-* Edge channel builds
-    * Linux: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_amd64.tar.gz), [32-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_386.tar.gz)
-    * Linux ARM: [32-bit ARMv6](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_armv6.tar.gz) (recommended for Raspberry Pi), [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_arm64.tar.gz), [32-bit ARMv5](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_armv5.tar.gz), [32-bit ARMv7](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_armv7.tar.gz)
-    * Linux MIPS: [32-bit MIPS](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_mips_softfloat.tar.gz), [32-bit MIPSLE](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_mipsle_softfloat.tar.gz), [64-bit MIPS](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_mips64_softfloat.tar.gz), [64-bit MIPSLE](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_mips64le_softfloat.tar.gz)
-    * Windows: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_windows_amd64.zip), [32-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_windows_386.zip)
-    * macOS: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_darwin_amd64.zip), [32-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_darwin_386.zip)
-    * macOS ARM: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_darwin_arm64.zip)
-    * FreeBSD: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_amd64.tar.gz), [32-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_386.tar.gz)
-    * FreeBSD ARM: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_arm64.tar.gz), [32-bit ARMv5](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_armv5.tar.gz), [32-bit ARMv6](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_armv6.tar.gz), [32-bit ARMv7](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_armv7.tar.gz)
-    * OpenBSD: [64-bit (experimental)](https://static.adguard.com/adguardhome/edge/AdGuardHome_openbsd_amd64.tar.gz)
-    * OpenBSD ARM: [64-bit (experimental)](https://static.adguard.com/adguardhome/edge/AdGuardHome_openbsd_arm64.tar.gz)
+ *  Edge channel builds
+     *  Linux: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_amd64.tar.gz), [32-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_386.tar.gz)
+     *  Linux ARM: [32-bit ARMv6](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_armv6.tar.gz) (recommended for Raspberry Pi OS stable), [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_arm64.tar.gz), [32-bit ARMv5](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_armv5.tar.gz), [32-bit ARMv7](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_armv7.tar.gz)
+     *  Linux MIPS: [32-bit MIPS](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_mips_softfloat.tar.gz), [32-bit MIPSLE](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_mipsle_softfloat.tar.gz), [64-bit MIPS](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_mips64_softfloat.tar.gz), [64-bit MIPSLE](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_mips64le_softfloat.tar.gz)
+     *  Windows: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_windows_amd64.zip), [32-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_windows_386.zip)
+     *  macOS: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_darwin_amd64.zip), [32-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_darwin_386.zip)
+     *  macOS ARM: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_darwin_arm64.zip)
+     *  FreeBSD: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_amd64.tar.gz), [32-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_386.tar.gz)
+     *  FreeBSD ARM: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_arm64.tar.gz), [32-bit ARMv5](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_armv5.tar.gz), [32-bit ARMv6](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_armv6.tar.gz), [32-bit ARMv7](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_armv7.tar.gz)
+     *  OpenBSD: [64-bit (experimental)](https://static.adguard.com/adguardhome/edge/AdGuardHome_openbsd_amd64.tar.gz)
+     *  OpenBSD ARM: [64-bit (experimental)](https://static.adguard.com/adguardhome/edge/AdGuardHome_openbsd_arm64.tar.gz)
 
 
 <a id="reporting-issues"></a>
@@ -322,10 +322,18 @@ Here is a link to AdGuard Home project: https://crowdin.com/project/adguard-appl
 
 Here's what you can also do to contribute:
 
-1. [Look for issues](https://github.com/AdguardTeam/AdGuardHome/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22+) marked as "help wanted".
-2. Actualize the list of *Blocked services*. It can be found in [filtering/blocked.go](https://github.com/AdguardTeam/AdGuardHome/blob/master/internal/filtering/blocked.go).
-3. Actualize the list of known *trackers*. It it can be found in [client/src/helpers/trackers/adguard.json](https://github.com/AdguardTeam/AdGuardHome/blob/master/client/src/helpers/trackers/adguard.json).
-4. Actualize the list of vetted *blocklists*. It it can be found in [client/src/helpers/filters/filters.json](https://github.com/AdguardTeam/AdGuardHome/blob/master/client/src/helpers/filters/filters.json).
+1. [Look for issues][helpissues] marked as "help wanted".
+2. Actualize the list of *Blocked services*. It can be found in
+   [filtering/blocked.go][blocked.go].
+3. Actualize the list of known *trackers*. It it can be found in [this repo]
+   [companiesdb].
+4. Actualize the list of vetted *blocklists*. It it can be found in
+   [client/src/helpers/filters/filters.json][filters.json].
+
+[helpissues]: https://github.com/AdguardTeam/AdGuardHome/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22+
+[blocked.go]: https://github.com/AdguardTeam/AdGuardHome/blob/master/internal/filtering/blocked.go
+[companiesdb]: https://github.com/AdguardTeam/companiesdb
+[filters.json]: https://github.com/AdguardTeam/AdGuardHome/blob/master/client/src/helpers/filters/filters.json
 
 <a id="uses"></a>
 ## Projects that use AdGuard Home

bamboo-specs/release.yaml

@@ -7,7 +7,7 @@
 # Make sure to sync any changes with the branch overrides below.
 'variables':
   'channel': 'edge'
-  'dockerGo': 'adguard/golang-ubuntu:3.3'
+  'dockerGo': 'adguard/golang-ubuntu:3.8'
 
 'stages':
 - 'Make release':
@@ -266,7 +266,7 @@
     # need to build a few of these.
     'variables':
       'channel': 'beta'
-      'dockerGo': 'adguard/golang-ubuntu:3.3'
+      'dockerGo': 'adguard/golang-ubuntu:3.8'
 # release-vX.Y.Z branches are the branches from which the actual final release
 # is built.
 - '^release-v[0-9]+\.[0-9]+\.[0-9]+':
@@ -276,4 +276,4 @@
     # are the ones that actually get released.
     'variables':
       'channel': 'release'
-      'dockerGo': 'adguard/golang-ubuntu:3.3'
+      'dockerGo': 'adguard/golang-ubuntu:3.8'

bamboo-specs/test.yaml

@@ -5,7 +5,7 @@
   'key': 'AHBRTSPECS'
   'name': 'AdGuard Home - Build and run tests'
 'variables':
-  'dockerGo': 'adguard/golang-ubuntu:3.3'
+  'dockerGo': 'adguard/golang-ubuntu:3.8'
 
 'stages':
 - 'Tests':

client/src/__locales/be.json

@@ -37,6 +37,9 @@
     "dhcp_ipv6_settings": "Налады DHCP IPv6",
     "form_error_required": "Абавязковае поле",
     "form_error_ip4_format": "Няслушны фармат IPv4",
+    "form_error_ip4_range_start_format": "Няслушны IPv4-адрас пачатку дыяпазону",
+    "form_error_ip4_range_end_format": "Няслушны IPv4-адрас канца дыяпазону",
+    "form_error_ip4_gateway_format": "Няслушны IPv4-адрас шлюза",
     "form_error_ip6_format": "Няслушны фармат IPv6",
     "form_error_ip_format": "Няслушны фармат IP-адраса",
     "form_error_mac_format": "Некарэктны фармат MAC",
@@ -44,8 +47,12 @@
     "form_error_server_name": "Няслушнае імя сервера",
     "form_error_subnet": "Падсетка «{{cidr}}» не ўтрымвае IP-адраса «{{ip}}»",
     "form_error_positive": "Павінна быць больш 0",
-    "form_error_negative": "Павінна быць не менш 0",
-    "range_end_error": "Павінен перавышаць пачатак дыяпазону",
+    "out_of_range_error": "Павінна быць па-за дыяпазонам «{{start}}»-«{{end}}»",
+    "lower_range_start_error": "Павінна быць менш за пачатак дыяпазону",
+    "greater_range_start_error": "Павінна быць больш за пачатак дыяпазону",
+    "greater_range_end_error": "Павінна быць больш за канец дыяпазону",
+    "subnet_error": "Адрасы павінны быць усярэдзіне адной падсеткі",
+    "gateway_or_subnet_invalid": "Некарэктная маска падсеткі",
     "dhcp_form_gateway_input": "IP-адрас шлюза",
     "dhcp_form_subnet_input": "Маска падсеціва",
     "dhcp_form_range_title": "Дыяпазон IP-адрасоў",
@@ -503,6 +510,7 @@
     "statistics_clear_confirm": "Вы ўпэўнены, што хочаце ачысціць статыстыку?",
     "statistics_retention_confirm": "Вы ўпэўнены, што хочаце змяніць тэрмін захоўвання статыстыкі? Пры скарачэнні інтэрвалу дадзеныя могуць быць згублены",
     "statistics_cleared": "Статыстыка паспяхова вычышчана",
+    "statistics_enable": "Уключыць статыстыку",
     "interval_hours": "{{count}} гадзіна",
     "interval_hours_plural": "{{count}} гадзін",
     "filters_configuration": "Налада фільтраў",
@@ -612,6 +620,9 @@
     "click_to_view_queries": "Націсніце, каб прагледзець запыты",
     "port_53_faq_link": "Порт 53 часта заняты службамі \"DNSStubListener\" ці \"systemd-resolved\". Азнаёмцеся з <0>інструкцыяй</0> пра тое, як гэта дазволіць.",
     "adg_will_drop_dns_queries": "AdGuard Home скіне ўсе DNS-запыты ад гэтага кліента.",
-    "client_not_in_allowed_clients": "Кліент не дазволены, бо яго няма ў спісе \"Дазволеных кліентаў\".",
-    "experimental": "Эксперыментальны"
+    "filter_allowlist": "УВАГА: Гэта дзеянне таксама выключыць правіла «{{disallowed_rule}}» са спіса дазволеных кліентаў.",
+    "last_rule_in_allowlist": "Няможна заблакаваць гэтага кліента, бо вынятак правіла «{{disallowed_rule}}» АДКЛЮЧЫЦЬ рэжым белага спіса.",
+    "experimental": "Эксперыментальны",
+    "use_saved_key": "Скарыстаць захаваны раней ключ",
+    "parental_control": "Бацькоўскі кантроль"
 }

client/src/__locales/bg.json

@@ -10,7 +10,7 @@
     "dhcp_leases": "DHCP раздадени адреси",
     "dhcp_leases_not_found": "Няма намерени активни DHCP адреси",
     "form_error_required": "Задължително поле",
-    "form_error_ip_format": "Невалиден IPv4 адрес",
+    "form_error_ip_format": "Невалиден IP адрес",
     "form_error_positive": "Проверете дали е положително число",
     "dhcp_form_gateway_input": "IP шлюз",
     "dhcp_form_subnet_input": "Мрежова маска",
@@ -31,6 +31,7 @@
     "dashboard": "Табло",
     "settings": "Настройки",
     "filters": "Филтри",
+    "filter": "Филтър",
     "query_log": "История на заявките",
     "faq": "ЧЗВ",
     "version": "версия",
@@ -41,6 +42,7 @@
     "copyright": "Авторско право",
     "homepage": "Домашна страница",
     "report_an_issue": "Съобщи за проблем",
+    "privacy_policy": "Правила за поверителност",
     "enable_protection": "Разреши защита",
     "enabled_protection": "Защитата е разрешена",
     "disable_protection": "Забрани защита",
@@ -70,6 +72,7 @@
     "enforce_safe_search": "Включи Безопасно Търсене",
     "no_servers_specified": "Няма избрани услуги",
     "general_settings": "Общи настройки",
+    "custom_filtering_rules": "Местни правила за филтриране",
     "upstream_dns": "Главен DNS сървър",
     "test_upstream_btn": "Тествай главния DNS",
     "apply_btn": "Приложи",
@@ -86,6 +89,7 @@
     "rules_count_table_header": "Правила общо",
     "last_time_updated_table_header": "Последно обновен",
     "actions_table_header": "Действия",
+    "edit_table_action": "Редактирай",
     "delete_table_action": "Изтрий",
     "filters_and_hosts_hint": "AdGuard Home разбира adblock и host синтаксис.",
     "cancel_btn": "Откажи",
@@ -130,6 +134,9 @@
     "updated_custom_filtering_toast": "Обновени местни правила за филтриране",
     "rule_removed_from_custom_filtering_toast": "Премахнато от местни правила за филтриране: {{rule}}",
     "rule_added_to_custom_filtering_toast": "Добавено до местни правила за филтриране: {{rule}}",
+    "default": "По подразбиране",
+    "custom_ip": "Персонализиран IP",
+    "dns_over_quic": "DNS-over-QUIC",
     "plain_dns": "Обикновен DNS",
     "source_label": "Източник",
     "found_in_known_domain_db": "Намерен в списъците с домейни.",
@@ -217,8 +224,26 @@
     "form_error_password": "Паролата не съвпада",
     "reset_settings": "Изтрий всички настройки",
     "update_announcement": "Има нова AdGuard Home {{version}}! <0>Цъкни тук</0> за повече информация.",
-    "disable_ipv6": "Изключете IPv6 протокола",
+    "settings_custom": "Персонализиране",
+    "table_client": "Клиент",
+    "table_name": "Име",
+    "save_btn": "Запази",
+    "name": "Име",
+    "clients_not_found": "Нямa намерени адреси",
     "check_updates_now": "Провери за актуализации",
+    "domain": "Домейн",
+    "disabled": "Деактивиран",
+    "username_label": "Потребител",
+    "username_placeholder": "Въведете потребител",
+    "password_label": "Парола",
+    "password_placeholder": "Въведете парола",
+    "network": "Мрежа",
+    "descr": "Описание",
     "show_blocked_responses": "Блокирано",
+    "show_whitelisted_responses": "В белия списък",
+    "show_processed_responses": "Обработен",
+    "allowed": "В белия списък",
+    "filter_category_general": "General",
+    "filter_category_security": "Сигурност",
     "port_53_faq_link": "Порт 53 често е зает от \"DNSStubListener\" или \"systemd-resolved\" услуги. Моля, прочетете <0>тази инструкция</0> как да решите това."
 }

client/src/__locales/cs.json

@@ -36,16 +36,23 @@
     "dhcp_ipv4_settings": "Nastavení DHCP IPv4",
     "dhcp_ipv6_settings": "Nastavení DHCP IPv6",
     "form_error_required": "Povinné pole",
-    "form_error_ip4_format": "Neplatný formát IPv4",
-    "form_error_ip6_format": "Neplatný formát IPv6",
-    "form_error_ip_format": "Neplatný formát IP",
-    "form_error_mac_format": "Neplatný formát MAC",
-    "form_error_client_id_format": "Neplatný formát ID klienta",
+    "form_error_ip4_format": "Neplatná adresa IPv4",
+    "form_error_ip4_range_start_format": "Neplatná adresa IPv4 na začátku rozsahu",
+    "form_error_ip4_range_end_format": "Neplatná adresa IPv4 na konci rozsahu",
+    "form_error_ip4_gateway_format": "Neplatná adresa IPv4 brány",
+    "form_error_ip6_format": "Neplatná adresa IPv6",
+    "form_error_ip_format": "Neplatná adresa IP",
+    "form_error_mac_format": "Neplatná adresa MAC",
+    "form_error_client_id_format": "Neplatné ID klienta",
     "form_error_server_name": "Neplatný název serveru",
     "form_error_subnet": "Podsíť \"{{cidr}}\" neobsahuje IP adresu \"{{ip}}\"",
     "form_error_positive": "Musí být větší než 0",
-    "form_error_negative": "Musí být rovno nebo větší než 0",
-    "range_end_error": "Musí být větší než začátek rozsahu",
+    "out_of_range_error": "Musí být mimo rozsah \"{{start}}\"-\"{{end}}\"",
+    "lower_range_start_error": "Musí být menší než začátek rozsahu",
+    "greater_range_start_error": "Musí být větší než začátek rozsahu",
+    "greater_range_end_error": "Musí být větší než konec rozsahu",
+    "subnet_error": "Adresy musí být v jedné podsíti",
+    "gateway_or_subnet_invalid": "Neplatná maska podsítě",
     "dhcp_form_gateway_input": "IP brána",
     "dhcp_form_subnet_input": "Maska podsítě",
     "dhcp_form_range_title": "Rozsah IP adres",
@@ -193,6 +200,7 @@
     "form_error_url_or_path_format": "Neplatná URL nebo úplná cesta k seznamu",
     "custom_filter_rules": "Vlastní pravidla filtrování",
     "custom_filter_rules_hint": "Na každý řádek vložte jedno pravidlo. Můžete použít buď pravidla blokování reklam nebo syntaxe hostitelských souborů.",
+    "system_host_files": "Systémové soubory hostitelů",
     "examples_title": "Příklady",
     "example_meaning_filter_block": "zablokovat přístup k doméně example.org a všem jejím subdoménám",
     "example_meaning_filter_whitelist": "odblokovat přístup k doméně example.org a všem jejím subdoménám",
@@ -616,5 +624,8 @@
     "filter_allowlist": "VAROVÁNÍ: Tato akce také vyloučí pravidlo \"{{disallowed_rule}}\" ze seznamu povolených klientů.",
     "last_rule_in_allowlist": "Nelze zakázat tohoto klienta, protože vyloučení pravidla \"{{disallowed_rule}}\" ZRUŠÍ seznam \"Povolených klientů\".",
     "experimental": "Experimentální",
-    "use_saved_key": "Použít dříve uložený klíče"
+    "use_saved_key": "Použít dříve uložený klíče",
+    "parental_control": "Rodičovská kontrola",
+    "safe_browsing": "Bezpečné prohlížení",
+    "served_from_cache": "{{value}} <i>(převzato z mezipaměti)</i>"
 }

client/src/__locales/da.json

@@ -36,16 +36,23 @@
     "dhcp_ipv4_settings": "DHCP IPv4-indstillinger",
     "dhcp_ipv6_settings": "DHCP IPv6-indstillinger",
     "form_error_required": "Obligatorisk felt",
-    "form_error_ip4_format": "Ugyldigt IPv4-format",
-    "form_error_ip6_format": "Ugyldigt IPv6-format",
-    "form_error_ip_format": "Ugyldigt IP-format",
-    "form_error_mac_format": "Ugyldigt MAC-format",
-    "form_error_client_id_format": "Ugyldigt klient-ID format",
+    "form_error_ip4_format": "Ugyldig IPv4-adresse",
+    "form_error_ip4_range_start_format": "Ugyldig IPv4-adresse for områdestart",
+    "form_error_ip4_range_end_format": "Ugyldig IPv4-adresse for områdeafslutning",
+    "form_error_ip4_gateway_format": "Ugyldig IPv4-adresse for gateway",
+    "form_error_ip6_format": "Ugyldig IPv6-adresse",
+    "form_error_ip_format": "Ugyldig IP-adresse",
+    "form_error_mac_format": "Ugyldig MAC-adresse",
+    "form_error_client_id_format": "Ugyldigt klient-ID",
     "form_error_server_name": "Ugyldigt servernavn",
     "form_error_subnet": "Subnet \"{{cidr}}\" indeholder ikke IP-adressen \"{{ip}}\"",
     "form_error_positive": "Skal være større end 0",
-    "form_error_negative": "Skal være lig med 0 eller større",
-    "range_end_error": "Skal være større end starten på ​​intervallet",
+    "out_of_range_error": "Skal være uden for området \"{{start}}\"-\"{{end}}\"",
+    "lower_range_start_error": "Skal være mindre end starten på området",
+    "greater_range_start_error": "Skal være større end starten på ​​området",
+    "greater_range_end_error": "Skal være større end slutningen på ​​området",
+    "subnet_error": "Adresser ska være i ét undernet",
+    "gateway_or_subnet_invalid": "Undernetmaske ugyldig",
     "dhcp_form_gateway_input": "Gateway IP",
     "dhcp_form_subnet_input": "Undernetmaske",
     "dhcp_form_range_title": "Interval af IP-adresser",
@@ -193,6 +200,7 @@
     "form_error_url_or_path_format": "Ugyldig URL eller absolut listesti",
     "custom_filter_rules": "Tilpassede filtreringsregler",
     "custom_filter_rules_hint": "Angiv én regel pr. linje. Du kan bruge enten adblockingregler eller værtsfilsyntaks.",
+    "system_host_files": "System hosts-filer",
     "examples_title": "Eksempler",
     "example_meaning_filter_block": "blokér adgang til example.org-domænet samt alle underdomæner",
     "example_meaning_filter_whitelist": "afblokér adgang til example.ord-domænet samt alle underdomæner",
@@ -616,5 +624,8 @@
     "filter_allowlist": "ADVARSEL: Denne handling udelukker også reglen \"{{disallowed_rule}}\" fra listen over tilladte klienter.",
     "last_rule_in_allowlist": "Kan ikke afvise denne klient, da udelukkelse af reglen \"{{disallowed_rule}}\" DEAKTIVERER listen \"Tilladte klienter\".",
     "experimental": "Eksperimentel",
-    "use_saved_key": "Brug den tidligere gemte nøgle"
+    "use_saved_key": "Brug den tidligere gemte nøgle",
+    "parental_control": "Forældrekontrol",
+    "safe_browsing": "Sikker browsing",
+    "served_from_cache": "{{value}} <i>(leveret fra cache)</i>"
 }

client/src/__locales/de.json

@@ -2,21 +2,21 @@
     "client_settings": "Client-Einstellungen",
     "example_upstream_reserved": "Sie können DNS-Upstream <0>für bestimmte Domain(s)</0> angeben",
     "example_upstream_comment": "Sie können den Kommentar angeben",
-    "upstream_parallel": "Parallele Abfragen verwenden, um die Lösung zu beschleunigen, indem Sie alle Upstream-Server gleichzeitig abfragen",
-    "parallel_requests": "Parallele Abfragen",
+    "upstream_parallel": "Parallele Abfragen verwenden, um das Auflösen zu beschleunigen, indem alle Upstream-Server gleichzeitig abgefragt werden.",
+    "parallel_requests": "Paralleles Abfragen",
     "load_balancing": "Lastverteilung",
     "load_balancing_desc": "Einen Server nach dem anderen abfragen. AdGuard Home verwendet den gewichteten Zufallsalgorithmus, um den Server so auszuwählen, dass der schnellste Server häufiger verwendet wird.",
     "bootstrap_dns": "Bootstrap DNS-Server starten",
     "bootstrap_dns_desc": "Bootstrap-DNS-Server werden verwendet, um IP-Adressen der DoH/DoT-Resolver aufzulösen, die Sie als Upstreams angeben.",
-    "local_ptr_title": "Eigene DNS-Server",
-    "local_ptr_desc": "Die DNS-Server, die AdGuard Home für lokale PTR-Abfragen verwendet. Diese Server werden verwendet, um die Hostnamen von Clients mit privaten IP-Adressen, z. B. „192.168.12.34“, mithilfe von rDNS aufzulösen. Wenn nicht festgelegt, verwendet AdGuard Home die Adressen der standardmäßigen DNS-Resolver Ihres Betriebssystems, mit Ausnahme der Adressen von AdGuard Home selbst.",
+    "local_ptr_title": "Private inverse DNS-Server",
+    "local_ptr_desc": "Die DNS-Server, die AdGuard Home für lokale PTR-Abfragen verwendet. Diese Server werden verwendet, um die Hostnamen von Clients mit privaten IP-Adressen, z. B. „192.168.12.34“, per inverse DNS-Anfragen aufzulösen. Wenn nicht festgelegt, verwendet AdGuard Home die Adressen der Standard-DNS-Auflöser Ihres Betriebssystems mit Ausnahme der Adressen von AdGuard Home selbst.",
     "local_ptr_default_resolver": "Standardmäßig verwendet AdGuard Home die folgenden Invers-DNS-Resolver: {{ip}}.",
     "local_ptr_no_default_resolver": "AdGuard Home konnte keine geeigneten privaten Invers-DNS-Resolver für dieses System ermitteln.",
     "local_ptr_placeholder": "Eine Serveradresse pro Zeile eingeben",
     "resolve_clients_title": "Hostnamenauflösung der Clients aktivieren",
-    "resolve_clients_desc": "Lösen Sie die IP-Adressen der Clients umgekehrt in ihre Hostnamen auf, indem Sie PTR-Anfragen an entsprechende Resolver senden (private DNS-Server für lokale Clients, Upstream-Server für Clients mit öffentlichen IP-Adressen).",
+    "resolve_clients_desc": "Inverses Auflösen der IP-Adressen der Clients in ihre Hostnamen durch Senden von PTR-Anfragen an die entsprechenden Resolver (private DNS-Server für lokale Kunden, Upstream-Server für Kunden mit öffentlichen IP-Adressen).",
     "use_private_ptr_resolvers_title": "Private Reverse-DNS-Resolver verwenden",
-    "use_private_ptr_resolvers_desc": "Führen Sie mithilfe dieser Upstream-Server Reverse DNS-Lookups für lokal bereitgestellte Adressen durch. Wenn diese Option deaktiviert ist, antwortet AdGuard Home mit NXDOMAIN auf alle derartigen PTR-Anfragen mit Ausnahme von Clients, die von DHCP, /etc/hosts usw. bekannt sind.",
+    "use_private_ptr_resolvers_desc": "Führt inverse DNS-Abfragen für lokal bereitgestellte Adressen mit diesen Upstream-Servern durch. Wenn deaktiviert, antwortet AdGuard Home mit NXDOMAIN auf alle solchen PTR-Anfragen, außer für Clients, die über DHCP, /etc/hosts usw. bekannt sind.",
     "check_dhcp_servers": "Auf DHCP-Server prüfen",
     "save_config": "Konfiguration speichern",
     "enabled_dhcp": "DHCP-Server aktiviert",
@@ -27,50 +27,57 @@
     "dhcp_description": "Wenn Ihr Router keine DHCP-Einstellungen bietet, können Sie den integrierten DHCP-Server von AdGuard verwenden.",
     "dhcp_enable": "DHCP-Server aktivieren",
     "dhcp_disable": "DHCP-Server deaktivieren",
-    "dhcp_not_found": "Keine aktiven DHCP-Server im Netzwerk gefunden. Es ist sicher, den integrierten DHCP-Server zu aktivieren.",
-    "dhcp_found": "Einige aktive DHCP-Server im Netzwerk gefunden. Es ist nicht sicher, den integrierten DHCP-Server zu aktivieren.",
-    "dhcp_leases": "DHCP-Leasingverträge",
-    "dhcp_static_leases": "DHCP statische Leases",
-    "dhcp_leases_not_found": "Keine DHCP-Leasingverträge gefunden\n",
+    "dhcp_not_found": "Es ist sicherer, den integrierten DHCP-Server zu aktivieren, da AdGuard Home keine aktiven DHCP-Server im Netzwerk vorgefunden hat. Sie sollten dies jedoch noch einmal manuell überprüfen, da die automatische Überprüfung derzeit keine 100%ige Garantie bietet.",
+    "dhcp_found": "Es wurde ein aktiver DHCP-Server im Netzwerk gefunden. Es wird nicht empfohlen, den integrierten DHCP-Server zu aktivieren.",
+    "dhcp_leases": "DHCP-Zuweisungen",
+    "dhcp_static_leases": "DHCP statische Zuweisungen",
+    "dhcp_leases_not_found": "Keine DHCP-Zuweisungen gefunden",
     "dhcp_config_saved": "DHCP-Konfiguration erfolgreich gespeichert",
     "dhcp_ipv4_settings": "DHCP-IPv4-Einstellungen",
     "dhcp_ipv6_settings": "DHCP-IPv6-Einstellungen",
     "form_error_required": "Pflichtfeld",
-    "form_error_ip4_format": "Ungültiges IPv4-Format",
-    "form_error_ip6_format": "Ungültiges IPv6-Format",
-    "form_error_ip_format": "Ungültiges IPv4-Format",
-    "form_error_mac_format": "Ungültiges MAC-Format",
-    "form_error_client_id_format": "Ungültiges Client-ID-Format",
+    "form_error_ip4_format": "Ungültige IPv4-Adresse",
+    "form_error_ip4_range_start_format": "Ungültiger Bereichsbeginn der IPv4-Adresse",
+    "form_error_ip4_range_end_format": "Ungültiges Bereichsende der IPv4-Adresse",
+    "form_error_ip4_gateway_format": "Ungültiges Gateway-IPv4-Adresse",
+    "form_error_ip6_format": "Ungültige IPv6-Adresse",
+    "form_error_ip_format": "Ungültige IP-Adresse",
+    "form_error_mac_format": "Ungültige MAC-Adresse",
+    "form_error_client_id_format": "Ungültiges Client-ID",
     "form_error_server_name": "Ungültiger Servername",
     "form_error_subnet": "Subnetz „{{cidr}}“ enthält nicht die IP-Adresse „{{ip}}“",
-    "form_error_positive": "Muss größer als 0 sein.",
-    "form_error_negative": "Muss gleich oder größer als 0 (Null) sein",
-    "range_end_error": "Muss größer als der Bereichsbeginn sein",
+    "form_error_positive": "Muss größer als 0 (Null) sein",
+    "out_of_range_error": "Muss außerhalb des Bereichs „{{start}}“-„{{end}}“ liegen",
+    "lower_range_start_error": "Muss niedriger als der Bereichsbeginn sein",
+    "greater_range_start_error": "Muss größer als der Bereichsbeginn sein",
+    "greater_range_end_error": "Muss größer als das Bereichsende sein",
+    "subnet_error": "Die Adressen müssen innerhalb eines Subnetzes liegen",
+    "gateway_or_subnet_invalid": "Ungültige Subnetzmaske",
     "dhcp_form_gateway_input": "Gateway-IP",
     "dhcp_form_subnet_input": "Subnetz-Maske",
     "dhcp_form_range_title": "Bereich von IP-Adressen",
-    "dhcp_form_range_start": "Bereichsanfang",
+    "dhcp_form_range_start": "Bereichsbeginn",
     "dhcp_form_range_end": "Bereichsende",
-    "dhcp_form_lease_title": "DHCP-Leasingdauer (in Sekunden)",
-    "dhcp_form_lease_input": "Leasingdauer",
+    "dhcp_form_lease_title": "DHCP-Zuweisungs-Dauer (in Sekunden)",
+    "dhcp_form_lease_input": "Dauer der Zuweisung",
     "dhcp_interface_select": "DHCP-Benutzeroberfläche auswählen",
     "dhcp_hardware_address": "Hardware-Adresse",
     "dhcp_ip_addresses": "IP-Adressen",
     "ip": "IP",
     "dhcp_table_hostname": "Hostname",
-    "dhcp_table_expires": "Läuft ab",
+    "dhcp_table_expires": "Gültig bis",
     "dhcp_warning": "Wenn Sie den DHCP-Server trotzdem aktivieren möchten, stellen Sie sicher, dass sich in Ihrem Netzwerk kein anderer aktiver DHCP-Server befindet. Andernfalls kann es bei angeschlossenen Geräten zu einem Ausfall des Internets kommen!",
-    "dhcp_error": "Es konnte nicht ermittelt werden, ob es einen anderen DHCP-Server im Netzwerk gibt.",
+    "dhcp_error": "AdGuard Home konnte nicht ermitteln, ob es einen anderen aktiven DHCP-Server im Netzwerk gibt.",
     "dhcp_static_ip_error": "Um den DHCP-Server nutzen zu können, muss eine statische IP-Adresse festgelegt werden. Es konnte nicht ermittelt werden, ob diese Netzwerkschnittstelle mit statischer IP-Adresse konfiguriert ist. Bitte legen Sie eine statische IP-Adresse manuell fest.",
     "dhcp_dynamic_ip_found": "Ihr System verwendet die dynamische Konfiguration der IP-Adresse für die Schnittstelle <0>{{interfaceName}}</0>. Um den DHCP-Server nutzen zu können, muss eine statische IP-Adresse festgelegt werden. Ihre aktuelle IP-Adresse ist <0>{{ipAddress}}</0>. Diese IP-Adresse wird automatisch als statisch festgelegt, sobald Sie auf die Schaltfläche „DHCP-Server aktivieren“ klicken.",
-    "dhcp_lease_added": "Statischer Lease „{{key}}“ erfolgreich hinzugefügt",
-    "dhcp_lease_deleted": "Statischer Lease „{{key}}“ erfolgreich entfernt",
-    "dhcp_new_static_lease": "Neuer statischer Lease",
-    "dhcp_static_leases_not_found": "Keine statischen DHCP-Leases gefunden",
-    "dhcp_add_static_lease": "Statischen Lease hinzufügen",
-    "dhcp_reset_leases": "Setzen Sie alle Leases zurück",
-    "dhcp_reset_leases_confirm": "Möchten Sie wirklich alle Leases zurücksetzen?",
-    "dhcp_reset_leases_success": "DHCP-Leases erfolgreich zurückgesetzt",
+    "dhcp_lease_added": "Statischer Zuweisung „{{key}}“ erfolgreich hinzugefügt",
+    "dhcp_lease_deleted": "Statische Zuweisung „{{key}}“ erfolgreich entfernt",
+    "dhcp_new_static_lease": "Neuer statischer Zuweisung",
+    "dhcp_static_leases_not_found": "Keine statischen DHCP-Zuweisungen gefunden",
+    "dhcp_add_static_lease": "Statische Zuweisung hinzufügen",
+    "dhcp_reset_leases": "Alle Zuweisungen zurücksetzen",
+    "dhcp_reset_leases_confirm": "Möchten Sie wirklich alle Zuweisungen zurücksetzen?",
+    "dhcp_reset_leases_success": "DHCP-Zuweisungen erfolgreich zurückgesetzt",
     "dhcp_reset": "Möchten Sie die DHCP-Konfiguration wirklich zurücksetzen?",
     "country": "Land",
     "city": "Stadt",
@@ -96,7 +103,7 @@
     "on": "AN",
     "off": "AUS",
     "copyright": "Urheberrecht",
-    "homepage": "Homepage",
+    "homepage": "Startseite",
     "report_an_issue": "Fehlerbericht senden",
     "privacy_policy": "Datenschutzerklärung",
     "enable_protection": "Schutz aktivieren",
@@ -106,8 +113,8 @@
     "refresh_statics": "Statistiken aktualisieren",
     "dns_query": "DNS-Anfragen",
     "blocked_by": "<0>Durch Filter gesperrt</0>",
-    "stats_malware_phishing": "Gesperrte Schädliche/Phishing-Webseiten",
-    "stats_adult": "Gesperrte jugendgefährdende Webseiten",
+    "stats_malware_phishing": "Gesperrte Schädliche/Phishing-Websites",
+    "stats_adult": "Gesperrte jugendgefährdende Websites",
     "stats_query_domain": "Am häufigsten angefragte Domains",
     "for_last_24_hours": "für die letzten 24 Stunden",
     "for_last_days": "am letzten {{count}} Tag",
@@ -125,7 +132,7 @@
     "number_of_dns_query_24_hours": "Anzahl der in den letzten 24 Stunden durchgeführten DNS-Anfragen",
     "number_of_dns_query_blocked_24_hours": "Anzahl der durch Werbefilter und Host-Sperrlisten abgelehnte DNS-Anfragen",
     "number_of_dns_query_blocked_24_hours_by_sec": "Anzahl der durch das AdGuard-Modul „Internetsicherheit“ gesperrten DNS-Anfragen",
-    "number_of_dns_query_blocked_24_hours_adult": "Anzahl der gesperrten Webseiten mit jugendgefährdenden Inhalten",
+    "number_of_dns_query_blocked_24_hours_adult": "Anzahl der gesperrten Websites mit jugendgefährdenden Inhalten",
     "enforced_save_search": "SafeSearch erzwungen",
     "number_of_dns_query_to_safe_search": "Anzahl der DNS-Anfragen bei denen SafeSearch für Suchanfragen erzwungen wurde",
     "average_processing_time": "Durchschnittliche Bearbeitungsdauer",
@@ -165,7 +172,7 @@
     "enabled_table_header": "Aktiviert",
     "name_table_header": "Name",
     "list_url_table_header": "Adressliste",
-    "rules_count_table_header": "Anzahl Regeln",
+    "rules_count_table_header": "Regeln total",
     "last_time_updated_table_header": "Letztes Update",
     "actions_table_header": "Aktionen",
     "request_table_header": "Anfrage",
@@ -193,6 +200,7 @@
     "form_error_url_or_path_format": "Ungültige URL oder absoluter Pfad der Liste",
     "custom_filter_rules": "Benutzerdefinierte Filterregeln",
     "custom_filter_rules_hint": "Geben Sie pro Zeile eine Regel ein. Sie können entweder Werbefilterregeln oder Host-Datei-Syntax verwenden.",
+    "system_host_files": "Hosts-Datei des Systems",
     "examples_title": "Beispiele",
     "example_meaning_filter_block": "blockiert den Zugang zur Domain example.org und all ihren Subdomains",
     "example_meaning_filter_whitelist": "entblockt den Zugang zur Domain example.org und all ihren Subdomains",
@@ -200,7 +208,7 @@
     "example_comment": "! Hier steht ein Kommentar",
     "example_comment_meaning": "Nur ein Kommentar",
     "example_comment_hash": "# Auch ein Kommentar",
-    "example_regex_meaning": "Zugriff auf die Domains sperren, die dem <0>angegebenen regulärem Ausdruck</0> entsprechen",
+    "example_regex_meaning": "Zugriff auf die Domains sperren, die dem <0>angegebenen regulären Ausdruck</0> entsprechen",
     "example_upstream_regular": "regulärer DNS (über UDP)",
     "example_upstream_dot": "verschlüsseltes <0>DNS-over-TLS</0>",
     "example_upstream_doh": "verschlüsseltes <0>DNS-over-HTTPS</0>",
@@ -306,7 +314,7 @@
     "install_settings_dns_desc": "Sie müssen Ihre Geräte oder Ihren Router so konfigurieren, dass er den DNS-Server unter den folgenden Adressen verwendet:",
     "install_settings_all_interfaces": "Alle Schnittstellen",
     "install_auth_title": "Authentifizierung",
-    "install_auth_desc": "Die Passwortauthentifizierung für Ihre AdGuard Home Administrator-Weboberfläche muss konfiguriert sein. Auch wenn AdGuard Home nur in Ihrem lokalen Netzwerk zugänglich ist, ist es dennoch wichtig, es vor unbefugtem Zugriff zu schützen.",
+    "install_auth_desc": "Die Passwort-Authentifizierung für Ihre AdGuard Home Admin-Web-Oberfläche muss konfiguriert werden. Auch wenn AdGuard Home nur in Ihrem lokalen Netzwerk zugänglich ist, ist es dennoch wichtig, es vor unberechtigtem Zugriff zu schützen.",
     "install_auth_username": "Benutzername",
     "install_auth_password": "Passwort",
     "install_auth_confirm": "Passwort bestätigen",
@@ -315,7 +323,7 @@
     "install_step": "Schritt",
     "install_devices_title": "Konfigurieren Sie Ihre Geräte",
     "install_devices_desc": "Um AdGuard Home nutzen zu können, müssen Sie Ihre Geräte so konfigurieren, dass sie es auch wirklich nutzen.",
-    "install_submit_title": "Herzlichen Glückwunsch!",
+    "install_submit_title": "Gratulation!",
     "install_submit_desc": "Die Einrichtung ist abgeschlossen und Sie können mit der Verwendung von AdGuard Home beginnen.",
     "install_devices_router": "Router",
     "install_devices_router_desc": "Diese Einrichtung deckt automatisch alle an Ihren Heimrouter angeschlossenen Geräte ab, und Sie müssen nicht jedes einzelne davon manuell konfigurieren.",
@@ -447,12 +455,12 @@
     "setup_dns_privacy_android_3": "„<0>Intra</0>“ fügt <1>DNS-over-HTTPS</1>-Unterstützung zu Android hinzu.",
     "setup_dns_privacy_ios_1": "„<0>DNSCloak</0>“ unterstützt <1>DNS-over-HTTPS</1>, aber um es so zu konfigurieren, dass es Ihren eigenen Server verwendet, müssen Sie einen <2>DNS-Stempel</2> dafür generieren.",
     "setup_dns_privacy_ios_2": "<0>AdGuard für iOS</0> unterstützt die Einrichtung von <1>DNS-over-HTTTPS</1> und <1>DNS-over-TLS</1>.",
-    "setup_dns_privacy_other_title": "Weitere Umsetzungen",
+    "setup_dns_privacy_other_title": "Weitere Implementierungen",
     "setup_dns_privacy_other_1": "AdGuard Home selbst kann ein sicherer DNS-Client auf jeder Plattform sein.",
     "setup_dns_privacy_other_2": "<0>dnsproxy</0> unterstützt alle bekannten sicheren DNS-Protokolle.",
     "setup_dns_privacy_other_3": "<0>dnscrypt-proxy</0> unterstützt <1>DNS-over-HTTPS</1>.",
     "setup_dns_privacy_other_4": "<0>Mozilla Firefox</0> unterstützt <1>DNS-over-HTTPS</1>.",
-    "setup_dns_privacy_other_5": "Weitere Umsetzungen finden Sie <0>hier</0> und <1>hier</1>.",
+    "setup_dns_privacy_other_5": "Weitere Implementierungen finden Sie <0>hier</0> und <1>hier</1>.",
     "setup_dns_privacy_ioc_mac": "Konfiguration für iOS und macOS",
     "setup_dns_notice": "Um <1>DNS-over-HTTTPS</1> oder <1>DNS-over-TLS</1> verwenden zu können, müssen Sie in den AdGuard Home Einstellungen die <0>Verschlüsselung konfigurieren</0>.",
     "rewrite_added": "DNS-Umschreibung für „{{key}}“ erfolgreich hinzugefügt",
@@ -579,8 +587,8 @@
     "show_blocked_responses": "Gesperrt",
     "show_whitelisted_responses": "Auf der Positivliste",
     "show_processed_responses": "Verarbeitet",
-    "blocked_safebrowsing": "Durch Internetsicherheit gesperrt",
-    "blocked_adult_websites": "Gesperrte jugendgefährdende Webseiten",
+    "blocked_safebrowsing": "Gesperrt durch Internetsicherheit",
+    "blocked_adult_websites": "Gesperrte jugendgefährdende Websites",
     "blocked_threats": "Gesperrte Bedrohungen",
     "allowed": "Zugelassen",
     "filtered": "Gefiltert",
@@ -598,7 +606,7 @@
     "cache_ttl_min_override_desc": "Überschreibt den TTL-Minimalwert, der vom vorgeschalteten Server empfangen wurde. Dieser Wert darf nicht mehr als 3600 (Sek.) (≙ 1 Stunde) betragen.",
     "cache_ttl_max_override_desc": "Überschreibt den TLL-Maximalwert, der vom vorgeschalteten Server empfangen wurde.",
     "ttl_cache_validation": "Der minimale Cache des TTL-Wertes muss kleiner oder gleich dem maximalen Wert sein",
-    "cache_optimistic": "Optimistisches Caching",
+    "cache_optimistic": "Optimistisches Zwischenspeichern",
     "cache_optimistic_desc": "Sorgt dafür, dass AdGuard Home auch dann aus dem Zwischenspeicher antwortet, wenn die Einträge abgelaufen sind, und versucht zudem, diese zu aktualisieren.",
     "filter_category_general": "Allgemein",
     "filter_category_security": "Sicherheit",
@@ -616,5 +624,8 @@
     "filter_allowlist": "Warnhinweis: Durch diese Aktion wird außerdem die Regel „{{disallowed_rule}}“ aus der Liste der zugelassenen Clients ausgeschlossen.",
     "last_rule_in_allowlist": "Dieser Client kann nicht gesperrt werden, da das Ausschließen der Regel „{{disallowed_rule}}“ die Liste „Zugelassene Clients“ deaktivieren würde.",
     "experimental": "Experimentell",
-    "use_saved_key": "Zuvor gespeicherten Schlüssel verwenden"
+    "use_saved_key": "Zuvor gespeicherten Schlüssel verwenden",
+    "parental_control": "Kindersicherung",
+    "safe_browsing": "Sicheres Surfen",
+    "served_from_cache": "{{value}} <i>(aus dem Zwischenspeicher abgerufen)</i>"
 }

client/src/__locales/en.json

@@ -36,16 +36,23 @@
     "dhcp_ipv4_settings": "DHCP IPv4 Settings",
     "dhcp_ipv6_settings": "DHCP IPv6 Settings",
     "form_error_required": "Required field",
-    "form_error_ip4_format": "Invalid IPv4 format",
-    "form_error_ip6_format": "Invalid IPv6 format",
-    "form_error_ip_format": "Invalid IP format",
-    "form_error_mac_format": "Invalid MAC format",
-    "form_error_client_id_format": "Invalid client ID format",
+    "form_error_ip4_format": "Invalid IPv4 address",
+    "form_error_ip4_range_start_format": "Invalid IPv4 address of the range start",
+    "form_error_ip4_range_end_format": "Invalid IPv4 address of the range end",
+    "form_error_ip4_gateway_format": "Invalid IPv4 address of the gateway",
+    "form_error_ip6_format": "Invalid IPv6 address",
+    "form_error_ip_format": "Invalid IP address",
+    "form_error_mac_format": "Invalid MAC address",
+    "form_error_client_id_format": "Invalid client ID",
     "form_error_server_name": "Invalid server name",
     "form_error_subnet": "Subnet \"{{cidr}}\" does not contain the IP address \"{{ip}}\"",
     "form_error_positive": "Must be greater than 0",
-    "form_error_negative": "Must be equal to 0 or greater",
-    "range_end_error": "Must be greater than range start",
+    "out_of_range_error": "Must be out of range \"{{start}}\"-\"{{end}}\"",
+    "lower_range_start_error": "Must be lower than range start",
+    "greater_range_start_error": "Must be greater than range start",
+    "greater_range_end_error": "Must be greater than range end",
+    "subnet_error": "Addresses must be in one subnet",
+    "gateway_or_subnet_invalid": "Subnet mask invalid",
     "dhcp_form_gateway_input": "Gateway IP",
     "dhcp_form_subnet_input": "Subnet mask",
     "dhcp_form_range_title": "Range of IP addresses",
@@ -193,6 +200,7 @@
     "form_error_url_or_path_format": "Invalid URL or absolute path of the list",
     "custom_filter_rules": "Custom filtering rules",
     "custom_filter_rules_hint": "Enter one rule on a line. You can use either adblock rules or hosts files syntax.",
+    "system_host_files": "System hosts files",
     "examples_title": "Examples",
     "example_meaning_filter_block": "block access to the example.org domain and all its subdomains",
     "example_meaning_filter_whitelist": "unblock access to the example.org domain and all its subdomains",
@@ -616,5 +624,8 @@
     "filter_allowlist": "WARNING: This action also will exclude the rule \"{{disallowed_rule}}\" from the list of allowed clients.",
     "last_rule_in_allowlist": "Cannot disallow this client because excluding the rule \"{{disallowed_rule}}\" will DISABLE \"Allowed clients\" list.",
     "experimental": "Experimental",
-    "use_saved_key": "Use the previously saved key"
+    "use_saved_key": "Use the previously saved key",
+    "parental_control": "Parental control",
+    "safe_browsing": "Safe browsing",
+    "served_from_cache": "{{value}} <i>(served from cache)</i>"
 }

client/src/__locales/es.json

@@ -36,16 +36,23 @@
     "dhcp_ipv4_settings": "Configuración DHCP IPv4",
     "dhcp_ipv6_settings": "Configuración DHCP IPv6",
     "form_error_required": "Campo obligatorio",
-    "form_error_ip4_format": "Formato IPv4 no válido",
-    "form_error_ip6_format": "Formato IPv6 no válido",
-    "form_error_ip_format": "Formato IP no válido",
-    "form_error_mac_format": "Formato MAC no válido",
-    "form_error_client_id_format": "Formato de ID de cliente no válido",
+    "form_error_ip4_format": "Dirección IPv4 no válida",
+    "form_error_ip4_range_start_format": "Dirección IPv4 no válida del inicio de rango",
+    "form_error_ip4_range_end_format": "Dirección IPv4 no válida del final de rango",
+    "form_error_ip4_gateway_format": "Dirección IPv4 no válida de la puerta de enlace",
+    "form_error_ip6_format": "Dirección IPv6 no válida",
+    "form_error_ip_format": "Dirección IP no válida",
+    "form_error_mac_format": "Dirección MAC no válida",
+    "form_error_client_id_format": "ID de cliente no válido",
     "form_error_server_name": "Nombre de servidor no válido",
     "form_error_subnet": "La subred \"{{cidr}}\" no contiene la dirección IP \"{{ip}}\"",
     "form_error_positive": "Debe ser mayor que 0",
-    "form_error_negative": "Debe ser igual o mayor que 0",
-    "range_end_error": "Debe ser mayor que el inicio de rango",
+    "out_of_range_error": "Debe estar fuera del rango \"{{start}}\"-\"{{end}}\"",
+    "lower_range_start_error": "Debe ser inferior que el inicio de rango",
+    "greater_range_start_error": "Debe ser mayor que el inicio de rango",
+    "greater_range_end_error": "Debe ser mayor que el final de rango",
+    "subnet_error": "Las direcciones deben estar en una subred",
+    "gateway_or_subnet_invalid": "Máscara de subred no válida",
     "dhcp_form_gateway_input": "IP de puerta de enlace",
     "dhcp_form_subnet_input": "Máscara de subred",
     "dhcp_form_range_title": "Rango de direcciones IP",
@@ -193,6 +200,7 @@
     "form_error_url_or_path_format": "URL o ruta absoluta no válida para la lista",
     "custom_filter_rules": "Reglas de filtrado personalizado",
     "custom_filter_rules_hint": "Ingresa una regla por línea. Puedes utilizar reglas de bloqueo o la sintaxis de los archivos hosts.",
+    "system_host_files": "Archivos hosts del sistema",
     "examples_title": "Ejemplos",
     "example_meaning_filter_block": "bloquea el acceso al dominio ejemplo.org y a todos sus subdominios",
     "example_meaning_filter_whitelist": "desbloquea el acceso al dominio ejemplo.org y a todos sus subdominios",
@@ -616,5 +624,8 @@
     "filter_allowlist": "ADVERTENCIA: Esta acción también excluirá la regla \"{{disallowed_rule}}\" de la lista de clientes permitidos.",
     "last_rule_in_allowlist": "No se puede desautorizar a este cliente porque al excluir la regla \"{{disallowed_rule}}\" DESHABILITARÁ la lista de \"Clientes permitidos\".",
     "experimental": "experimental",
-    "use_saved_key": "Usar la clave guardada previamente"
+    "use_saved_key": "Usar la clave guardada previamente",
+    "parental_control": "Control parental",
+    "safe_browsing": "Navegación segura",
+    "served_from_cache": "{{value}} <i>(servido desde la caché)</i>"
 }

client/src/__locales/fa.json

@@ -21,7 +21,6 @@
     "form_error_mac_format": "فرمت مَک نامعتبر است",
     "form_error_client_id_format": "فرمت شناسه کلاینت نامعتبر است",
     "form_error_positive": "باید بزرگتر از 0 باشد",
-    "form_error_negative": "باید برابر با 0 یا بزرگتر باشد",
     "dhcp_form_gateway_input": "آی پی دروازه",
     "dhcp_form_subnet_input": "ماسک زیر شبکه",
     "dhcp_form_range_title": "دامنه آدرس های آی پی",
@@ -206,8 +205,10 @@
     "custom_ip": "آی پی دستی",
     "blocking_ipv4": "مسدودسازی IPv4",
     "blocking_ipv6": "مسدودسازی IPv6",
+    "dnscrypt": "DNSCrypt",
     "dns_over_https": "DNS-over-HTTPS",
     "dns_over_tls": "DNS-over-TLS",
+    "dns_over_quic": "DNS-over-QUIC",
     "form_enter_rate_limit": "میزان محدودیت را وارد کنید",
     "rate_limit": "میزان محدودیت",
     "edns_enable": "فعالسازی زیرشبکه کلاینت EDNS",
@@ -399,6 +400,7 @@
     "encryption_key_source_content": "چسباندن محتوای کلید خصوصی",
     "stats_params": "پیکربندی آمار",
     "config_successfully_saved": "پیکربندی با موفقیت ذخیره شد",
+    "interval_6_hour": "6 ساعت",
     "interval_24_hour": "24 ساعت",
     "interval_days": "{{value}} روز",
     "interval_days_plural": "{{count}} روز",
@@ -409,7 +411,7 @@
     "statistics_configuration": "پیکربندی آمارها",
     "statistics_retention": "مدت حفظ آمارها",
     "statistics_retention_desc": "اگر مقدار فاصله را کاهش دهید،برخی داده ها از بین خواهد رفت",
-    "statistics_clear": " پاکسازی آمار",
+    "statistics_clear": "بازنشانی آمار",
     "statistics_clear_confirm": "آیا واقعا میخواهید آمار را پاک کنید؟",
     "statistics_retention_confirm": "آیا واقعا میخواهید مدت حفظ آمار را تغییر دهید؟ اگر فاصله را کاهش دهید، برخی داده ها حذف میشود",
     "statistics_cleared": "آمارها با موفقیت حذف شد",
@@ -439,8 +441,6 @@
     "domain_desc": "نامه دامنه یا علامت تطبیقی را برای بازنویسی وارد کنید.",
     "example_rewrite_domain": "فقط بازنویسی پاسخ برای این دامنه.",
     "example_rewrite_wildcard": "بازنویسی پاسخ ها برای همه زیردامنه های <0>example.org</0>.",
-    "disable_ipv6": "غیرفعالسازی IPv6",
-    "disable_ipv6_desc": "اگر این ویژگی فعال شده، همه جستارهای DNS برای آدرس های IPv6 (نوع AAAA) رها میشود.",
     "fastest_addr": "سریعترین آدرس آی پی",
     "autofix_warning_text": "اگر روی \"تعمیر\" کلیک کنید، AdGuardHome سیستم شما را برای استفاده از DNS سرور AdGuardHome پیکربندی می کند.",
     "autofix_warning_list": "این وظایف را اجرا میکند: <0>غیرفعالسازی DNSStubListener سیستم</0> <0>تنظیم آدرس DNS 127.0.0.1</0> سرور به <0>جایگزینی لینک نمادی هدف /etc/resolv.conf به/run/systemd/resolve/resolv.conf</0> <0>توقف DNSStubListener (بارگیری مجدد سرویس systemd-resolved)</0>",
@@ -485,5 +485,9 @@
     "rewritten": "بازنویسی شده",
     "safe_search": "جستجوی اَمن",
     "blocklist": "لیست سیاه",
-    "milliseconds_abbreviation": "هـ ثـ"
+    "milliseconds_abbreviation": "هـ ثـ",
+    "filter_category_general": "General",
+    "filter_category_security": "مسدودسازی بدافزار و فیشینگ",
+    "filter_category_other": "ساير",
+    "parental_control": "نظارت والدین"
 }

client/src/__locales/fi.json

@@ -0,0 +1,631 @@
+{
+    "client_settings": "Päätelaiteasetukset",
+    "example_upstream_reserved": "voit määrittää DNS-ylävirran <0>tietyille verkkotunnuksille</0>",
+    "example_upstream_comment": "voit määrittää kommentin",
+    "upstream_parallel": "Käytä rinnakkaisia pyyntöjä ja nopeuta selvitystä käyttämällä kaikkia ylävirran palvelimia samanaikaisesti.",
+    "parallel_requests": "Rinnakkaiset pyynnöt",
+    "load_balancing": "Kuormantasaus",
+    "load_balancing_desc": "Lähetä pyyntö yhdelle ylävirran palvelimelle kerrallaan. AdGuard Home pyrkii valitsemaan nopeimman palvelimen painotetun satunnaisalgoritminsa avulla.",
+    "bootstrap_dns": "Bootstrap DNS-palvelimet",
+    "bootstrap_dns_desc": "Bootstrap DNS-palvelimia käytetään ylävirroiksi määritettyjen DoH/DoT-resolvereiden IP-osoitteiden selvitykseen.",
+    "local_ptr_title": "Yksityiset käänteiset DNS-palvelimet",
+    "local_ptr_desc": "DNS-palvelimet, joita AdGuard Home käyttää paikallisille PTR-pyynnöille. Näitä palvelimia käytetään yksityistä IP-osoitetta käyttävien päätelaitteiden osoitteiden, kuten \"192.168.12.34\", selvitykseen käänteisen DNS:n avulla. Jos ei käytössä, käyttää AdGuard Home käyttöjärjestelmän oletusarvoisia DNS-resolvereita, poislukien AdGuard Homen omat osoitteet.",
+    "local_ptr_default_resolver": "Oletusarvoisesti AdGuard Home käyttää seuraavia käänteisiä DNS-resolvereita: {{ip}}.",
+    "local_ptr_no_default_resolver": "AdGuard Home ei voinut määrittää tälle järjestelmälle sopivaa yksityistä käänteistä DNS-resolveria.",
+    "local_ptr_placeholder": "Syötä yksi palvelimen osoite per rivi",
+    "resolve_clients_title": "Käytä päätelaitteiden IP-osoitteille käänteistä selvitystä",
+    "resolve_clients_desc": "Selvitä päätelaitteiden IP-osoitteiden isäntänimet käänteisesti lähettämällä PTR-kyselyt sopiville resolvereille (yksityiset DNS-palvelimet paikallisille päätelaitteille, lähtevät palvelimet päätelaitteille, joilla on julkiset IP-osoitteet).",
+    "use_private_ptr_resolvers_title": "Käytä yksityisiä käänteisiä DNS-resolvereita",
+    "use_private_ptr_resolvers_desc": "Suorita käänteiset DNS-selvitykset paikallisesti tarjotuille osoitteille käyttäen näitä ylävirran palvelimia. Jos ei käytössä, vastaa AdGuard Home kaikkiin sen tyyppisiin PTR-pyyntöihin NXDOMAIN-arvolla, pois lukien DHCP, /etc/hosts, yms. -tiedoista tunnistettut päätelaitteet.",
+    "check_dhcp_servers": "Etsi DHCP-palvelimia",
+    "save_config": "Tallenna asetukset",
+    "enabled_dhcp": "DHCP-palvelin otettiin käyttöön",
+    "disabled_dhcp": "DHCP-palvelin poistettiin käytöstä",
+    "unavailable_dhcp": "DHCP ei ole käytettävissä",
+    "unavailable_dhcp_desc": "AdGuard Home ei voi suorittaa DHCP-palvelinta käyttöjärjestelmässäsi",
+    "dhcp_title": "DHCP-palvelin (kokeellinen!)",
+    "dhcp_description": "Jos reitittimessäsi ei ole DHCP-asetuksia, voit käyttää AdGuard Homen omaa sisäänrakennettua DHCP-palvelinta.",
+    "dhcp_enable": "Ota DHCP-palvelin käyttöön",
+    "dhcp_disable": "Poista DHCP-palvelin käytöstä",
+    "dhcp_not_found": "On turvallista ottaa sisäänrakennettu DHCP-palvelin käyttöön, koska AdGuard Home ei havainnut verkossa muita aktiivisia DHCP-palvelimia. Suosittelemme, että varmistat tämän vielä itse, koska automaattinen tunnistus ei ole 100% varma.",
+    "dhcp_found": "Verkossa havaittiin aktiivinen DHCP-palvelin. Sisäänrakennetun DHCP-palvelimen käyttöönotto ei ole turvallista.",
+    "dhcp_leases": "DHCP-lainat",
+    "dhcp_static_leases": "Kiinteät DHCP-lainat",
+    "dhcp_leases_not_found": "DHCP-lainoja ei löytynyt",
+    "dhcp_config_saved": "DHCP-asetukset tallennettiin",
+    "dhcp_ipv4_settings": "DHCP:n IPv4-asetukset",
+    "dhcp_ipv6_settings": "DHCP:n IPv6-asetukset",
+    "form_error_required": "Vaaditaan",
+    "form_error_ip4_format": "Virheellinen IPv4-osoite",
+    "form_error_ip4_range_start_format": "Virheellinen IPv4-osoitealueen aloitusosoite",
+    "form_error_ip4_range_end_format": "Virheellinen IPv4-osoitealueen päätösosoite",
+    "form_error_ip4_gateway_format": "Virheellinen yhdyskäytävän IPv4-osoite",
+    "form_error_ip6_format": "Virheellinen IPv6-osoite",
+    "form_error_ip_format": "Virheellinen IP-osoite",
+    "form_error_mac_format": "Virheellinen MAC-osoite",
+    "form_error_client_id_format": "Virheellinen päätelaitteen ID",
+    "form_error_server_name": "Virheellinen palvelimen nimi",
+    "form_error_subnet": "Aliverkko \"{{cidr}}\" ei sisällä IP-osoitetta \"{{ip}}\"",
+    "form_error_positive": "Oltava suurempi kuin 0",
+    "out_of_range_error": "Oltava alueen \"{{start}}\"-\"{{end}}\" ulkopuolella",
+    "lower_range_start_error": "Oltava alueen aloitusarvoa pienempi",
+    "greater_range_start_error": "Oltava alueen aloitusarvoa suurempi",
+    "greater_range_end_error": "Oltava alueen päätösarvoa pienempi",
+    "subnet_error": "Osoitteiden tulee olla yhdessä aliverkossa",
+    "gateway_or_subnet_invalid": "Virheellinen aliverkon peite",
+    "dhcp_form_gateway_input": "Yhdyskäytävän IP-osoite",
+    "dhcp_form_subnet_input": "Aliverkon peite",
+    "dhcp_form_range_title": "IP-osoitealue",
+    "dhcp_form_range_start": "Alueen aloitus",
+    "dhcp_form_range_end": "Alueen päätös",
+    "dhcp_form_lease_title": "DHCP-lainan kesto (sekunteina)",
+    "dhcp_form_lease_input": "Lainan kesto",
+    "dhcp_interface_select": "Valitse DHCP:lle käytettävä verkkosovitin",
+    "dhcp_hardware_address": "Laiteosoite (MAC)",
+    "dhcp_ip_addresses": "IP-osoitteet",
+    "ip": "IP",
+    "dhcp_table_hostname": "Isäntänimi",
+    "dhcp_table_expires": "Erääntyy",
+    "dhcp_warning": "Jos tahdot kuitenkin ottaa DHCP-palvelimen käyttöön, varmista, ettei verkossasi ole muita aktiivisia DHCP-palvelimia, koska tämä voi rikkoa Internet-yhteyden muilta verkon laitteilta!",
+    "dhcp_error": "AdGuard Home ei voinut tunnistaa, onko verkossa toista aktiivista DHCP-palvelinta.",
+    "dhcp_static_ip_error": "Jotta DHCP-palvelinta voidaan käyttää, on määritettävä kiinteä IP-osoite. AdGuard Home ei voinut tunnistaa, onko tälle verkkosovittimelle määritetty IP-osoite kiinteä. Määritä kiinteä IP-osoite itse.",
+    "dhcp_dynamic_ip_found": "Järjestelmäsi käyttää verkkosovittimelle <0>{{interfaceName}}</0> dynaamista IP-osoitetta. Jotta voit käyttää DHCP-palvelinta, on sovittimelle määritettävä kiinteä IP-osoite. Nykyinen IP-osoitteesi on <0>{{ipAddress}}</0>. Tämä osoite määritetään automaattisesti kiinteäksi, jos painat \"Ota DHCP-palvelin käyttöön\" -painiketta.",
+    "dhcp_lease_added": "Kiinteä laina \"{{key}}\" on lisätty",
+    "dhcp_lease_deleted": "Kiinteä laina \"{{key}}\" poistettiin",
+    "dhcp_new_static_lease": "Uusi kiinteä laina",
+    "dhcp_static_leases_not_found": "Kiinteitä DHCP-lainoja ei löytynyt",
+    "dhcp_add_static_lease": "Lisää kiinteä laina",
+    "dhcp_reset_leases": "Tyhjennä kaikki lainat",
+    "dhcp_reset_leases_confirm": "Haluatko varmasti tyhjentää kaikki lainat?",
+    "dhcp_reset_leases_success": "DHCP-lainat tyhjennettiin",
+    "dhcp_reset": "Haluatko varmasti palauttaa DHCP-asetukset?",
+    "country": "Maa",
+    "city": "Kaupunki",
+    "delete_confirm": "Haluatko varmasti poistaa kohteen \"{{key}}\"?",
+    "form_enter_hostname": "Syötä isäntänimi",
+    "error_details": "Virheen tiedot",
+    "response_details": "Vastauksen tiedot",
+    "request_details": "Pyynnön tiedot",
+    "client_details": "Päätelaitteen tiedot",
+    "details": "Tiedot",
+    "back": "Takaisin",
+    "dashboard": "Tila",
+    "settings": "Asetukset",
+    "filters": "Suodattimet",
+    "filter": "Suodatin",
+    "query_log": "Pyyntöhistoria",
+    "compact": "Tiivis",
+    "nothing_found": "Ei tuloksia",
+    "faq": "UKK",
+    "version": "Versio",
+    "address": "Osoite",
+    "protocol": "Protokolla",
+    "on": "Käytössä",
+    "off": "Ei käytössä",
+    "copyright": "Tekijänoikeus",
+    "homepage": "Verkkosivusto",
+    "report_an_issue": "Ilmoita ongelmasta",
+    "privacy_policy": "Tietosuojakäytäntö",
+    "enable_protection": "Ota suojaus käyttöön",
+    "enabled_protection": "Suojaus otettiin käyttöön",
+    "disable_protection": "Poista suojaus käytöstä",
+    "disabled_protection": "Suojaus poistettiin käytöstä",
+    "refresh_statics": "Päivitä tilastot",
+    "dns_query": "DNS-pyyntöä",
+    "blocked_by": "<0>Suodatinten estämää</0>",
+    "stats_malware_phishing": "Estetyt haittaohjelmat/tietojenkalastelut",
+    "stats_adult": "Estetyt aikuisille tarkoitetut sivustot",
+    "stats_query_domain": "Kysytyimmät verkkotunnukset",
+    "for_last_24_hours": "viimeisten 24 tunnin ajalta",
+    "for_last_days": "viimeisen {{count}} päivän ajalta",
+    "for_last_days_plural": "viimeisten {{count}} päivän ajalta",
+    "stats_disabled": "Tilastointi ei ole käytössä. Voit ottaa sen käyttöön <0>asetuksista</0>.",
+    "stats_disabled_short": "Tilastointi ei ole käytössä",
+    "no_domains_found": "Verkkotunnuksia ei löytynyt",
+    "requests_count": "Pyyntöjen määrä",
+    "top_blocked_domains": "Estetyimmät verkkotunnukset",
+    "top_clients": "Käytetyimmät päätelaitteet",
+    "no_clients_found": "Päätelaitteita ei löytynyt",
+    "general_statistics": "Yleiset tilastot",
+    "number_of_dns_query_days": "Käsiteltyjen DNS-pyyntöjen määrä viimeisen {{count}} päivän ajalta",
+    "number_of_dns_query_days_plural": "Käsiteltyjen DNS-pyyntöjen määrä viimeisten {{count}} päivän ajalta",
+    "number_of_dns_query_24_hours": "Käsiteltyjen DNS-pyyntöjen määrä viimeisten 24 tunnin ajalta",
+    "number_of_dns_query_blocked_24_hours": "Mainoseston suodattimien ja hosts-estolistojen estämien DNS-pyyntöjen määrä",
+    "number_of_dns_query_blocked_24_hours_by_sec": "AdGuardin Turvallinen selaus -moduulin estämien DNS-pyyntöjen määrä",
+    "number_of_dns_query_blocked_24_hours_adult": "Estettyjen aikuisille tarkoitettujen sivustojen määrä",
+    "enforced_save_search": "Turvallinen haku pakotettiin",
+    "number_of_dns_query_to_safe_search": "DNS-pyyntöjen määrä, joille turvallinen haku pakotettiin käyttöön",
+    "average_processing_time": "Keskimääräinen käsittelyaika",
+    "average_processing_time_hint": "Keskimääräinen DNS-pyynnön käsittelyyn kulutettu aika millisekunteina",
+    "block_domain_use_filters_and_hosts": "Estä verkkotunnuksia suodattimilla ja hosts-tiedostoilla",
+    "filters_block_toggle_hint": "Voit määrittää estosääntöjä <a>suodatinasetuksissa</a>.",
+    "use_adguard_browsing_sec": "Käytä AdGuardin turvallisen selauksen palvelua",
+    "use_adguard_browsing_sec_hint": "AdGuard Home tarkistaa onko verkkotunnus turvallisen selauksen verkkopalvelun estämä. Se käyttää tarkastukseen tietosuojapainotteista rajapintaa: palvelimelle lähetetään vain pieni osa verkkotunnuksen SHA256-hajautusarvosta.",
+    "use_adguard_parental": "Käytä AdGuardin lapsilukko-palvelua",
+    "use_adguard_parental_hint": "AdGuard Home tarkistaa, sisältääkö verkkotunnus aikuisille tarkoitettua sisältöä. Se käyttää samaa tietosuojapainotteista rajapintaa, kuin turvallisen selauksen palvelu.",
+    "enforce_safe_search": "Pakota turvallinen haku",
+    "enforce_save_search_hint": "AdGuard Home voi pakottaa turvallisen haun käyttöön seuraavissa hakukoneissa: Google, YouTube, Bing, DuckDuckGo, Yandex, Pixabay.",
+    "no_servers_specified": "Palvelimia ei ole määritetty",
+    "general_settings": "Yleiset asetukset",
+    "dns_settings": "DNS-asetukset",
+    "dns_blocklists": "DNS-estolistat",
+    "dns_allowlists": "DNS-sallittujen listat",
+    "dns_blocklists_desc": "AdGuard Home estää estolistalla olevat verkkotunnukset.",
+    "dns_allowlists_desc": "DNS-sallittujen listalla olevat verkkotunnukset sallitaan myös silloin, jos ne ovat jollain muulla estolistalla.",
+    "custom_filtering_rules": "Omat suodatussäännöt",
+    "encryption_settings": "Salausasetukset",
+    "dhcp_settings": "DHCP-asetukset",
+    "upstream_dns": "Ylävirran DNS-palvelimet",
+    "upstream_dns_help": "Syötä yksi palvelinosoite per rivi. <a>Lue lisää</a> ylävirran DNS-palvelinten määrityksestä.",
+    "upstream_dns_configured_in_file": "Määritetty tiedostossa {{path}}",
+    "test_upstream_btn": "Testaa ylävirtoja",
+    "upstreams": "Ylävirrat",
+    "apply_btn": "Käytä",
+    "disabled_filtering_toast": "Suodatus poistettiin käytöstä",
+    "enabled_filtering_toast": "Suodatus otettiin käyttöön",
+    "disabled_safe_browsing_toast": "Turvallinen selaus poistettiin käytöstä",
+    "enabled_safe_browsing_toast": "Turvallinen selaus otettiin käyttöön",
+    "disabled_parental_toast": "Lapsilukko poistettiin käytöstä",
+    "enabled_parental_toast": "Lapsilukko otettiin käyttöön",
+    "disabled_safe_search_toast": "Turvallinen haku poistettiin käytöstä",
+    "enabled_save_search_toast": "Turvallinen haku otettiin käyttöön",
+    "enabled_table_header": "Käytössä",
+    "name_table_header": "Nimi",
+    "list_url_table_header": "Listan URL",
+    "rules_count_table_header": "Sääntöjä",
+    "last_time_updated_table_header": "Viimeisin päivitys",
+    "actions_table_header": "Toiminnot",
+    "request_table_header": "Pyyntö",
+    "edit_table_action": "Muokkaa",
+    "delete_table_action": "Poista",
+    "elapsed": "Kesto",
+    "filters_and_hosts_hint": "AdGuard Home ymmärtää mainoseston perussääntöjen sekä hosts-tiedostojen syntakseja.",
+    "no_blocklist_added": "Estolistoja ei ole lisätty",
+    "no_whitelist_added": "Sallittujen listoja ei ole lisätty",
+    "add_blocklist": "Lisää estolista",
+    "add_allowlist": "Lisää sallittujen lista",
+    "cancel_btn": "Peruuta",
+    "enter_name_hint": "Syötä nimi",
+    "enter_url_or_path_hint": "Syötä listan URL-osoite tai tarkka tiedostosijainti",
+    "check_updates_btn": "Tarkista päivitykset",
+    "new_blocklist": "Uusi estolista",
+    "new_allowlist": "Uusi sallittujen lista",
+    "edit_blocklist": "Muokkaa estolistaa",
+    "edit_allowlist": "Muokkaa sallittujen listaa",
+    "choose_blocklist": "Valitse estolistat",
+    "choose_allowlist": "Valitse sallittujen listat",
+    "enter_valid_blocklist": "Syötä estolistan URL-osoite.",
+    "enter_valid_allowlist": "Syötä sallittujen listan URL-osoite.",
+    "form_error_url_format": "Virheellinen URL-osoitteen muoto",
+    "form_error_url_or_path_format": "Syötä listan URL-osoite tai tarkka tiedostosijainti",
+    "custom_filter_rules": "Omat suodatussäännöt",
+    "custom_filter_rules_hint": "Syötä yksi sääntö per rivi. Voit käyttää mainoseston sääntöjen tai hosts-tiedostojen syntakseja.",
+    "system_host_files": "Järjestelmän hosts-tiedostot",
+    "examples_title": "Esimerkkejä",
+    "example_meaning_filter_block": "estä pääsy verkkotunnukseen example.org ja sen aliverkkotunnuksiin",
+    "example_meaning_filter_whitelist": "salli pääsy verkkotunnukseen example.org ja sen aliverkkotunnuksiin",
+    "example_meaning_host_block": "AdGuard Home palauttaa verkkotunnukselle example.org osoitteen 127.0.0.1 (muttei sen aliverkkotunnuksille)",
+    "example_comment": "! Tähän tulee kommentti",
+    "example_comment_meaning": "voit määrittää kommentin",
+    "example_comment_hash": "# Myös tämä on kommentti",
+    "example_regex_meaning": "estä pääsy säännöllistä lauseketta vastaaviin verkkotunnuksiin",
+    "example_upstream_regular": "tavallinen DNS (UDP)",
+    "example_upstream_dot": "salattu <0>DNS-over-TLS</0>",
+    "example_upstream_doh": "salattu <0>DNS-over-HTTPS</0>",
+    "example_upstream_doq": "salattu <0>DNS-over-QUIC</0>",
+    "example_upstream_sdns": "voit käyttää <0>DNS Stamp</0> -merkintöjä <1>DNSCrypt</1> tai <2>DNS-over-HTTPS</2> -resolvereille",
+    "example_upstream_tcp": "tavallinen DNS (TCP)",
+    "all_lists_up_to_date_toast": "Kaikki listat ovat ajan tasalla",
+    "updated_upstream_dns_toast": "Ylävirtojen palvelimet tallennettiin",
+    "dns_test_ok_toast": "Määritetyt DNS-palvelimet toimivat oikein",
+    "dns_test_not_ok_toast": "Palvelin \"{{key}}\": ei voitu käyttää, tarkista sen oikeinkirjoitus",
+    "unblock": "Salli",
+    "block": "Estä",
+    "disallow_this_client": "Estä tämä päätelaite",
+    "allow_this_client": "Salli tämä päätelaite",
+    "block_for_this_client_only": "Estä vain tältä päätelaitteelta",
+    "unblock_for_this_client_only": "Salli vain tälle päätelaitteelle",
+    "time_table_header": "Aika",
+    "date": "Päiväys",
+    "domain_name_table_header": "Verkkotunnus",
+    "domain_or_client": "Verkkotunnus tai päätelaite",
+    "type_table_header": "Tyyppi",
+    "response_table_header": "Vastaus",
+    "response_code": "Vastauksen koodi",
+    "client_table_header": "Asiakas",
+    "empty_response_status": "Tyhjä",
+    "show_all_filter_type": "Näytä kaikki",
+    "show_filtered_type": "Näytä suodatetut",
+    "no_logs_found": "Historiatietoja ei ole",
+    "refresh_btn": "Päivitä",
+    "previous_btn": "Edellinen",
+    "next_btn": "Seuraava",
+    "loading_table_status": "Ladataan...",
+    "page_table_footer_text": "Sivu",
+    "rows_table_footer_text": "riviä",
+    "updated_custom_filtering_toast": "Omat suodatussäännöt päivitettiin",
+    "rule_removed_from_custom_filtering_toast": "Sääntö poistettiin omista suodatussäännöistä: {{rule}}",
+    "rule_added_to_custom_filtering_toast": "Sääntö lisättiin omiin suodatussääntöihin: {{rule}}",
+    "query_log_response_status": "Tila: {{value}}",
+    "query_log_filtered": "Suodattanut {{filter}}",
+    "query_log_confirm_clear": "Haluatko varmasti tyhjentää pyyntöhistorian?",
+    "query_log_cleared": "Pyyntöhistoria tyhjennettiin",
+    "query_log_updated": "Pyyntöhistoria päivitettiin",
+    "query_log_clear": "Tyhjennä pyyntöhistoria",
+    "query_log_retention": "Pyyntöhistorian säilytys",
+    "query_log_enable": "Käytä historiaa",
+    "query_log_configuration": "Historian määritys",
+    "query_log_disabled": "Pyyntöhistoria ei ole käytössä. Voit ottaa sen käyttöön <0>asetuksissa</0>",
+    "query_log_strict_search": "Käytä tarkalle haulle lainausmerkkejä",
+    "query_log_retention_confirm": "Haluatko varmasti muuttaa pyyntöhistoriasi säilytysaikaa? Jos lyhennät aikaa, joitakin tietoja menetetään",
+    "anonymize_client_ip": "Piilota päätelaitteen IP-osoite",
+    "anonymize_client_ip_desc": "Älä tallenna päätelaitteen täydellistä IP-osoitetta historiaan ja tilastoihin",
+    "dns_config": "DNS-palvelimen määritys",
+    "dns_cache_config": "DNS-välimuistin määritys",
+    "dns_cache_config_desc": "Täällä voit määrittää DNS-välimuistin asetukset",
+    "blocking_mode": "Estotila",
+    "default": "Oletus",
+    "nxdomain": "NXDOMAIN",
+    "refused": "REFUSED",
+    "null_ip": "Tyhjä IP",
+    "custom_ip": "Oma IP",
+    "blocking_ipv4": "IPv4-esto",
+    "blocking_ipv6": "IPv6-esto",
+    "dnscrypt": "DNSCrypt",
+    "dns_over_https": "DNS-over-HTTPS",
+    "dns_over_tls": "DNS-over-TLS",
+    "dns_over_quic": "DNS-over-QUIC",
+    "client_id": "Päätelaitteen ID",
+    "client_id_placeholder": "Syötä päätelaitteen ID",
+    "client_id_desc": "Eri päätelaitteet voidaan tunnistaa erityisillä tunnisteilla. <a>Täältä</a> löydät lisätietoja päätelaitteiden tunnistuksesta.",
+    "download_mobileconfig_doh": "Lataa .mobileconfig-tiedosto DNS-over-HTTPS -käytölle",
+    "download_mobileconfig_dot": "Lataa .mobileconfig-tiedosto DNS-over-TLS -käytölle",
+    "download_mobileconfig": "Lataa asetustiedosto",
+    "plain_dns": "Tavallinen DNS",
+    "form_enter_rate_limit": "Syötä rajoitus",
+    "rate_limit": "Pyyntöjen ajoitus",
+    "edns_enable": "Käytä EDNS-päätelaitealivekkoa",
+    "edns_cs_desc": "Lähetä päätelaitteiden aliverkot DNS-palvelimille.",
+    "rate_limit_desc": "Päätelaitteelle sallittu pyyntöjen enimmäismäärä sekunnissa. Arvo 0 tarkoittaa rajatonta.",
+    "blocking_ipv4_desc": "Estettyyn A-pyyntöön palautettava IP-osoite",
+    "blocking_ipv6_desc": "Estettyyn AAAA-pyyntöön palautettava IP-osoite",
+    "blocking_mode_default": "Oletus: Vastaa IP-nollaosoitteella (0.0.0.0 korvaa A; :: korvaa AAAA) kun estetään mainoseston säännöllä; vastaa säännön määrittämällä IP-osoitteella kun estetään /etc/hosts-tyyppisellä säännöllä",
+    "blocking_mode_refused": "REFUSED: Vastaa REFUSED-koodilla",
+    "blocking_mode_nxdomain": "NXDOMAIN: Vastaa NXDOMAIN-koodilla",
+    "blocking_mode_null_ip": "Tyhjä IP: Vastaa IP-nollaosoitteella (0.0.0.0 korvaa A; :: korvaa AAAA)",
+    "blocking_mode_custom_ip": "Oma IP: Vastaa itse määritetyllä IP-osoitteella",
+    "upstream_dns_client_desc": "Jos tämä on tyhjä, käyttää AdGuard Home <0>DNS-asetuksissa</0> määritettyjä palvelimia.",
+    "tracker_source": "Seurannan lähde",
+    "source_label": "Lähde",
+    "found_in_known_domain_db": "Löytyi tunnettujen verkkotunnusten tietokannasta.",
+    "category_label": "Luokitus",
+    "rule_label": "Säännöt",
+    "list_label": "Lista",
+    "unknown_filter": "Tuntematon suodatin {{filterId}}",
+    "known_tracker": "Tunnettu seuranta",
+    "install_welcome_title": "Tervetuloa AdGuard Homeen!",
+    "install_welcome_desc": "AdGuard Home on verkonlaajuinen mainoksia ja seurantoja estävä DNS-palvelin. Sen tarkoitus on mahdollistaa verkon sekä siihen liitettyjen laitteiden hallinta ja valvonta, eikä se vaadi asiakasohjelmistojen asennusta päätelaitteille.",
+    "install_settings_title": "Hallintapaneeli",
+    "install_settings_listen": "Käytettävä verkkosovitin",
+    "install_settings_port": "Portti",
+    "install_settings_interface_link": "AdGuard Home -asennuksesi hallintapaneeli on käytettävissä seuraavilla osoitteilla:",
+    "form_error_port": "Syötä oikea portin numero",
+    "install_settings_dns": "DNS-palvelin",
+    "install_settings_dns_desc": "Sinun on määritettävä laitteesi tai reitittimesi käyttämään DNS-palvelinta seuraavissa osoitteissa:",
+    "install_settings_all_interfaces": "Kaikki verkkosovittimet",
+    "install_auth_title": "Tunnistautuminen",
+    "install_auth_desc": "AdGuard Homen hallinnalle on määritettävä salasanasuojaus. Vaikka se olisikin tavoitettavissa vain lähiverkon välityksellä, on silti tärkeää suojata se luvattomalta käytöltä.",
+    "install_auth_username": "Käyttäjätunnus",
+    "install_auth_password": "Salasana",
+    "install_auth_confirm": "Vahvista salasana",
+    "install_auth_username_enter": "Syötä käyttäjätunnus",
+    "install_auth_password_enter": "Syötä salasana",
+    "install_step": "Vaihe",
+    "install_devices_title": "Määritä laitteet",
+    "install_devices_desc": "AdGuard Homen käytön aloittamiseksi, on laitteet määritettävä käyttämään sitä.",
+    "install_submit_title": "Onnittelut!",
+    "install_submit_desc": "Asennus on valmis ja AdGuard Home on valmis käyttöön.",
+    "install_devices_router": "Reititin",
+    "install_devices_router_desc": "Asennus kattaa kaikki reitittimeen liitetyt laitteet, eikä niitä tarvitse määrittää erikseen yksitellen.",
+    "install_devices_address": "AdGuard Homen DNS-palvelin kuuntelee seuraavissa osoitteissa",
+    "install_devices_router_list_1": "Avaa reitittimesi hallinta. Yleensä se avautuu selaimen kautta, URL-osoitteella, kuten http://192.168.0.1 tai http://192.168.1.1. Saatat joutua syöttämään käyttäjätunnuksen ja salasanan. Jos et muista tai tiedä sitä, voit yleensä palauttaa salasanan (ja kaikki muut!) reitittimen asetukset oletusarvoihin painamalla laitteessa olevaa reset-painiketta muutaman sekunnin ajan. Jos reitittimen määritys vaatii erillisen sovelluksen käyttöä, asenna se mobiililaitteelle tai tietokoneelle ja käytä reitittimen hallintaa sen kautta. Tutustu reitittimen käyttöoppaaseen.",
+    "install_devices_router_list_2": "Etsi DHCP/DNS-asetukset. Etsi kirjainyhdistelmää DNS sellaisen kenttien vierestä, joihin voidaan syöttää kaksi tai kolme numerosarjaa, joista jokainen on eroteltu neljään ryhmään, joista jokainen sisältää yhdestä kolmeen numeroa.",
+    "install_devices_router_list_3": "Syötä sinne AdGuard Home -palvelimesi osoitteet.",
+    "install_devices_router_list_4": "Joissakin reitittimissä ei ole mahdollista määrittää omaa DNS-palvelinta. Tällöin AdGuard Homen määritys <0>DHCP-palvelimeksi</0> voi auttaa. Muutoin on selvitettävä reitittimen käyttöohjeesta, miten sen DNS-palvelinasetukset muutetaan.",
+    "install_devices_windows_list_1": "Avaa \"Ohjauspaneeli\" Käynnistä-valikon tai Windowsin haun kautta.",
+    "install_devices_windows_list_2": "Avaa \"Verkko ja Internet\" -ryhmä ja sitten \"Verkko ja jakamiskeskus\".",
+    "install_devices_windows_list_3": "Etsi ikkunan vasemmasta laidasta \"Muuta sovittimen asetuksia\" ja paina sitä.",
+    "install_devices_windows_list_4": "Valitse aktiivinen yhteytesi, paina sitä hiiren kakkospainikkeella ja valitse valikosta \"Ominaisuudet\".",
+    "install_devices_windows_list_5": "Etsi listasta \"Internet protokolla versio 4 (TCP/IP)\", valitse se ja paina jälleen \"Ominaisuudet\".",
+    "install_devices_windows_list_6": "Valitse \"Käytä seuraavia DNS-palvelinten osoitteita\" ja syötä AdGuard Home -palvelimesi osoitteet.",
+    "install_devices_macos_list_1": "Avaa Omenavalikko ja valitse \"Järjestelmäasetukset \".",
+    "install_devices_macos_list_2": "Paina \"Verkko\".",
+    "install_devices_macos_list_3": "Valitse listan ensimmäinen yhteys ja paina \"Lisävalinnat\".",
+    "install_devices_macos_list_4": "Valitse DNS-välilehti ja syötä AdGuard Home -palvelimesi osoitteet.",
+    "install_devices_android_list_1": "Napauta Android-laitteesi aloitusnäytöstä tai sovellusvalikosta \"Asetukset\".",
+    "install_devices_android_list_2": "Napauta \"Yhteydet\" ja sitten \"Wi-Fi\". Näytetään kaikki käytettävissä olevat langattomat verkot (mobiiliverkolle ei ole mahdollista määrittää omaa DNS-palvelinta).",
+    "install_devices_android_list_3": "Napauta yhdistetyn verkon vieressä olevaa asetuskuvaketta tai paina verkkoa pitkään ja valitse \"Muokkaa verkkoa\".",
+    "install_devices_android_list_4": "Saatat joutua napauttamaan \"Lisäasetukset\" nähdäksesi lisää valintoja. Muuttaaksesi DNS-asetuksia, on \"IP-asetukset\" -kohdan \"DHCP\" -valinta vaihdettava \"Staattinen\" -valintaan.",
+    "install_devices_android_list_5": "Syötä \"DNS 1\" ja \"DNS 2\" -kenttiin AdGuard Home -palvelimesi osoitteet.",
+    "install_devices_ios_list_1": "Napauta aloitusnäytöstä \"Asetukset\".",
+    "install_devices_ios_list_2": "Valitse vasemmalta \"Wi-Fi\" (mobiiliverkolle ei ole mahdollista määrittää omaa DNS-palvelinta).",
+    "install_devices_ios_list_3": "Valitse yhdistetty verkko.",
+    "install_devices_ios_list_4": "Syötä \"DNS\" -kenttään AdGuard Home -palvelimesi osoitteet.",
+    "get_started": "Aloita",
+    "next": "Seuraava",
+    "open_dashboard": "Avaa hallintapaneeli",
+    "install_saved": "Tallenus onnistui",
+    "encryption_title": "Salaus",
+    "encryption_desc": "Salaus (HTTPS/TLS) DNS-palvelimelle ja selaimen hallintasivulle",
+    "encryption_config_saved": "Salausasetukset tallennettiin",
+    "encryption_server": "Palvelimen nimi",
+    "encryption_server_enter": "Syötä verkkotunnuksesi",
+    "encryption_server_desc": "HTTPS-yhteyden käyttöä varten, on syötettävä SSL- tai jokerivarmennetta vastaava palvelimen nimi. Jos kenttä on tyhjä, sallitaan kaikkien verkkotunnusten TLS-yhteydet.",
+    "encryption_redirect": "Automaattinen HTTPS-ohjaus",
+    "encryption_redirect_desc": "Jos käytössä, AdGuard Home ohjaa HTTP-osoitteet automaattisesti HTTPS-osoitteisiin.",
+    "encryption_https": "HTTPS-portti",
+    "encryption_https_desc": "Jos HTTPS-portti on määritetty, on AdGuard Homen hallintapaneeli käytettävissä HTTPS-yhteydellä ja lisäksi tämä mahdollistaa myös DNS-over-HTTPS -yhteyden '/dns-query' -kohteessa.",
+    "encryption_dot": "DNS-over-TLS -portti",
+    "encryption_dot_desc": "Jos portti on määritetty, AdGuard Home suorittaa DNS-over-TLS -palvelimen tässä portissa.",
+    "encryption_doq": "DNS-over-QUIC -portti",
+    "encryption_doq_desc": "Jos portti on määritetty, AdGuard Home suorittaa DNS-over-QUIC -palvelimen tässä portissa. Ominaisuus on kokeellinen, eikä välttämättä luotettava. Lisäksi tätä tukevia päätelaitteita ei vielä ole kovin paljon.",
+    "encryption_certificates": "Varmenteet",
+    "encryption_certificates_desc": "Salauksen käyttämiseksi, on syötettävä verkkotunnuksellesi myönnetty, aito SSL-varmenneketju. Voit hankkia ilmaisen varmenteen osoitteesta <0>{{link}}</0> tai ostaa sellaisen joltakin luotetulta varmentajalta.",
+    "encryption_certificates_input": "Kopioi/liitä PEM-koodatut varmenteesi tähän.",
+    "encryption_status": "Tila",
+    "encryption_expire": "Erääntyy",
+    "encryption_key": "Yksityinen avain",
+    "encryption_key_input": "Kopioi/liitä tähän varmenteesi PEM-koodattu yksityinen avain.",
+    "encryption_enable": "Käytä salausta (HTTPS, DNS-over-HTTPS ja DNS-over-TLS)",
+    "encryption_enable_desc": "Jos salaus on käytössä, AdGuard Homen hallinta on käytettävissä HTTPS-yhteydellä ja DNS-palvelin kuuntelee pyyntöjä DNS-over-HTTPS ja DNS-over-TLS -yhteyksillä.",
+    "encryption_chain_valid": "Varmenneketju on pätevä",
+    "encryption_chain_invalid": "Varmenneketju ei kelpaa",
+    "encryption_key_valid": "Yksityinen {{type}}-avain on pätevä",
+    "encryption_key_invalid": "Yksityinen {{type}}-avain ei kelpaa",
+    "encryption_subject": "Aihe",
+    "encryption_issuer": "Toimittaja",
+    "encryption_hostnames": "Isäntänimet",
+    "encryption_reset": "Haluatko varmasti palauttaa salausasetukset?",
+    "topline_expiring_certificate": "SSL-varmenteesi on erääntymässä. Päivitä <0>Salausasetukset</0>.",
+    "topline_expired_certificate": "SSL-varmenteesi on erääntynyt. Päivitä <0>Salausasetukset</0>.",
+    "form_error_port_range": "Syötä portti väliltä 80-65535",
+    "form_error_port_unsafe": "Tämä portti ei ole turvallinen",
+    "form_error_equal": "Ei voi olla sama",
+    "form_error_password": "Salasanat eivät täsmää",
+    "reset_settings": "Tyhjennä asetukset",
+    "update_announcement": "AdGuard Home {{version}} on nyt saatavilla! <0>Paina tästä</0> saadaksesi lisätietoja.",
+    "setup_guide": "Asennusopas",
+    "dns_addresses": "DNS-osoitteet",
+    "dns_start": "DNS-palvelin käynnistyy",
+    "dns_status_error": "Virhe tarkistettaessa DNS-palvelimen tilaa",
+    "down": "yhteydetön",
+    "fix": "Korjaa",
+    "dns_providers": "Katso <0>luettelo tunnetuista DNS-palveluista</0>, joista valita.",
+    "update_now": "Päivitä nyt",
+    "update_failed": "Automaattinen päivitys epäonnistui. Seuraa <a>näitä ohjeita</a> päivittääksesi manuaalisesti.",
+    "processing_update": "Odota kun AdGuard Home päivittyy",
+    "clients_title": "Päätelaitteet",
+    "clients_desc": "Määritä AdGuard Homeen yhdistetyt päätelaitteet",
+    "settings_global": "Yleinen",
+    "settings_custom": "Oma",
+    "table_client": "Päätelaite",
+    "table_name": "Nimi",
+    "save_btn": "Tallenna",
+    "client_add": "Lisää päätelaite",
+    "client_new": "Uusi päätelaite",
+    "client_edit": "Muokkaa päätelaitetta",
+    "client_identifier": "Tunniste",
+    "ip_address": "IP-osoite",
+    "client_identifier_desc": "Päätelaitteet voidaan tunnistaa IP-osoitteista, CIDR-merkinnöistä, MAC-osoitteista tai erityisistä päätelaitteen ID-tunnisteista (voidaan käyttää DoT/DoH/DoQ kanssa). <0>Täältä</0> voit lukea lisää päätelaitteiden tunnistuksesta.",
+    "form_enter_ip": "Syötä IP-osoite",
+    "form_enter_subnet_ip": "Syötä IP-osoite aliverkkoon \"{{cidr}}\"",
+    "form_enter_mac": "Syötä MAC-osoite",
+    "form_enter_id": "Muokkaa tunnistetta",
+    "form_add_id": "Lisää tunniste",
+    "form_client_name": "Syötä päätelaitteen nimi",
+    "name": "Nimi",
+    "client_global_settings": "Käytä yleisiä asetuksia",
+    "client_deleted": "Päätelaite \"{{key}}\" poistettiin",
+    "client_added": "Päätelaite \"{{key}}\" lisättiin",
+    "client_updated": "Päätelaite \"{{key}}\" päivitettiin",
+    "clients_not_found": "Päätelaitteita ei löytynyt",
+    "client_confirm_delete": "Haluatko varmasti poistaa päätelaitteen \"{{key}}\"?",
+    "list_confirm_delete": "Haluatko varmasti poistaa tämän listan?",
+    "auto_clients_title": "Päätelaitteet (määrittämättömät)",
+    "auto_clients_desc": "Tiedot niistä AdGuard Homea käyttävistä päätelaitteista, joita ei ole määritetty asetuksissa",
+    "access_title": "Käytön asetukset",
+    "access_desc": "Tässä voidaan määrittää AdGuard Homen DNS-palvelimen käyttöoikeussääntöjä.",
+    "access_allowed_title": "Sallitut päätelaitteet",
+    "access_allowed_desc": "Lista CIDR-merkinnöistä, IP-osoitteista tai päätelaitteiden ID-tunnisteista. Jos määritetty, hyväksyy AdGuard Home pyyntöjä vain näiltä päätelaitteilta.",
+    "access_disallowed_title": "Kielletyt päätelaitteet",
+    "access_disallowed_desc": "Lista CIDR-merkinnöistä, IP-osoitteista tai päätelaitteiden ID-tunnisteista. Jos määritetty, hylkää AdGuard Home näiden päätelaitteiden pyynnöt. Tätä kenttää ei huomioida, jos sallittuja päätelaitteita on määritetty.",
+    "access_blocked_title": "Kielletyt verkkotunnukset",
+    "access_blocked_desc": "Ei pidä sekoittaa suodattimiin. AdGuard Home hylkää näiden verkkotunnusten DNS-pyynnöt, eivätkä nämä pyynnöt näy edes pyyntöhistoriassa. Tähän voidaan syöttää tarkkoja verkkotunnuksia, jokerimerkkejä tai URL-suodatussääntöjä, kuten \"example.org\", \"*.example.org\" tai \"||example.org^\".",
+    "access_settings_saved": "Käytön asetukset tallennettiin",
+    "updates_checked": "Päivitykset tarkastettiin",
+    "updates_version_equal": "AdGuard Home on ajan tasalla",
+    "check_updates_now": "Tarkista päivitykset nyt",
+    "dns_privacy": "DNS-tietosuoja",
+    "setup_dns_privacy_1": "<0>DNS-over-TLS:</0> Käytä merkkijonoa <1>{{address}}</1>.",
+    "setup_dns_privacy_2": "<0>DNS-over-HTTPS:</0> Käytä merkkijonoa <1>{{address}}</1>.",
+    "setup_dns_privacy_3": "<0>Tässä on lista ohjelmistoista, joita voit käyttää.</0>",
+    "setup_dns_privacy_4": "iOS 14 ja macOS Big Sur -laitteille voidaan ladata erityinen '.mobileconfig' -tiedosto, joka lisää DNS-asetuksiin <highlight>DNS-over-HTTPS</highlight> tai <highlight>DNS-over-TLS</highlight> -palvelimet.",
+    "setup_dns_privacy_android_1": "Android 9 tukee DNS-over-TLS -toteutusta natiivisti. Se määritetään syöttämällä oma verkkotunnus kohtaan \"Asetukset\" → \"Yhteydet\" → \"Lisää yhteysasetuksia\" → \"Yksityinen DNS\".",
+    "setup_dns_privacy_android_2": "<0>AdGuard Androidille</0> tukee <1>DNS-over-HTTPS</1> ja <1>DNS-over-TLS</1> -toteutuksia.",
+    "setup_dns_privacy_android_3": "<0>Intra</0> lisää <1>DNS-over-HTTPS</1> tuen Androidiin.",
+    "setup_dns_privacy_ios_1": "<0>DNSCloak</0> tukee <1>DNS-over-HTTPS</1>, mutta oman palvelimen käyttö' varten sille on luotava <2>DNS Stamp</2> -merkintä.",
+    "setup_dns_privacy_ios_2": "<0>AdGuard iOS:lle</0> tukee <1>DNS-over-HTTPS</1> ja <1>DNS-over-TLS</1> -toteutuksia.",
+    "setup_dns_privacy_other_title": "Muita toteutuksia",
+    "setup_dns_privacy_other_1": "AdGuard Home voi itse olla turvallinen DNS-päätelaite millä tahansa alustalla.",
+    "setup_dns_privacy_other_2": "<0>dnsproxy</0> tukee kaikkia tunnettuja turvallisia DNS-protokollia.",
+    "setup_dns_privacy_other_3": "<0>dnscrypt-proxy</0> tukee <1>DNS-over-HTTPS</1> -protokollaa.",
+    "setup_dns_privacy_other_4": "<0>Mozilla Firefox</0> tukee <1>DNS-over-HTTPS</1>-toteutusta.",
+    "setup_dns_privacy_other_5": "Löydät lisää toteutuksia <0>täältä</0> ja <1>täältä</1>.",
+    "setup_dns_privacy_ioc_mac": "iOS ja macOS -asetukset",
+    "setup_dns_notice": "<1>DNS-over-HTTPS</1> tai <1>DNS-over-TLS</1> -toteutuksia varten, on AdGuard Homen <0>Salausasetukset</0> määritettävä.",
+    "rewrite_added": "Kohteen \"{{key}}\" DNS-uudelleenohjaus lisättiin",
+    "rewrite_deleted": "Kohteen \"{{key}}\" DNS-uudelleenohjaus poistettiin",
+    "rewrite_add": "Lisää DNS-uudelleenohjaus",
+    "rewrite_not_found": "DNS-uudelleenohjauksia ei löytynyt",
+    "rewrite_confirm_delete": "Haluatko varmasti poistaa DNS-uudelleenohjauksen kohteelle \"{{key}}\"?",
+    "rewrite_desc": "Mahdollistaa oman DNS-vastauksen helpon määrityksen tietylle verkkotunnukselle.",
+    "rewrite_applied": "Uudelleenohjattu säännöllä",
+    "rewrite_hosts_applied": "Hosts-tiedoston säännön korvaama",
+    "dns_rewrites": "DNS-uudelleenohjaukset",
+    "form_domain": "Syötä verkkotunnus tai jokerimerkki",
+    "form_answer": "Syötä IP-osoite tai verkkotunnus",
+    "form_error_domain_format": "Virheellinen verkkotunnuksen muoto",
+    "form_error_answer_format": "Virheellinen vastauksen muoto",
+    "configure": "Määritä",
+    "main_settings": "Pääasetukset",
+    "block_services": "Estä tietyt palvelut",
+    "blocked_services": "Estetyt palvelut",
+    "blocked_services_desc": "Mahdollistaa suosittujen sivustojen ja palveluiden nopean eston.",
+    "blocked_services_saved": "Estetyt palvelut tallennettiin",
+    "blocked_services_global": "Käytä yleisiä estettyjä palveluita",
+    "blocked_service": "Estetty palvelu",
+    "block_all": "Estä kaikki",
+    "unblock_all": "Salli kaikki",
+    "encryption_certificate_path": "Varmenteen sijainti",
+    "encryption_private_key_path": "Yksityisen avaimen sijainti",
+    "encryption_certificates_source_path": "Määritä varmennetiedoston sijainti",
+    "encryption_certificates_source_content": "Liitä varmenteen sisältö",
+    "encryption_key_source_path": "Määritä yksityisen avaimen tiedosto",
+    "encryption_key_source_content": "Liitä yksityisen avaimen sisältö",
+    "stats_params": "Tilastoinnin määritys",
+    "config_successfully_saved": "Asetukset tallennettiin",
+    "interval_6_hour": "6 tuntia",
+    "interval_24_hour": "24 tuntia",
+    "interval_days": "{{count}} päivä",
+    "interval_days_plural": "{{count}} päivää",
+    "domain": "Verkkotunnus",
+    "punycode": "Punycode",
+    "answer": "Vastaus",
+    "filter_added_successfully": "Lista lisättiin",
+    "filter_removed_successfully": "Lista poistettiin",
+    "filter_updated": "Listan päivitettiin",
+    "statistics_configuration": "Tilastoinnin määritys",
+    "statistics_retention": "Tilastojen säilytys",
+    "statistics_retention_desc": "Jos aikaa lyhennetään, joitakin tietoja menetetään.",
+    "statistics_clear": "Tyhjennä tilastot",
+    "statistics_clear_confirm": "Haluatko varmasti tyhjentää tilastot?",
+    "statistics_retention_confirm": "Haluatko varmasti muuttaa tilastojen säilytysaikaa? Jos aikaa lyhennetään, joitakin tietoja menetetään.",
+    "statistics_cleared": "Tilastot tyhjennettiin",
+    "statistics_enable": "Ota tilastointi käyttöön",
+    "interval_hours": "{{count}} tunti",
+    "interval_hours_plural": "{{count}} tuntia",
+    "filters_configuration": "Suodatinten määritys",
+    "filters_enable": "Ota suodattimet käyttöön",
+    "filters_interval": "Suodatinpäivitysten tiheys",
+    "disabled": "Ei käytössä",
+    "username_label": "Käyttäjätunnus",
+    "username_placeholder": "Syötä käyttäjätunnus",
+    "password_label": "Salasana",
+    "password_placeholder": "Syötä salasana",
+    "sign_in": "Kirjaudu",
+    "sign_out": "Kirjaudu ulos",
+    "forgot_password": "Salasana unohtunut?",
+    "forgot_password_desc": "Luo käyttäjätilillesi uusi salasana seuraamalla <0>näitä ohjeita</0>.",
+    "location": "Sijainti",
+    "orgname": "Organisaation nimi",
+    "netname": "Verkon nimi",
+    "network": "Verkko",
+    "descr": "Kuvaus",
+    "whois": "Whois",
+    "filtering_rules_learn_more": "<0>Lue lisää</0> omien hosts-listojesi luonnista.",
+    "blocked_by_response": "Vastauksen sisältämän CNAME:n tai IP:n estämä",
+    "blocked_by_cname_or_ip": "CNAME:n tai IP:n estämä",
+    "try_again": "Yritä uudelleen",
+    "domain_desc": "Syötä korvattava verkkotunnus tai jokerimerkki.",
+    "example_rewrite_domain": "korvaa vain tämän verkkotunnuksen vastaukset",
+    "example_rewrite_wildcard": "korvaa verkkotunnuksen <0>example.org</0> kaikkien aliverkkotunnusten vastaukset",
+    "rewrite_ip_address": "IP-osoite: käytä tätä IP-osoitetta A tai AAAA -vastauksessa.",
+    "rewrite_domain_name": "Verkkotunnus: lisää CNAME-tietue.",
+    "rewrite_A": "<0>A</0>: erityinen arvo, säilytä ylävirran <0>A</0>-tiedot",
+    "rewrite_AAAA": "<0>AAAA</0>: erityinen arvo, säilytä ylävirran <0>AAAA</0>-tiedot",
+    "disable_ipv6": "Älä selvitä IPv6-osoitteita",
+    "disable_ipv6_desc": "Hylkää kaikki IPv6-osoitteiden DNS-pyynnöt (tyyppi AAAA).",
+    "fastest_addr": "Nopein IP-osoite",
+    "fastest_addr_desc": "Lähetä pyynnöt kaikille DNS-palvelimille ja valitse vastauksista nopein IP-osoite. Tämä parantaa yleistä liitettävyyttä, joskin hidastaa DNS-pyyntöjä, koska AdGuard Homen on odotettava kaikkien DNS-palvelinten vastauksia.",
+    "autofix_warning_text": "Jos painat \"Korjaa\", AdGuard Home määrittää järjestelmäsi käyttämään AdGuard Homen DNS-palvelinta.",
+    "autofix_warning_list": "Suorittaa toiminnot: <0>Poistaa käytöstä järjestelmän DNSStubListener-palvelun</0> <0>Määrittää DNS-palvelimen osoitteeksi 127.0.0.1</0> <0>Muuttaa sijainnnin /etc/resolv.conf symbolisen linkin kohteeksi /run/systemd/resolve/resolv.conf</0> <0>Pysäyttää DNSStubListener-palvelun (uudelleenlataa systemd-resolved -palvelu)</0>",
+    "autofix_warning_result": "Tämän jälkeen järjestelmäsi kaikki DNS-pyynnöt käsittelee oletusarvoisesti AdGuard Home.",
+    "tags_title": "Tunnisteet",
+    "tags_desc": "Voit valita päätelaitteeseen viittaavia tunnisteita. Tunnisteet voidaan sisällyttää suodatussääntöihin ja näin voit kohdistaa niitä tarkemmin. <0>Lue lisää</0>",
+    "form_select_tags": "Valitse päätelaitteen tunnisteet",
+    "check_title": "Tarkasta suodatus",
+    "check_desc": "Tarkasta suodatetaanko isäntänimeä",
+    "check": "Tarkasta",
+    "form_enter_host": "Syötä osoite",
+    "filtered_custom_rules": "Suodatettu omilla suodatussäännöillä",
+    "choose_from_list": "Valitse listalta",
+    "add_custom_list": "Lisää oma lista",
+    "host_whitelisted": "Isäntä on sallittu",
+    "check_ip": "IP-osoitteet: {{ip}}",
+    "check_cname": "CNAME: {{cname}}",
+    "check_reason": "Syy: {{reason}}",
+    "check_service": "Palvelun nimi: {{service}}",
+    "service_name": "Palvelun nimi",
+    "check_not_found": "Ei löytynyt suodatinlistoilta",
+    "client_confirm_block": "Haluatko varmasti estää päätelaitteen \"{{ip}}\"?",
+    "client_confirm_unblock": "Haluatko varmasti sallia päätelaitteen \"{{ip}}\"?",
+    "client_blocked": "Päätelaite \"{{ip}}\" estettiin",
+    "client_unblocked": "Päätelaite \"{{ip}}\" sallittiin",
+    "static_ip": "Kiiteä IP-osoite",
+    "static_ip_desc": "AdGuard Home on palvelin, joten se tarvitsee kiinteän IP-osoitteen toimiakseen oikein. Muutoin reitittimesi saattaa määrittää sille jossakin vaiheessa uuden, dynaamisen IP-osoitteen.",
+    "set_static_ip": "Määritä kiinteä IP-osoite",
+    "install_static_ok": "Hyviä uutisia! Kiinteä IP-osoite on jo määritetty.",
+    "install_static_error": "AdGuard Home ei voi määrittää sitä tälle verkkosovittimelle automaattisesti. Etsi ohjeita tämän suorittamiseksi itse.",
+    "install_static_configure": "AdGuard Home havaitsi, että käytössä on dynaaminen IP-osoitteen <0>{{ip}}</0>. Haluatko määrittää sen kiinteäksi osoitteeksi?",
+    "confirm_static_ip": "AdGuard Home määrittää IP-osoitteen {{ip}} kiinteäksi. Haluatko jatkaa?",
+    "list_updated": "{{count}} lista päivitettiin",
+    "list_updated_plural": "{{count}} listaa päivitettiin",
+    "dnssec_enable": "Ota DNSSEC käyttöön",
+    "dnssec_enable_desc": "Määritä DNSSEC-lippu ulos lähteville DNS-pyynnöille ja tarkasta tulos (vaatii DNSSEC-yhteensopivan resolverin).",
+    "validated_with_dnssec": "DNSSEC-vahvistettu",
+    "all_queries": "Kaikki pyynnöt",
+    "show_blocked_responses": "Estetyt",
+    "show_whitelisted_responses": "Sallitut",
+    "show_processed_responses": "Käsitelty",
+    "blocked_safebrowsing": "Turvallisen selauksen estämät",
+    "blocked_adult_websites": "Estetyt aikuisille tarkoitetut sivustot",
+    "blocked_threats": "Estetyt uhat",
+    "allowed": "Sallitut",
+    "filtered": "Suodatetut",
+    "rewritten": "Uudelleenohjatut",
+    "safe_search": "Turvallinen haku",
+    "blocklist": "Estolista",
+    "milliseconds_abbreviation": "ms",
+    "cache_size": "Välimuistin koko",
+    "cache_size_desc": "DNS-välimuistin koko (tavuina)",
+    "cache_ttl_min_override": "Korvaa vähimmäis-TTL",
+    "cache_ttl_max_override": "Korvaa enimmäis-TTL",
+    "enter_cache_size": "Syötä välimuistin koko (tavuina)",
+    "enter_cache_ttl_min_override": "Syötä vähimmäis-TTL (sekunteina)",
+    "enter_cache_ttl_max_override": "Syötä enimmäis-TTL (sekunteina)",
+    "cache_ttl_min_override_desc": "Pidennä ylävirran palvelimelta vastaanotettuja, lyhyitä time-to-live -arvoja (sekunteina) tallennettaessa DNS-vastauksia välimuistiin.",
+    "cache_ttl_max_override_desc": "Määritä DNS-välimuistin kohteiden suurin time-to-live -arvo (sekunteina)",
+    "ttl_cache_validation": "Välimuistin TTL-vähimmäisarvon tulee olla pienempi tai sama kuin enimmäisarvon",
+    "cache_optimistic": "Optimistinen välimuisti",
+    "cache_optimistic_desc": "Pakota AdGuard Home vastaamaan välimuistista vaikka sen tiedot olisivat vanhentuneet. Pyri samalla myös päivittämään tiedot.",
+    "filter_category_general": "Yleiset",
+    "filter_category_security": "Turvallisuus",
+    "filter_category_regional": "Alueelliset",
+    "filter_category_other": "Muut",
+    "filter_category_general_desc": "Listat, jotka estävät seurannan ja mainokset useimmilla laitteilla",
+    "filter_category_security_desc": "Tietojenkalastelu-, huijaus- ja muiden haitallisten verkkotunnusten estoon erikoistuneet listat",
+    "filter_category_regional_desc": "Listat, jotka painottavat alueellisia mainoksia ja seurantapalvelimia",
+    "filter_category_other_desc": "Muut estolistat",
+    "setup_config_to_enable_dhcp_server": "Määritä asetukset DHCP-palvelimen käyttöönottoa varten",
+    "original_response": "Alkuperäinen vastaus",
+    "click_to_view_queries": "Paina näyttääksesi pyynnöt",
+    "port_53_faq_link": "Portti 53 on usein \"DNSStubListener\" tai \"systemd-resolved\" -palveluiden varaama. Lue <0>nämä ohjeet</0> tämän ratkaisemiseksi.",
+    "adg_will_drop_dns_queries": "AdGuard Home hylkää tämän päätelaitteen DNS-pyynnöt.",
+    "filter_allowlist": "VAROITUS: Toiminto ohittaa \"{{disallowed_rule}}\" -säännön sallittujen päätelaitteiden listalta.",
+    "last_rule_in_allowlist": "Et voi estää tätä päätelaitetta, koska säännön \"{{disallowed_rule}}\" ohitus POISTAA KÄYTÖSTÄ \"Sallitut päätelaitteet\" -listan.",
+    "experimental": "Kokeellinen",
+    "use_saved_key": "Käytä aiemmin tallennettua avainta",
+    "parental_control": "Lapsilukko",
+    "safe_browsing": "Turvallinen selaus",
+    "served_from_cache": "{{value}} <i>(jaettu välimuistista)</i>"
+}

client/src/__locales/fr.json

@@ -36,16 +36,23 @@
     "dhcp_ipv4_settings": "Paramètres IPv4 du DHCP",
     "dhcp_ipv6_settings": "Paramètres IPv6 du DHCP",
     "form_error_required": "Champ requis",
-    "form_error_ip4_format": "Format IPv4 invalide",
-    "form_error_ip6_format": "Format IPv6 invalide",
-    "form_error_ip_format": "Format IPv4 invalide",
-    "form_error_mac_format": "Format MAC invalide",
-    "form_error_client_id_format": "Format d'ID client non valide",
+    "form_error_ip4_format": "Adresse IPv4 invalide",
+    "form_error_ip4_range_start_format": "Adresse de début de plage IPv4 incorrecte",
+    "form_error_ip4_range_end_format": "Adresse de fin de plage IPv4 incorrecte",
+    "form_error_ip4_gateway_format": "Adresse de passerelle IPv4 invalide",
+    "form_error_ip6_format": "Adresse IPv6 invalide",
+    "form_error_ip_format": "Adresse IP invalide",
+    "form_error_mac_format": "Adresse MAC invalide",
+    "form_error_client_id_format": "Identifiant de client invalide",
     "form_error_server_name": "Nom de serveur invalide",
     "form_error_subnet": "Le sous-réseau « {{cidr}} » ne contient pas l'adresse IP « {{ip}} »",
     "form_error_positive": "Doit être supérieur à 0",
-    "form_error_negative": "Doit être égal à 0 ou supérieur",
-    "range_end_error": "Doit être supérieur au début de la gamme",
+    "out_of_range_error": "Doit être hors plage « {{start}} » - « {{end}} »",
+    "lower_range_start_error": "Doit être inférieur au début de plage",
+    "greater_range_start_error": "Doit être supérieur au début de plage",
+    "greater_range_end_error": "Doit être supérieur à la fin de plage",
+    "subnet_error": "Les adresses doivent être dans le même sous-réseau",
+    "gateway_or_subnet_invalid": "Masque de sous-réseau invalide",
     "dhcp_form_gateway_input": "IP de la passerelle",
     "dhcp_form_subnet_input": "Masque de sous-réseau",
     "dhcp_form_range_title": "Rangée des adresses IP",
@@ -193,6 +200,7 @@
     "form_error_url_or_path_format": "Entrez une URL ou le chemin absolu de la liste",
     "custom_filter_rules": "Règles de filtrage d'utilisateur",
     "custom_filter_rules_hint": "Saisissez la règle en une ligne. C'est possible d'utiliser les règles de blocage ou la syntaxe des fichiers hosts.",
+    "system_host_files": "Fichier d'hôtes système",
     "examples_title": "Exemples",
     "example_meaning_filter_block": "bloque l’accès au domaine example.org et à tous ses sous-domaines",
     "example_meaning_filter_whitelist": "débloque l’accès au domaine example.org et à tous ses sous-domaines",
@@ -616,5 +624,8 @@
     "filter_allowlist": "ATTENTION : Cette action exclura également la règle « {{disallowed_rule}} » de la liste des clients autorisés.",
     "last_rule_in_allowlist": "Impossible d’interdire ce client, car l’exclusion de la règle « {{disallowed_rule}} » DÉSACTIVERA la liste des « clients autorisés ».",
     "experimental": "Expérimental",
-    "use_saved_key": "Utiliser la clef précédemment enregistrée"
+    "use_saved_key": "Utiliser la clef précédemment enregistrée",
+    "parental_control": "Contrôle parental",
+    "safe_browsing": "Navigation sécurisée",
+    "served_from_cache": "{{value}} <i>(depuis le cache)</i>"
 }

client/src/__locales/hr.json

@@ -37,6 +37,9 @@
     "dhcp_ipv6_settings": "DHCP IPv6 postavke",
     "form_error_required": "Obavezno polje",
     "form_error_ip4_format": "Nevažeći IPv4 format",
+    "form_error_ip4_range_start_format": "Nepravilan početak ranga IPv4 adresa",
+    "form_error_ip4_range_end_format": "Nepravilan kraj ranga IPv4 adresa",
+    "form_error_ip4_gateway_format": "Nepravilna IPV4 adresa čvora",
     "form_error_ip6_format": "Nevažeći IPv6 format",
     "form_error_ip_format": "Nevažeći format IP adrese",
     "form_error_mac_format": "Nevažeći MAC format",
@@ -44,8 +47,12 @@
     "form_error_server_name": "Nevažeće ime poslužitelja",
     "form_error_subnet": "Podmrežu \"{{cidr}}\" ne sadrži IP adresu \"{{ip}}\"",
     "form_error_positive": "Mora biti veće od 0",
-    "form_error_negative": "Mora biti jednako ili veće od 0",
-    "range_end_error": "Mora biti veće od početne vrijednosti raspona",
+    "out_of_range_error": "Mora biti izvan ranga \"{{start}}\"-\"{{end}}\"",
+    "lower_range_start_error": "Mora biti niže od početnog ranga",
+    "greater_range_start_error": "Mora biti veće od krajnjeg ranga",
+    "greater_range_end_error": "Mora biti veće od krajnjeg ranga",
+    "subnet_error": "Adrese moraju biti iz iste podmreže",
+    "gateway_or_subnet_invalid": "Maska podmreže je neprvilna",
     "dhcp_form_gateway_input": "Gateway IP",
     "dhcp_form_subnet_input": "Subnet maskiranje",
     "dhcp_form_range_title": "Raspon IP adresa",
@@ -193,6 +200,7 @@
     "form_error_url_or_path_format": "Nevažeći URL ili putanja od liste",
     "custom_filter_rules": "Prilagođena pravila filtriranja",
     "custom_filter_rules_hint": "Unesite jedno pravilo po liniji. Možete koristiti sintaksu za pravila blokiranja oglasa ili za hosts datoteke.",
+    "system_host_files": "Datoteke host sustava",
     "examples_title": "Primjeri",
     "example_meaning_filter_block": "blokira pristup domeni example.org kao i svim njenim poddomenama",
     "example_meaning_filter_whitelist": "odblokira pristup domeni example.org kao i svim njenim poddomenama",
@@ -208,7 +216,7 @@
     "example_upstream_sdns": "možete koristiti <0>DNS Stamps</0> za <1>DNSCrypt</1> ili <2>DNS-over-HTTPS</2> rezolvere",
     "example_upstream_tcp": "zadani DNS (putem TCP)",
     "all_lists_up_to_date_toast": "Svi popisi su ažurirani",
-    "updated_upstream_dns_toast": "Ažurirani su upstream DNS poslužitelji",
+    "updated_upstream_dns_toast": "Uzvodni poslužitelji uspješno su spremljeni",
     "dns_test_ok_toast": "Odabrani DNS poslužitelji su trenutno aktivni",
     "dns_test_not_ok_toast": "\"{{key}}\" poslužitelja: ne može se upotrijebiti, provjerite jeste li to ispravno napisali",
     "unblock": "Odblokiraj",
@@ -235,7 +243,7 @@
     "loading_table_status": "Učitavanje...",
     "page_table_footer_text": "Stranica",
     "rows_table_footer_text": "redova",
-    "updated_custom_filtering_toast": "Ažurirana su prilagođena pravila filtriranja",
+    "updated_custom_filtering_toast": "Prilagođena pravila uspješno su spremljena",
     "rule_removed_from_custom_filtering_toast": "Pravilo je uklonjeno iz prilagođenih pravila filtriranja: {{rule}}",
     "rule_added_to_custom_filtering_toast": "Pravilo je dodano u prilagođena pravila filtriranja: {{rule}}",
     "query_log_response_status": "Status: {{value}}",
@@ -306,7 +314,7 @@
     "install_settings_dns_desc": "Potrebno je postaviti uređaj ili router da koristi DNS poslužitelj na sljedećim adresama:",
     "install_settings_all_interfaces": "Sva sučelja",
     "install_auth_title": "Autentikacija",
-    "install_auth_desc": "Izrazito se preporučuje postavljanje autentikacije za web administratorsko sučelje AdGuard Home. Iako je dostupna samo u vašoj lokalnoj mreži, važno je zaštititi je od ne dozvoljenog pristupa.",
+    "install_auth_desc": "Provjera autentičnosti lozinke na web-sučelje AdGuard Home admin mora biti konfigurirana. Čak i ako je AdGuard Home dostupan samo u vašoj lokalnoj mreži, i dalje je važno zaštititi ga od neograničenog pristupa.",
     "install_auth_username": "Korisničko ime",
     "install_auth_password": "Lozinka",
     "install_auth_confirm": "Potvrdi lozinku",
@@ -503,6 +511,7 @@
     "statistics_clear_confirm": "Jeste li sigurni da želite poništiti statistiku?",
     "statistics_retention_confirm": "Jeste li sigurni da želite promijeniti zadržavanje statistike? Ako smanjite vrijednost intervala, neki će podaci biti izgubljeni",
     "statistics_cleared": "Statistika je uspješno uklonjenja",
+    "statistics_enable": "Omogući statistiku",
     "interval_hours": "{{count}} sata/i",
     "interval_hours_plural": "{{count}} sata/i",
     "filters_configuration": "Postavke filtara",
@@ -612,6 +621,11 @@
     "click_to_view_queries": "Kliknite za pregled upita",
     "port_53_faq_link": "Port 53 često zauzimaju usluge \"DNSStubListener\" ili \"systemd-resolved\". Molimo pročitajte <0>ove upute</0> o tome kako to riješiti.",
     "adg_will_drop_dns_queries": "AdGuard Home odbaciti će sve DNS upite od ovog klijenta.",
-    "client_not_in_allowed_clients": "Klijent nije dopušten jer nije na popisu \"Dopuštenih klijenata\".",
-    "experimental": "Eksperimentalno"
+    "filter_allowlist": "UPOZORENJE: Ova akcija će također isključiti pravilo \"{{disallowed_rule}}\" s popisa dopuštenih klijenata.",
+    "last_rule_in_allowlist": "Ovaj klijent nije moguće onemogućiti jer će isključivanje pravila \"{{disallowed_rule}}\" ONEMOGUĆITI popis \"Dopušteni klijenti\".",
+    "experimental": "Eksperimentalno",
+    "use_saved_key": "Korištenje prethodno spremljenog ključa",
+    "parental_control": "Roditeljska zaštita",
+    "safe_browsing": "Sigurno surfanje",
+    "served_from_cache": "{{value}} <i>(dohvaćeno iz predmemorije)</i>"
 }

client/src/__locales/hu.json

@@ -44,8 +44,6 @@
     "form_error_server_name": "Érvénytelen szervernév",
     "form_error_subnet": "A(z) \"{{cidr}}\" alhálózat nem tartalmazza a(z) \"{{ip}}\" IP címet",
     "form_error_positive": "0-nál nagyobbnak kell lennie",
-    "form_error_negative": "Legalább 0-nak kell lennie",
-    "range_end_error": "Nagyobbnak kell lennie, mint a tartomány kezdete",
     "dhcp_form_gateway_input": "Átjáró IP",
     "dhcp_form_subnet_input": "Alhálózati maszk",
     "dhcp_form_range_title": "IP-címek tartománya",
@@ -613,7 +611,7 @@
     "click_to_view_queries": "Kattintson a lekérésekért",
     "port_53_faq_link": "Az 53-as portot gyakran a \"DNSStubListener\" vagy a \"systemd-resolved\" (rendszer által feloldott) szolgáltatások használják. Kérjük, olvassa el <0>ezt az útmutatót</0> a probléma megoldásához.",
     "adg_will_drop_dns_queries": "Az AdGuard Home eldobja az összes DNS kérést erről a kliensről.",
-    "client_not_in_allowed_clients": "Ez a kliens nincs engedélyezve, mivel nincs rajta az \"Engedélyezett kliensek\" listáján.",
     "experimental": "Kísérleti",
-    "use_saved_key": "Előzőleg mentett kulcs használata"
+    "use_saved_key": "Előzőleg mentett kulcs használata",
+    "parental_control": "Szülői felügyelet"
 }

client/src/__locales/id.json

@@ -36,16 +36,10 @@
     "dhcp_ipv4_settings": "Pengaturan DHCP IPv4",
     "dhcp_ipv6_settings": "Pengaturan DHCP IPv6",
     "form_error_required": "Kolom yang harus diisi",
-    "form_error_ip4_format": "Format IPv4 tidak valid",
-    "form_error_ip6_format": "Format IPv6 tidak valid",
-    "form_error_ip_format": "Format IPv4 tidak valid",
-    "form_error_mac_format": "Format MAC tidak valid",
-    "form_error_client_id_format": "Format client ID tidak valid",
+    "form_error_ip_format": "Alamat IP salah",
     "form_error_server_name": "Nama server tidak valid",
     "form_error_subnet": "Subnet \"{{cidr}}\" tidak berisi alamat IP \"{{ip}}\"",
     "form_error_positive": "Harus lebih dari 0",
-    "form_error_negative": "Harus berjumlah 0 atau lebih besar dari 0",
-    "range_end_error": "Harus lebih besar dari rentang awal",
     "dhcp_form_gateway_input": "IP gateway",
     "dhcp_form_subnet_input": "Subnet mask",
     "dhcp_form_range_title": "Rentang alamat IP",
@@ -208,7 +202,6 @@
     "example_upstream_sdns": "anda bisa menggunakan <0>Stempel DNS</0> untuk <1>DNSCrypt</1> atau pengarah <2>DNS-over-HTTPS</2>",
     "example_upstream_tcp": "DNS reguler (melalui TCP)",
     "all_lists_up_to_date_toast": "Semua daftar sudah diperbarui",
-    "updated_upstream_dns_toast": "Server DNS hulu terbarui",
     "dns_test_ok_toast": "Server DNS yang ditentukan bekerja dengan benar",
     "dns_test_not_ok_toast": "Server \"{{key}}\": tidak dapat digunakan, mohon cek bahwa Anda telah menulisnya dengan benar",
     "unblock": "Buka Blokir",
@@ -306,7 +299,6 @@
     "install_settings_dns_desc": "Anda perlu mengkonfigurasi perangkat atau router anda untuk menggunakan server DNS berikut ini",
     "install_settings_all_interfaces": "Semua antarmuka",
     "install_auth_title": "Otentikasi",
-    "install_auth_desc": "Sangat disarankan untuk mengkonfigurasi otentikasi kata sandi ke antarmuka web admin AdGuard Home Anda. Meskipun hanya dapat diakses di jaringan lokal Anda, tetap penting untuk melindunginya dari akses tak terbatas.",
     "install_auth_username": "Nama Pengguna",
     "install_auth_password": "Kata Sandi",
     "install_auth_confirm": "Konfirmasi kata sandi",
@@ -612,7 +604,7 @@
     "click_to_view_queries": "Klik untuk lihat permintaan",
     "port_53_faq_link": "Port 53 sering ditempati oleh layanan \"DNSStubListener\" atau \"systemd-resolved\". Silakan baca <0>instruksi ini</0> tentang cara menyelesaikan ini.",
     "adg_will_drop_dns_queries": "AdGuard Home akan menghapus semua permintaan DNS dari klien ini.",
-    "client_not_in_allowed_clients": "Klien tidak diizinkan karena tidak ada dalam daftar \"Klien yang diizinkan\".",
     "experimental": "Eksperimental",
-    "use_saved_key": "Gunakan kunci yang disimpan sebelumnya"
+    "use_saved_key": "Gunakan kunci yang disimpan sebelumnya",
+    "parental_control": "Kontrol orang tua"
 }

client/src/__locales/it.json

@@ -27,7 +27,7 @@
     "dhcp_description": "Se il tuo router non supporta la configurazione delle impostazioni del DHCP puoi utilizzare il server DHCP incluso in AdGuard.",
     "dhcp_enable": "Attiva server DHCP",
     "dhcp_disable": "Disattiva server DHCP",
-    "dhcp_not_found": "È sicuro attivare il server DHCP integrato poiché AdGuard Home non ha rilevato alcun server DHCP attivo sulla rete. Tuttavia, dovresti effettuare un ricontrollo manuale poiché la ricerca automatica attualmente non garantisce un\\'affidabilità del 100%.",
+    "dhcp_not_found": "È sicuro attivare il server DHCP integrato poiché AdGuard Home non ha rilevato alcun server DHCP attivo sulla rete. Tuttavia, dovresti effettuare un ricontrollo manuale poiché la ricerca automatica attualmente non garantisce un'affidabilità del 100%.",
     "dhcp_found": "Trovati server DHCP attivi nella rete. Non è consigliato attivare il server DHCP built-in",
     "dhcp_leases": "Leases DHCP",
     "dhcp_static_leases": "Leases DHCP statici",
@@ -36,16 +36,23 @@
     "dhcp_ipv4_settings": "Impostazioni DHCP IPv4",
     "dhcp_ipv6_settings": "Impostazioni DHCP IPv6",
     "form_error_required": "Campo richiesto",
-    "form_error_ip4_format": "Formato IPv4 non valido",
-    "form_error_ip6_format": "Formato IPv6 non valido",
-    "form_error_ip_format": "Formato IPv4 non valido",
-    "form_error_mac_format": "Formato MAC non valido",
-    "form_error_client_id_format": "Formato ID cliente non valido",
+    "form_error_ip4_format": "Indirizzo IPv4 non valido",
+    "form_error_ip4_range_start_format": "Indirizzo IPV4 non valido dell'intervallo iniziale",
+    "form_error_ip4_range_end_format": "Indirizzo IPV4 non valido dell'intervallo finale",
+    "form_error_ip4_gateway_format": "Indirizzo gateway IPv4 non valido",
+    "form_error_ip6_format": "Indirizzo IPv6 non valido",
+    "form_error_ip_format": "Indirizzo IP non valido",
+    "form_error_mac_format": "Indirizzo MAC non valido",
+    "form_error_client_id_format": "ID cliente non valido",
     "form_error_server_name": "Nome server non valido",
-    "form_error_subnet": "La subnet \"{{cidr}}\" non contiene l\\'indirizzo IP \"{{ip}}\"",
+    "form_error_subnet": "La subnet \"{{cidr}}\" non contiene l'indirizzo IP \"{{ip}}\"",
     "form_error_positive": "Deve essere maggiore di 0",
-    "form_error_negative": "Deve essere maggiore o uguale a 0 (zero)",
-    "range_end_error": "Deve essere maggiore dell'intervallo di inizio",
+    "out_of_range_error": "Deve essere fuori intervallo \"{{start}}\"-\"{{end}}\"",
+    "lower_range_start_error": "Deve essere inferiore dell'intervallo di inizio",
+    "greater_range_start_error": "Deve essere maggiore dell'intervallo di inizio",
+    "greater_range_end_error": "Deve essere maggiore dell'intervallo di fine",
+    "subnet_error": "Gli indirizzi devono trovarsi in una sottorete",
+    "gateway_or_subnet_invalid": "Maschera di sottorete non valida",
     "dhcp_form_gateway_input": "IP Gateway",
     "dhcp_form_subnet_input": "Maschera di sottorete",
     "dhcp_form_range_title": "Intervallo di indirizzi IP",
@@ -62,7 +69,7 @@
     "dhcp_warning": "Se desideri attivare il server DHCP integrato, assicurati che non vi siano altri server DHCP attivi, ciò potrebbe causare problemi di connessione alla rete per i dispositivi collegati!",
     "dhcp_error": "AdGuard Home non può determinare se è presente un altro server DHCP attivo nella rete.",
     "dhcp_static_ip_error": "Per utilizzare il server DHCP è necessario impostare un indirizzo IP statico. AdGuard Home non è riuscito a determinare se questa interfaccia di rete è configurata utilizzando un indirizzo IP statico. Ti preghiamo di impostare manualmente un indirizzo IP statico.",
-    "dhcp_dynamic_ip_found": "Il tuo sistema utilizza una configurazione di indirizzi IP dinamici per l\\'interfaccia <0>{{interfaceName}}</0>. Per poter utilizzare un server DHCP, è necessario impostare un indirizzo IP statico. Il tuo indirizzo IP attuale è <0>{{ipAddress}}</0>. AdGuard Home imposterà automaticamente questo indirizzo come statico quando cliccherai il pulsante \"Attiva server DHCP\".",
+    "dhcp_dynamic_ip_found": "Il tuo sistema utilizza una configurazione di indirizzi IP dinamici per l'interfaccia <0>{{interfaceName}}</0>. Per poter utilizzare un server DHCP, è necessario impostare un indirizzo IP statico. Il tuo indirizzo IP attuale è <0>{{ipAddress}}</0>. AdGuard Home imposterà automaticamente questo indirizzo come statico quando cliccherai il pulsante \"Attiva server DHCP\".",
     "dhcp_lease_added": "Lease statici \"{{key}}\" aggiunti correttamente",
     "dhcp_lease_deleted": "Lease statico \"{{key}}\" eliminato correttamente",
     "dhcp_new_static_lease": "Nuovo lease statico",
@@ -123,7 +130,7 @@
     "number_of_dns_query_days": "Numero di richieste DNS elaborate negli ultimi {{count}} giorni",
     "number_of_dns_query_days_plural": "Numero di richieste DNS elaborate negli ultimi {{count}} giorni",
     "number_of_dns_query_24_hours": "Numero di richieste DNS elaborate nelle ultime 24 ore",
-    "number_of_dns_query_blocked_24_hours": "Numero di richieste DNS bloccate dai filtri per annunci e dalle liste di blocco host",
+    "number_of_dns_query_blocked_24_hours": "Numero di richieste DNS bloccate dai filtri per annunci e dagli elenchi di blocco host",
     "number_of_dns_query_blocked_24_hours_by_sec": "Numero di richieste DNS bloccate dal modulo sicurezza di navigazione di AdGuard",
     "number_of_dns_query_blocked_24_hours_adult": "Numero di siti web per adulti bloccati",
     "enforced_save_search": "Ricerca sicura forzata",
@@ -133,7 +140,7 @@
     "block_domain_use_filters_and_hosts": "Blocca domini utilizzando filtri e file hosts",
     "filters_block_toggle_hint": "Puoi impostare le regole di blocco nelle impostazioni dei <a>Filtri</a>.",
     "use_adguard_browsing_sec": "Utilizza il servizio web AdGuard 'sicurezza di navigazione'",
-    "use_adguard_browsing_sec_hint": "AdGuard Home verificherà se il dominio è bloccato dal servizio web di sicurezza della navigazione. Utilizzerà l\\'API di ricerca rispettosa della privacy per eseguire il controllo: solo un breve prefisso hash SHA256 del nome di dominio viene inviato al server.",
+    "use_adguard_browsing_sec_hint": "AdGuard Home verificherà se il dominio è bloccato dal servizio web di sicurezza della navigazione. Utilizzerà l'API di ricerca rispettosa della privacy per eseguire il controllo: solo un breve prefisso hash SHA256 del nome di dominio viene inviato al server.",
     "use_adguard_parental": "Utilizza il Controllo Parentale di AdGuard",
     "use_adguard_parental_hint": "AdGuard Home verificherà se il dominio contiene materiale per adulti. Utilizza le stesse API privacy-friendly del servizio web 'sicurezza di navigazione'.",
     "enforce_safe_search": "Utilizza ricerca sicura",
@@ -141,7 +148,7 @@
     "no_servers_specified": "Nessun server specificato",
     "general_settings": "Impostazioni generali",
     "dns_settings": "Impostazioni DNS",
-    "dns_blocklists": "Lista nera DNS",
+    "dns_blocklists": "Liste nere DNS",
     "dns_allowlists": "Liste bianche DNS",
     "dns_blocklists_desc": "AdGuard Home bloccherà i domini che corrispondenti alla lista nera.",
     "dns_allowlists_desc": "I domini DNS nelle liste bianche saranno consentiti anche fossero presenti in una delle liste nere.",
@@ -173,29 +180,30 @@
     "delete_table_action": "Elimina",
     "elapsed": "Trascorso",
     "filters_and_hosts_hint": "AdGuard Home è in grado di comprendere la sintassi delle regole blocca-annunci o quelle dei file hosts.",
-    "no_blocklist_added": "Non è stata aggiunta alcuna lista di blocco",
-    "no_whitelist_added": "Non è stata aggiunta alcuna Lista bianca",
-    "add_blocklist": "Aggiungi lista di blocco",
-    "add_allowlist": "Aggiungi Lista bianca",
+    "no_blocklist_added": "Non è stata aggiunta alcuna lista nera",
+    "no_whitelist_added": "Non è stata aggiunta alcuna lista bianca",
+    "add_blocklist": "Aggiungi lista nera",
+    "add_allowlist": "Aggiungi lista bianca",
     "cancel_btn": "Annulla",
     "enter_name_hint": "Inserisci nome",
-    "enter_url_or_path_hint": "Inmetti un URL o il percorso assoluto della lista",
+    "enter_url_or_path_hint": "Inmetti un URL o il percorso assoluto dell'elenco",
     "check_updates_btn": "Ricerca aggiornamenti",
-    "new_blocklist": "Nuova lista di blocco",
-    "new_allowlist": "Nuova Lista bianca",
-    "edit_blocklist": "Modifica lista di blocco",
-    "edit_allowlist": "Modifica Lista bianca",
-    "choose_blocklist": "Scegli liste di blocco",
+    "new_blocklist": "Nuova lista nera",
+    "new_allowlist": "Nuova lista bianca",
+    "edit_blocklist": "Modifica lista nera",
+    "edit_allowlist": "Modifica lista bianca",
+    "choose_blocklist": "Scegli liste nere",
     "choose_allowlist": "Scegli liste bianche",
-    "enter_valid_blocklist": "Inserisci un URL valido nella lista di blocco.",
-    "enter_valid_allowlist": "Inserisci un URL valido nella Lista bianca.",
+    "enter_valid_blocklist": "Inserisci un URL valido alla lista nera.",
+    "enter_valid_allowlist": "Inserisci un URL valido alla lista bianca.",
     "form_error_url_format": "Formato url non valido",
-    "form_error_url_or_path_format": "URL o percorso assoluto della lista non valido",
+    "form_error_url_or_path_format": "URL o percorso assoluto dell'elenco non validi",
     "custom_filter_rules": "Regole filtri personalizzate",
     "custom_filter_rules_hint": "Inserisci una regola per riga. Puoi utilizzare la sintassi delle regole blocca-annunci o quelle dei file hosts.",
+    "system_host_files": "File host di sistema",
     "examples_title": "Esempi",
     "example_meaning_filter_block": "blocca accesso al dominio example.org e a tutti i suoi sottodomini",
-    "example_meaning_filter_whitelist": "consente l\\'accesso al dominio esempio.org e a tutti i relativi sottodomini",
+    "example_meaning_filter_whitelist": "consente l'accesso al dominio esempio.org e a tutti i relativi sottodomini",
     "example_meaning_host_block": "AdGuard Home restituirà 127.0.0.1 come indirizzo per il dominio example.org (ma non per i suoi sottodomini)",
     "example_comment": "! Qui va un commento",
     "example_comment_meaning": "un commento",
@@ -207,7 +215,7 @@
     "example_upstream_doq": "<0>DNS su QUIC</0> crittografato",
     "example_upstream_sdns": "puoi utilizzare <0>DNS Stamps</0> per <1>DNSCrypt</1> oppure dei risolutori <2>DNS-over-HTTPS</2>",
     "example_upstream_tcp": "DNS regolari (via TCP)",
-    "all_lists_up_to_date_toast": "Tutte le liste sono aggiornate",
+    "all_lists_up_to_date_toast": "Tutti gli elenchi sono aggiornati",
     "updated_upstream_dns_toast": "I server upstream sono stati salvati correttamente",
     "dns_test_ok_toast": "I server DNS specificati funzionano correttamente",
     "dns_test_not_ok_toast": "Server \"{{key}}\": non può essere utilizzato, assicurati di averlo digitato correttamente",
@@ -281,7 +289,7 @@
     "rate_limit_desc": "Il numero di richieste al secondo consentite da un singolo client. Impostare questo valore a 0 rimuove le limitazioni.",
     "blocking_ipv4_desc": "Indirizzo IP per una richiesta DNS IPv4 bloccata",
     "blocking_ipv6_desc": "Indirizzo IP restituito per una richiesta DNS IPv6 bloccata",
-    "blocking_mode_default": "Risponde con un indirizzo IP pari a zero (0.0.0.0 per A; :: per AAAA) quando bloccato da una regola in stile Blocca-annunci; risponde con l\\'indirizzo IP specificato nella regola quando bloccato da una regola in stile /etc/hosts",
+    "blocking_mode_default": "Risponde con un indirizzo IP pari a zero (0.0.0.0 per A; :: per AAAA) quando bloccato da una regola in stile Blocca-annunci; risponde con l'indirizzo IP specificato nella regola quando bloccato da una regola in stile /etc/hosts",
     "blocking_mode_refused": "REFUSED: Risposta con codice di REFUSED",
     "blocking_mode_nxdomain": "NXDOMAIN: Rispondi con il codice NXDOMAIN",
     "blocking_mode_null_ip": "IP nullo: Rispondi con indirizzo IP zero (0.0.0.0 per A; :: per AAAA)",
@@ -292,7 +300,7 @@
     "found_in_known_domain_db": "Trovato nel database dei domini conosciuti.",
     "category_label": "Categoria",
     "rule_label": "Regola(e)",
-    "list_label": "Lista",
+    "list_label": "Elenco",
     "unknown_filter": "Filtro sconosciuto {{filterId}}",
     "known_tracker": "Tracker conosciuto",
     "install_welcome_title": "Benvenuto nella Home di AdGuard!",
@@ -306,7 +314,7 @@
     "install_settings_dns_desc": "Sarà necessario configurare i dispositivi o il router per utilizzare il server DNS nei seguenti indirizzi:",
     "install_settings_all_interfaces": "Tutte le interfacce",
     "install_auth_title": "Autenticazione",
-    "install_auth_desc": "L\\'autenticazione con password sulla tua interfaccia web da amministratore di AdGuard Home dev\\'esser configurata. Anche se AdGuard Home è accessibile solo dalla tua rete locale, è comunque importante proteggerlo da accessi non limitati.",
+    "install_auth_desc": "L'autenticazione con password sulla tua interfaccia web da amministratore di AdGuard Home dev'esser configurata. Anche se AdGuard Home è accessibile solo dalla tua rete locale, è comunque importante proteggerlo da accessi non limitati.",
     "install_auth_username": "Nome utente",
     "install_auth_password": "Password",
     "install_auth_confirm": "Conferma password",
@@ -320,7 +328,7 @@
     "install_devices_router": "Router",
     "install_devices_router_desc": "Questa configurazione copre automaticamente tutti i dispositivi collegati al router di casa, non è necessario configurarli manualmente.",
     "install_devices_address": "Il server DNS di AdGuard Home sta ascoltando sui seguenti indirizzi",
-    "install_devices_router_list_1": "Accedi alle preferenze del tuo router. Di solito, puoi farlo dal tuo browser tramite un URL, come http://192.168.0.1/ o http://192.168.1.1/. Potrebbe esserti chiesto di inserire una password. Se non dovessi ricordarla, puoi reimpostare la password premendo un pulsante presente sullo stesso router, ma tieni presente che scegliendo questa procedura, probabilmente perderai l\\'intera configurazione del router. Se il tuo router necessitasse di un\\'app per configurarlo, installala sul tuo telefono o PC e utilizzala per accedere alle impostazioni del router.",
+    "install_devices_router_list_1": "Accedi alle preferenze del tuo router. Di solito, puoi farlo dal tuo browser tramite un URL, come http://192.168.0.1/ o http://192.168.1.1/. Potrebbe esserti chiesto di inserire una password. Se non dovessi ricordarla, puoi reimpostare la password premendo un pulsante presente sullo stesso router, ma tieni presente che scegliendo questa procedura, probabilmente perderai l'intera configurazione del router. Se il tuo router necessitasse di un'app per configurarlo, installala sul tuo telefono o PC e utilizzala per accedere alle impostazioni del router.",
     "install_devices_router_list_2": "Trova le impostazioni DHCP / DNS. Cerca le lettere DNS accanto a un campo che consente due o tre serie di numeri, ciascuno suddiviso in quattro gruppi di 1-3 cifre.",
     "install_devices_router_list_3": "Inserisci qui gli indirizzi del tuo server AdGuard Home.",
     "install_devices_router_list_4": "Su alcuni tipi di router, non è possibile configurare un server DNS personalizzato. In tal caso, configurare AdGuard Home come un <0>server DHCP</0> potrebbe aiutare. In alternativa, dovresti leggere il manuale di istruzioni per capire come personalizzare i server DNS sul tuo specifico modello di router.",
@@ -328,20 +336,20 @@
     "install_devices_windows_list_2": "Vai a Rete e categoria Internet e poi a Centro connessioni di rete e condivisione.",
     "install_devices_windows_list_3": "Sul lato sinistro dello schermo, trova \"Cambia impostazioni adattatore\" e clicca su di esso.",
     "install_devices_windows_list_4": "Seleziona la tua connessione attiva, fai clic destro su di essa e scegli Proprietà.",
-    "install_devices_windows_list_5": "Trova \"Protocollo Internet versione 4 (TCP/IPv4)\" (o, per IPv6, \"Protocollo Internet versione 6 (TCP/IPv6)\" nella lista, selezionalo e quindi clicca nuovamente su Proprietà.",
+    "install_devices_windows_list_5": "Trova \"Protocollo Internet versione 4 (TCP/IPv4)\" (o, per IPv6, \"Protocollo Internet versione 6 (TCP/IPv6)\" nell'elenco, selezionalo e quindi clicca nuovamente su Proprietà.",
     "install_devices_windows_list_6": "Scegli \"Utilizza i seguenti indirizzi server DNS\" ed inserisci i tuoi indirizzi server AdGuard Home.",
     "install_devices_macos_list_1": "Fai clic sull'icona Apple e vai su Preferenze di Sistema.",
     "install_devices_macos_list_2": "Clicca sulla rete.",
-    "install_devices_macos_list_3": "Seleziona la prima connessione nel tuo elenco e fai clic su Avanzate.",
+    "install_devices_macos_list_3": "Seleziona la prima connessione nel tuo elenco e clicca su Avanzate.",
     "install_devices_macos_list_4": "Seleziona la scheda DNS e inserisci gli indirizzi del tuo server AdGuard Home",
-    "install_devices_android_list_1": "Dalla schermata Home Menu di Android, tocca Impostazioni.",
-    "install_devices_android_list_2": "Tocca Wi-Fi nel menu. Verrà visualizzata la schermata che elenca tutte le reti disponibili (impossibile impostare il DNS personalizzato per la connessione mobile).",
-    "install_devices_android_list_3": "Premi a lungo la rete a cui sei connesso e tocca Modifica rete.",
+    "install_devices_android_list_1": "Dalla schermata Home Menu di Android, clicca Impostazioni.",
+    "install_devices_android_list_2": "Clicca sulla voce Wi-Fi nel menu. Verrà visualizzata una schermata che elencherà tutte le reti disponibili (sarà impossibile impostare il DNS personalizzato per la connessione mobile).",
+    "install_devices_android_list_3": "Premi a lungo la rete a cui sei connesso e clicca Modifica rete.",
     "install_devices_android_list_4": "Su alcuni dispositivi, potrebbe essere necessario selezionare la casella Avanzate per visualizzare ulteriori impostazioni. Per regolare le impostazioni del tuo DNS Android, dovrai cambiare le impostazioni IP da DHCP a Statico.",
     "install_devices_android_list_5": "Cambia i valori DNS 1 e DNS 2 negli indirizzi del tuo server AdGuard Home.",
-    "install_devices_ios_list_1": "Dalla schermata principale, tocca Impostazioni.",
+    "install_devices_ios_list_1": "Dalla schermata principale, clicca Impostazioni.",
     "install_devices_ios_list_2": "Scegli Wi-Fi nel menu a sinistra (impossibile configurare DNS per reti mobile).",
-    "install_devices_ios_list_3": "Toccare il nome della rete attualmente attiva.",
+    "install_devices_ios_list_3": "Clicca sul nome della rete attualmente attiva.",
     "install_devices_ios_list_4": "Nel campo DNS inserisci gli indirizzi del tuo server AdGuard Home.",
     "get_started": "Inizia",
     "next": "Prossimo",
@@ -380,7 +388,7 @@
     "encryption_reset": "Sei sicuro di voler ripristinare le impostazioni di crittografia?",
     "topline_expiring_certificate": "Il tuo certificato SSL sta per scadere. Aggiorna le<0> Impostazioni di crittografia </ 0>.",
     "topline_expired_certificate": "Il tuo certificato SSL è scaduto. Aggiorna le <0> Impostazioni di crittografia </ 0>.",
-    "form_error_port_range": "Immettere il valore della porta nell\\'intervallo 80-65535",
+    "form_error_port_range": "Immettere il valore della porta nell'intervallo 80-65535",
     "form_error_port_unsafe": "Questa è una porta non sicura",
     "form_error_equal": "Non dovrebbe essere uguale",
     "form_error_password": "Password non corrispondente",
@@ -392,7 +400,7 @@
     "dns_status_error": "Errore nel recupero dello stato del server DNS",
     "down": "Spenta",
     "fix": "Risolvi",
-    "dns_providers": "Qui c\\'è una <0>lista di provider DNS</0> da cui scegliere.",
+    "dns_providers": "Qui c'è un <0>elenco di fornitori DNS conosciuti</0> da cui scegliere.",
     "update_now": "Aggiorna ora",
     "update_failed": "Aggiornamento automatico non riuscito. Ti suggeriamo di <a>seguire questi passaggi</a> per aggiornare manualmente.",
     "processing_update": "Perfavore aspetta, AdGuard Home si sta aggiornando",
@@ -422,15 +430,15 @@
     "client_updated": "Client \"{{key}}\" aggiornato correttamente",
     "clients_not_found": "Nessun client trovato",
     "client_confirm_delete": "Sei sicuro di voler eliminare il client \"{{key}}\"?",
-    "list_confirm_delete": "Sei sicuro di voler eliminare questa lista?",
+    "list_confirm_delete": "Sei sicuro di voler eliminare questo elenco?",
     "auto_clients_title": "Clienti (tempo di esecuzione)",
     "auto_clients_desc": "Dati dei clienti che utilizzano AdGuard Home, ma che non sono salvati nella configurazione",
     "access_title": "Impostazioni di accesso",
     "access_desc": "Qui puoi configurare le regole d'accesso per il server DNS di AdGuard Home.",
     "access_allowed_title": "Client permessi",
-    "access_allowed_desc": "Una lista di CIDR, indirizzi IP o ID client. Se configurata AdGuard Home accetterà richieste solo da questi client.",
+    "access_allowed_desc": "Un elenco di CIDR, indirizzi IP o ID client. Se configurata AdGuard Home accetterà richieste solo da questi client.",
     "access_disallowed_title": "Client non permessi",
-    "access_disallowed_desc": "Una lista di CIDR, indirizzi IP o ID client. Se configurata, AdGuard Home rifiuterà richieste da questi client. Se i client consentiti risulteranno configurati, questo campo verrà ignorato.",
+    "access_disallowed_desc": "Un elenco di CIDR, indirizzi IP o ID client. Se configurata, AdGuard Home rifiuterà richieste da questi client. Se i client consentiti risulteranno configurati, questo campo verrà ignorato.",
     "access_blocked_title": "Domini bloccati",
     "access_blocked_desc": "Da non confondere con i filtri. AdGuard Home eliminerà le richieste DNS corrispondenti a questi domini e queste richieste non verranno visualizzate nel relativo registro. Puoi specificare nomi di dominio esatti, caratteri jolly o regole di filtraggio URL, ad esempio \"esempio.org\", \"*.esempio.org\" o \"||esempio.org^\".",
     "access_settings_saved": "Impostazioni di accesso salvate correttamente",
@@ -493,9 +501,9 @@
     "domain": "Dominio",
     "punycode": "Punycode",
     "answer": "Risposta",
-    "filter_added_successfully": "Il filtro è stato aggiunto correttamente",
-    "filter_removed_successfully": "La lista è stata correttamente rimossa",
-    "filter_updated": "Il filtro è stato aggiornato correttamente",
+    "filter_added_successfully": "L'elenco è stato aggiunto correttamente",
+    "filter_removed_successfully": "L'elenco è stata correttamente rimosso",
+    "filter_updated": "L'elenco è stato aggiornato correttamente",
     "statistics_configuration": "Configurazione delle statistiche",
     "statistics_retention": "Conservazione delle statistiche",
     "statistics_retention_desc": "Se il valore di intervallo dovesse diminuire, alcuni dati andranno persi",
@@ -524,7 +532,7 @@
     "network": "Rete",
     "descr": "Descrizione",
     "whois": "Chi è",
-    "filtering_rules_learn_more": "<0>Leggi altro</0> su come creare le tue liste host.",
+    "filtering_rules_learn_more": "<0>Leggi altro</0> su come creare i tuoi elenchi host.",
     "blocked_by_response": "Bloccato per CNAME o IP in risposta",
     "blocked_by_cname_or_ip": "Bloccato da CNAME o IP",
     "try_again": "Riprova",
@@ -538,7 +546,7 @@
     "disable_ipv6": "Disattiva risoluzione indirizzi IPv6",
     "disable_ipv6_desc": "Elimina tutte le richieste DNS per gli indirizzi IPv6 (tipo AAAA).",
     "fastest_addr": "Indirizzo IP più veloce",
-    "fastest_addr_desc": "Interroga tutti i server DNS e restituisci l\\'indirizzo IP più veloce tra tutte le risposte. Ciò rallenterà le richieste DNS poiché AdGuard Home dovrà attendere le risposte da tutti i server DNS, ma ciò migliorerà complessivamente la connettività.",
+    "fastest_addr_desc": "Interroga tutti i server DNS e restituisci l'indirizzo IP più veloce tra tutte le risposte. Ciò rallenterà le richieste DNS poiché AdGuard Home dovrà attendere le risposte da tutti i server DNS, ma ciò migliorerà complessivamente la connettività.",
     "autofix_warning_text": "Se fai clic su \"Correggi\", AdGuardHome configurerà il tuo sistema per utilizzare il server DNS AdGuardHome.",
     "autofix_warning_list": "Eseguirà queste attività: <0> Disattiva DNSStubListener di sistema </0> <0> Imposta l'indirizzo del server DNS su 127.0.0.1 </0> <0> Sostituisci la destinazione del collegamento simbolico di /etc/resolv.conf su / run / systemd /resolve/resolv.conf </0> <0> Arresta DNSStubListener (ricarica il servizio systemd-resolved) </0>",
     "autofix_warning_result": "Di conseguenza, tutte le richieste DNS dal sistema verranno elaborate da AdGuardHome per impostazione predefinita.",
@@ -550,9 +558,9 @@
     "check": "Controlla",
     "form_enter_host": "Inserisci un nome per l'host",
     "filtered_custom_rules": "Filtrato dalle regole filtro personalizzate",
-    "choose_from_list": "Scegli dalla lista",
-    "add_custom_list": "Aggiungi lista personalizzata",
-    "host_whitelisted": "L\\'host è stato aggiunto alla Lista bianca",
+    "choose_from_list": "Scegli dall'elenco",
+    "add_custom_list": "Aggiungi elenco personalizzato",
+    "host_whitelisted": "L'host è stato aggiunto alla lista bianca",
     "check_ip": "Indirizzi IP: {{ip}}",
     "check_cname": "CNAME: {{cname}}",
     "check_reason": "Motivo: {{reason}}",
@@ -568,16 +576,16 @@
     "set_static_ip": "Imposta un indirizzo IP statico",
     "install_static_ok": "Buone notizie! L'indirizzo IP statico è già configurato",
     "install_static_error": "AdGuard Home non può configurarlo automaticamente per questa interfaccia di rete. Ti suggeriamo di cercare un metodo alternativo per effettuare tale operazione manualmente.",
-    "install_static_configure": "AdGuard Home ha rilevato l\\'utilizzo dell\\'indirizzo IP dinamico <0> {{ip}} </0>. Desideri impostarlo come indirizzo statico?",
+    "install_static_configure": "AdGuard Home ha rilevato l'utilizzo dell'indirizzo IP dinamico <0> {{ip}} </0>. Desideri impostarlo come indirizzo statico?",
     "confirm_static_ip": "AdGuard Home configurerà {{ip}} come indirizzo IP statico. Desideri procedere?",
-    "list_updated": "{{count}} lista aggiornata",
-    "list_updated_plural": "{{count}} liste aggiornate",
+    "list_updated": "{{count}} elenco aggiornato",
+    "list_updated_plural": "{{count}} elenchi aggiornati",
     "dnssec_enable": "Attiva DNSSEC",
     "dnssec_enable_desc": "Imposta il flag DNSSEC sulle richieste DNS in uscita e ne verifica il risultato (è richiesto un risolutore attivo per DNSSEC).",
     "validated_with_dnssec": "Verificato con DNSSEC",
     "all_queries": "Tutte le richieste",
     "show_blocked_responses": "Bloccato",
-    "show_whitelisted_responses": "Aggiunto alla Lista bianca",
+    "show_whitelisted_responses": "Consentito",
     "show_processed_responses": "Processato",
     "blocked_safebrowsing": "Blocco Navigazione sicura",
     "blocked_adult_websites": "Siti per adulti bloccati",
@@ -586,7 +594,7 @@
     "filtered": "Filtrato",
     "rewritten": "Riscritto",
     "safe_search": "Ricerca sicura",
-    "blocklist": "Lista di blocco",
+    "blocklist": "Lista nera",
     "milliseconds_abbreviation": "ms",
     "cache_size": "Dimensioni cache",
     "cache_size_desc": "Dimensioni cache DNS (in byte)",
@@ -604,17 +612,20 @@
     "filter_category_security": "Sicurezza",
     "filter_category_regional": "Regionale",
     "filter_category_other": "Altro",
-    "filter_category_general_desc": "Liste per il blocco dei traccianti e degli annunci sulla maggioranza dei dispositivi",
+    "filter_category_general_desc": "Elenchi per il blocco dei traccianti e degli annunci sulla maggioranza dei dispositivi",
     "filter_category_security_desc": "Elenchi progettati specificamente per bloccare domini malevoli, di phishing o truffa",
-    "filter_category_regional_desc": "Liste focalizzate su annunci regionali e server traccianti",
-    "filter_category_other_desc": "Altre liste di blocco",
-    "setup_config_to_enable_dhcp_server": "Configurazione dell\\'installazione per l\\'attivazione del server DHCP",
+    "filter_category_regional_desc": "Elenchi focalizzati su annunci regionali e server traccianti",
+    "filter_category_other_desc": "Altre liste nere",
+    "setup_config_to_enable_dhcp_server": "Configurazione dell'installazione per l'attivazione del server DHCP",
     "original_response": "Responso originale",
     "click_to_view_queries": "Clicca per visualizzare le richieste",
     "port_53_faq_link": "La Porta 53 è spesso occupata dai servizi \"DNSStubListener\" o \"systemd-resolved\". Ti suggeriamo di leggere <0>queste istruzioni</0> per risolvere il problema.",
     "adg_will_drop_dns_queries": "AdGuard Home eliminerà tutte le richieste DNS da questo client.",
-    "filter_allowlist": "ATTENZIONE: Quest\\'azione escluderà anche la regola \"{{disallowed_rule}}\" dall\\'elenco di clienti consentiti.",
-    "last_rule_in_allowlist": "Impossibile bloccare questo client perché escludere la regola \"{{disallowed_rule}}\" DISATIVERÁ l\\'elenco \"Clienti consentiti\".",
+    "filter_allowlist": "ATTENZIONE: Quest'azione escluderà anche la regola \"{{disallowed_rule}}\" dall'elenco di clienti consentiti.",
+    "last_rule_in_allowlist": "Impossibile bloccare questo client perché escludere la regola \"{{disallowed_rule}}\" DISATIVERÁ l'elenco \"Clienti consentiti\".",
     "experimental": "Sperimentale",
-    "use_saved_key": "Utilizza la chiave salvata in precedenza"
+    "use_saved_key": "Utilizza la chiave salvata in precedenza",
+    "parental_control": "Controllo parentale",
+    "safe_browsing": "Navigazione sicura",
+    "served_from_cache": "{{value}} <i>(fornito dalla cache)</i>"
 }

client/src/__locales/ja.json

@@ -36,16 +36,23 @@
     "dhcp_ipv4_settings": "DHCP IPv4 設定",
     "dhcp_ipv6_settings": "DHCP IPv6 設定",
     "form_error_required": "必須項目",
-    "form_error_ip4_format": "IPv4フォーマットではありません",
-    "form_error_ip6_format": "IPv6フォーマットではありません",
-    "form_error_ip_format": "IPv4フォーマットではありません",
-    "form_error_mac_format": "MACフォーマットではありません",
-    "form_error_client_id_format": "Client IDの形式が無効です",
+    "form_error_ip4_format": "IPv4アドレスが無効です",
+    "form_error_ip4_range_start_format": "範囲開始のIPv4アドレスが無効です",
+    "form_error_ip4_range_end_format": "範囲終了のIPv4アドレスが無効です",
+    "form_error_ip4_gateway_format": "ゲートウェイのIPv4アドレスが無効です",
+    "form_error_ip6_format": "IPv6アドレスが無効です",
+    "form_error_ip_format": "IPアドレスが無効です",
+    "form_error_mac_format": "MACアドレスが無効です",
+    "form_error_client_id_format": "クライアントIDが無効です",
     "form_error_server_name": "サーバ名が無効です",
     "form_error_subnet": "IPアドレス「{{ip}}」はサブネット「{{cidr}}」に含まれていません",
     "form_error_positive": "0より大きい必要があります",
-    "form_error_negative": "0以上である必要があります",
-    "range_end_error": "範囲開始よりも大きくなければなりません",
+    "out_of_range_error": "\"{{start}}\"-\"{{end}}\" の範囲外である必要があります",
+    "lower_range_start_error": "範囲開始よりも低い値である必要があります",
+    "greater_range_start_error": "範囲開始より大きい必要があります",
+    "greater_range_end_error": "範囲終了より大きい必要があります",
+    "subnet_error": "アドレスは１つのサブネット内にある必要があります",
+    "gateway_or_subnet_invalid": "サブネットマスクが無効です",
     "dhcp_form_gateway_input": "ゲートウェイIP",
     "dhcp_form_subnet_input": "サブネットマスク",
     "dhcp_form_range_title": "IPアドレスの範囲",
@@ -193,6 +200,7 @@
     "form_error_url_or_path_format": "リストのURLまたは絶対パスが無効です",
     "custom_filter_rules": "カスタム・フィルタリングルール",
     "custom_filter_rules_hint": "1つの行に1つのルールを入力してください。 広告ブロックルールやhostsファイル構文を使用できます。",
+    "system_host_files": "システムのhostsファイル",
     "examples_title": "例",
     "example_meaning_filter_block": "example.orgドメインとそのすべてのサブドメインへのアクセスをブロックする",
     "example_meaning_filter_whitelist": "example.orgドメインとそのすべてのサブドメインへのアクセスのブロックを解除する",
@@ -616,5 +624,8 @@
     "filter_allowlist": "【注意】このアクションは、許可されたクライアントのリストから「{{disallowed_rule}}」というルールも除外します。",
     "last_rule_in_allowlist": "ルール「{{disallowed_rule}}」を除外すると「許可されたクライアント」リストが無効になるため、このクライアントを拒否することはできません。",
     "experimental": "実験用",
-    "use_saved_key": "以前に保存したキーを使用する"
+    "use_saved_key": "以前に保存したキーを使用する",
+    "parental_control": "ペアレンタルコントロール",
+    "safe_browsing": "セーフブラウジング",
+    "served_from_cache": "{{value}} <i>(キャッシュから応答)</i>"
 }

client/src/__locales/ko.json

@@ -37,6 +37,9 @@
     "dhcp_ipv6_settings": "DHCP IPv6 설정",
     "form_error_required": "필수 필드",
     "form_error_ip4_format": "잘못된 IPv4 형식",
+    "form_error_ip4_range_start_format": "잘못된 범위 시작 IPv4 형식",
+    "form_error_ip4_range_end_format": "잘못된 범위 종료 IPv4 형식",
+    "form_error_ip4_gateway_format": "잘못된 게이트웨이 IPv4 형식",
     "form_error_ip6_format": "잘못된 IPv6 형식",
     "form_error_ip_format": "잘못된 IP 형식",
     "form_error_mac_format": "잘못된 MAC 형식",
@@ -44,8 +47,12 @@
     "form_error_server_name": "유효하지 않은 서버 이름입니다",
     "form_error_subnet": "서브넷 \"{{cidr}}\"에 \"{{ip}}\" IP 주소가 없습니다",
     "form_error_positive": "0보다 커야 합니다",
-    "form_error_negative": "반드시 0 이상이여야 합니다",
-    "range_end_error": "입력 값은 범위의 시작 지점보다 큰 값 이여야 합니다.",
+    "out_of_range_error": "\"{{start}}\"-\"{{end}}\" 범위 밖이어야 합니다",
+    "lower_range_start_error": "범위 시작보다 작은 값이어야 합니다",
+    "greater_range_start_error": "범위 시작보다 큰 값이어야 합니다",
+    "greater_range_end_error": "범위 종료보다 큰 값이어야 합니다",
+    "subnet_error": "주소는 하나의 서브넷 아래에 있어야 합니다",
+    "gateway_or_subnet_invalid": "잘못된 서브넷 마스크",
     "dhcp_form_gateway_input": "게이트웨이 IP",
     "dhcp_form_subnet_input": "서브넷 마스크",
     "dhcp_form_range_title": "IP 주소 범위",
@@ -193,6 +200,7 @@
     "form_error_url_or_path_format": "올바른 URL 또는 목록의 절대 경로가 아닙니다",
     "custom_filter_rules": "커스텀 필터링 규칙",
     "custom_filter_rules_hint": "한 라인에 한 규칙만 입력하세요. 광고 차단 규칙과 호스트 파일 문법 중 하나를 사용할 수 있습니다",
+    "system_host_files": "시스템 호스트 파일",
     "examples_title": "예시",
     "example_meaning_filter_block": "example.org 을 포함한 모든 서브 도메인 접근을 차단합니다",
     "example_meaning_filter_whitelist": "example.org 을 포함한 모든 서브 도메인 접근을 차단 해제합니다.",
@@ -616,5 +624,8 @@
     "filter_allowlist": "경고: 이 경우 허용된 클라이언트 목록에서 '{{disallowed_rule}}' 규칙 또한 제외됩니다.",
     "last_rule_in_allowlist": "'{{disallowed_rule}}' 규칙을 제외하면 '허용된 클라이언트' 목록이 꺼지므로 해당 클라이언트를 제외할 수 없습니다.",
     "experimental": "실험",
-    "use_saved_key": "이전에 저장했던 키 사용하기"
+    "use_saved_key": "이전에 저장했던 키 사용하기",
+    "parental_control": "자녀 보호",
+    "safe_browsing": "안전한 브라우징",
+    "served_from_cache": "{{value}} <i>(캐시에서 제공)</i>"
 }

client/src/__locales/nl.json

@@ -24,7 +24,7 @@
     "unavailable_dhcp": "DHCP is niet beschikbaar",
     "unavailable_dhcp_desc": "AdGuard Home kan geen DHCP-server draaien op uw OS",
     "dhcp_title": "DHCP server (experimenteel!)",
-    "dhcp_description": "Indien je router geen DHCP instellingen heeft,kan je AdGuard's eigen ingebouwde DHCP server gebruiken.",
+    "dhcp_description": "Indien je router geen DHCP instellingen heeft, kan je AdGuard's eigen ingebouwde DHCP server gebruiken.",
     "dhcp_enable": "DHCP server inschakelen",
     "dhcp_disable": "DHCP server uitschakelen",
     "dhcp_not_found": "Het is veilig om de ingebouwde DHCP server in te schakelen omdat AdGuard Home geen actieve DHCP servers vond op het netwerk. We raden je echter aan om het handmatig opnieuw te controleren, omdat onze automatische test momenteel geen 100% garantie geeft.",
@@ -36,16 +36,23 @@
     "dhcp_ipv4_settings": "DHCP IPv4 instellingen",
     "dhcp_ipv6_settings": "DHCP IPv6 instellingen",
     "form_error_required": "Vereist veld",
-    "form_error_ip4_format": "Ongeldig IPv4 formaat",
-    "form_error_ip6_format": "Ongeldig IPv6 formaat",
-    "form_error_ip_format": "Ongeldig IPv4 formaat",
-    "form_error_mac_format": "Ongeldig MAC formaat.",
-    "form_error_client_id_format": "Opmaak cliënt-ID is ongeldig",
+    "form_error_ip4_format": "Ongeldig IPv4-adres",
+    "form_error_ip4_range_start_format": "Ongeldig IPv4-adres start bereik",
+    "form_error_ip4_range_end_format": "Ongeldig IPv4-adres einde bereik",
+    "form_error_ip4_gateway_format": "Ongeldig IPv4-adres van de gateway",
+    "form_error_ip6_format": "Ongeldig IPv6-adres",
+    "form_error_ip_format": "Ongeldig IP-adres",
+    "form_error_mac_format": "Ongeldig MAC-adres",
+    "form_error_client_id_format": "Ongeldige cliënt-ID",
     "form_error_server_name": "Ongeldige servernaam",
     "form_error_subnet": "Subnet “{{cidr}}” bevat niet het IP-adres “{{ip}}”",
     "form_error_positive": "Moet groter zijn dan 0",
-    "form_error_negative": "Moet 0 of hoger dan 0 zijn",
-    "range_end_error": "Moet groter zijn dan het startbereik",
+    "out_of_range_error": "Moet buiten bereik zijn \"{{start}}\"-\"{{end}}\"",
+    "lower_range_start_error": "Moet lager zijn dan begin reeks",
+    "greater_range_start_error": "Moet groter zijn dan begin reeks",
+    "greater_range_end_error": "Moet groter zijn dan einde reeks",
+    "subnet_error": "Adressen moeten in één subnet vallen",
+    "gateway_or_subnet_invalid": "Subnetmasker ongeldig",
     "dhcp_form_gateway_input": "Gateway IP",
     "dhcp_form_subnet_input": "Subnet mask",
     "dhcp_form_range_title": "Bereik van IP adressen",
@@ -193,6 +200,7 @@
     "form_error_url_or_path_format": "Ongeldig URL of pad van de lijst",
     "custom_filter_rules": "Aangepaste filterregels",
     "custom_filter_rules_hint": "Voer één regel op een regel in. U kunt adblock-regels gebruiken of de syntaxis van hosts-bestanden gebruiken.",
+    "system_host_files": "Systeem host-bestanden",
     "examples_title": "Voorbeelden",
     "example_meaning_filter_block": "blokkeer toegang tot het example.org domein en alle subdomeinen",
     "example_meaning_filter_whitelist": "deblokkering van toegang tot het example.org-domein en alle bijbehorende subdomeinen",
@@ -207,7 +215,7 @@
     "example_upstream_doq": "versleutelde <0>DNS-via-QUIC</0>",
     "example_upstream_sdns": "je kunt <0>DNS Stamps</0> voor <1>DNSCrypt</1> of <2>DNS-via-HTTPS</2> oplossingen gebruiken",
     "example_upstream_tcp": "standaard DNS (over TCP)",
-    "all_lists_up_to_date_toast": "Alle lijsten zijn reeds up-to-date",
+    "all_lists_up_to_date_toast": "Alle lijsten zijn reeds actueel",
     "updated_upstream_dns_toast": "Upstream-servers succesvol opgeslagen",
     "dns_test_ok_toast": "Opgegeven DNS-servers werken correct",
     "dns_test_not_ok_toast": "Server \"{{key}}\": kon niet worden gebruikt, controleer of je het correct hebt geschreven",
@@ -378,8 +386,8 @@
     "encryption_issuer": "Uitgever",
     "encryption_hostnames": "Hostnamen",
     "encryption_reset": "Ben je zeker dat je de encryptie instellingen wil resetten?",
-    "topline_expiring_certificate": "Jouw SSL certificaat vervalt binnenkort. Update <0>Encryptie instellingen</0>.",
-    "topline_expired_certificate": "Jouw SSL certificaat is vervallen. Update <0>Encryptie instellingen</0>.",
+    "topline_expiring_certificate": "Jouw SSL-certificaat vervalt binnenkort. Werk de <0>encryptie-instellingen</0> bij.",
+    "topline_expired_certificate": "Jouw SSL-certificaat is vervallen. Werk de <0>encryptie-instellingen</0> bij.",
     "form_error_port_range": "Poort nummer invoeren tussen 80 en 65535",
     "form_error_port_unsafe": "Dit is een onveilige poort",
     "form_error_equal": "Mag niet gelijk zijn",
@@ -394,7 +402,7 @@
     "fix": "Los op",
     "dns_providers": "hier is een <0>lijst of gekende DNS providers</0> waarvan je kan kiezen.",
     "update_now": "Update nu",
-    "update_failed": "Auto-update is mislukt. <a>Volg deze stappen</a> om manueel te updaten.",
+    "update_failed": "Automatisch bijwerken is mislukt. <a>Volg deze stappen</a> om handmatig bij te werken.",
     "processing_update": "Even geduld, AdGuard Home wordt bijgewerkt",
     "clients_title": "Gebruikers",
     "clients_desc": "Configureer apparaten die gebruik maken van AdGuard Home",
@@ -435,7 +443,7 @@
     "access_blocked_desc": "Verwar dit niet met filters. AdGuard Home zal deze DNS-zoekopdrachten niet uitvoeren die deze domeinen in de zoekopdracht bevatten. Hier kan je de exacte domeinnamen, wildcards en URL-filter-regels specifiëren, bijv. \"example.org\", \"*.example.org\" of \"||example.org^\".",
     "access_settings_saved": "Toegangsinstellingen succesvol opgeslagen",
     "updates_checked": "Met succes op updates gecontroleerd",
-    "updates_version_equal": "AdGuard Home is up-to-date",
+    "updates_version_equal": "AdGuard Home is actueel",
     "check_updates_now": "Controleer op updates",
     "dns_privacy": "DNS Privacy",
     "setup_dns_privacy_1": "<0>DNS-via-TLS:</0> Gebruik <1>{{address}}</1> string.",
@@ -616,5 +624,8 @@
     "filter_allowlist": "WAARSCHUWING: Deze actie zal ook de regel \"{{disallowed_rule}}\" uitsluiten van de lijst met toegestane clients.",
     "last_rule_in_allowlist": "Kan deze client niet weigeren omdat het uitsluiten van de regel \"{{disallowed_rule}}\" de lijst \"Toegestane clients\" zal UITSCHAKELEN.",
     "experimental": "Experimenteel",
-    "use_saved_key": "De eerder opgeslagen sleutel gebruiken"
+    "use_saved_key": "De eerder opgeslagen sleutel gebruiken",
+    "parental_control": "Ouderlijk toezicht",
+    "safe_browsing": "Veilig surfen",
+    "served_from_cache": "{{value}} <i>(geleverd vanuit cache)</i>"
 }

client/src/__locales/no.json

@@ -28,8 +28,6 @@
     "form_error_client_id_format": "Ugyldig ID-klientformat",
     "form_error_server_name": "Ugyldig tjenernavn",
     "form_error_positive": "Må være høyere enn 0",
-    "form_error_negative": "Må være ≥0",
-    "range_end_error": "Må være høyere enn rekkeviddens start",
     "dhcp_form_gateway_input": "Gateway-IP",
     "dhcp_form_subnet_input": "Nettverksmaske",
     "dhcp_form_range_title": "Spennvidden til IP-adressene",
@@ -436,6 +434,7 @@
     "encryption_key_source_content": "Lim inn innholdet til den private nøkkelen",
     "stats_params": "Statistikk-oppsett",
     "config_successfully_saved": "Oppsettet ble vellykket lagret",
+    "interval_6_hour": "6 timer",
     "interval_24_hour": "24 timer",
     "interval_days": "{{count}} dag",
     "interval_days_plural": "{{count}} dager",
@@ -555,6 +554,6 @@
     "click_to_view_queries": "Klikk for å vise forespørsler",
     "port_53_faq_link": "Port 53 er ofte opptatt av «DNSStubListener»- eller «systemd-resolved»-tjenestene. Vennligst les <0>denne instruksjonen</0> om hvordan man løser dette.",
     "adg_will_drop_dns_queries": "AdGuard Home vil droppe alle DNS-forespørsler fra denne klienten.",
-    "client_not_in_allowed_clients": "Klienten er ikke tillatt, fordi den ikke er i «Tillatte klienter»-listen.",
-    "experimental": "Eksperimentell"
+    "experimental": "Eksperimentell",
+    "parental_control": "Foreldrekontroll"
 }

client/src/__locales/pl.json

@@ -36,16 +36,23 @@
     "dhcp_ipv4_settings": "Ustawienia serwera DHCP IPv4",
     "dhcp_ipv6_settings": "Ustawienia serwera DHCP IPv6",
     "form_error_required": "Pole jest wymagane",
-    "form_error_ip4_format": "Nieprawidłowy format IPv4",
-    "form_error_ip6_format": "Nieprawidłowy format IPv6",
-    "form_error_ip_format": "Nieprawidłowy format IP",
-    "form_error_mac_format": "Nieprawidłowy format MAC",
-    "form_error_client_id_format": "Nieprawidłowy format identyfikatora klienta",
+    "form_error_ip4_format": "Nieprawidłowy adres IPv4",
+    "form_error_ip4_range_start_format": "Nieprawidłowy adres IPv4 początku zakresu",
+    "form_error_ip4_range_end_format": "Nieprawidłowy adres IPv4 końca zakresu",
+    "form_error_ip4_gateway_format": "Nieprawidłowy adres IPv4 bramy",
+    "form_error_ip6_format": "Nieprawidłowy adres IPv6",
+    "form_error_ip_format": "Nieprawidłowy adres IP",
+    "form_error_mac_format": "Nieprawidłowy adres MAC",
+    "form_error_client_id_format": "Nieprawidłowy ID klienta",
     "form_error_server_name": "Nieprawidłowa nazwa serwera",
     "form_error_subnet": "Podsieć \"{{cidr}}\" nie zawiera adresu IP \"{{ip}}\"",
     "form_error_positive": "Musi być większa niż 0",
-    "form_error_negative": "Musi być równy 0 lub większy",
-    "range_end_error": "Zakres musi być większy niż początkowy",
+    "out_of_range_error": "Musi być spoza zakresu \"{{start}}\"-\"{{end}}\"",
+    "lower_range_start_error": "Musi być niższy niż początek zakresu",
+    "greater_range_start_error": "Musi być większy niż początek zakresu",
+    "greater_range_end_error": "Musi być większy niż koniec zakresu",
+    "subnet_error": "Adresy muszą należeć do jednej podsieci",
+    "gateway_or_subnet_invalid": "Nieprawidłowa maska podsieci",
     "dhcp_form_gateway_input": "Adres IP bramy",
     "dhcp_form_subnet_input": "Maska podsieci",
     "dhcp_form_range_title": "Zakres adresów IP",
@@ -193,6 +200,7 @@
     "form_error_url_or_path_format": "Adres URL lub bezwzględna ścieżka listy jest nieprawidłowa",
     "custom_filter_rules": "Niestandardowe reguły filtrowania",
     "custom_filter_rules_hint": "Wpisz jedną regułę w jednej linii. Możesz użyć reguł adblock lub składni plików hostów.",
+    "system_host_files": "Pliki hosts systemu",
     "examples_title": "Przykłady",
     "example_meaning_filter_block": "zablokuj dostęp do domeny example.org i wszystkich jej subdomen",
     "example_meaning_filter_whitelist": "odblokuj dostęp do domeny example.org i wszystkich jej subdomen",
@@ -616,5 +624,8 @@
     "filter_allowlist": "OSTRZEŻENIE: To działanie spowoduje również wykluczenie reguły \"{{disallowed_rule}}\" z listy dozwolonych klientów.",
     "last_rule_in_allowlist": "Nie można odrzucić tego klienta, ponieważ wykluczenie reguły \"{{disallowed_rule}}\" spowoduje WYŁĄCZENIE listy „Dozwolonych klientów”.",
     "experimental": "Funkcja eksperymentalna",
-    "use_saved_key": "Użyj wcześniej zapisanego klucza"
+    "use_saved_key": "Użyj wcześniej zapisanego klucza",
+    "parental_control": "Kontrola rodzicielska",
+    "safe_browsing": "Bezpieczne przeglądanie",
+    "served_from_cache": "{{value}} <i>(podawane z pamięci podręcznej)</i>"
 }

client/src/__locales/pt-br.json

@@ -36,16 +36,23 @@
     "dhcp_ipv4_settings": "Configurações DHCP IPv4",
     "dhcp_ipv6_settings": "Configurações DHCP IPv6",
     "form_error_required": "Campo obrigatório",
-    "form_error_ip4_format": "Formato de endereço IPv4 inválido",
-    "form_error_ip6_format": "Formato de endereço IPv6 inválido",
-    "form_error_ip_format": "Formato de endereço IPv inválido",
-    "form_error_mac_format": "Formato do endereço MAC inválido",
-    "form_error_client_id_format": "Formato do ID de cliente inválido",
+    "form_error_ip4_format": "Endereço de IPv4 inválido",
+    "form_error_ip4_range_start_format": "Endereço IPv4 de início de intervalo inválido",
+    "form_error_ip4_range_end_format": "Endereço IPv4 de fim de intervalo inválido",
+    "form_error_ip4_gateway_format": "Endereço IPv4 de gateway inválido",
+    "form_error_ip6_format": "Endereço de IPv6 inválido",
+    "form_error_ip_format": "Endereço de IP inválido",
+    "form_error_mac_format": "Endereço de MAC inválido",
+    "form_error_client_id_format": "ID de cliente inválido",
     "form_error_server_name": "Nome de servidor inválido",
     "form_error_subnet": "A sub-rede \"{{cidr}}\" não contém o endereço IP \"{{ip}}\"",
     "form_error_positive": "Deve ser maior que 0",
-    "form_error_negative": "Deve ser igual ou superior a 0",
-    "range_end_error": "Deve ser maior que o início do intervalo",
+    "out_of_range_error": "Deve estar fora do intervalo \"{{start}}\"-\"{{end}}\"",
+    "lower_range_start_error": "Deve ser inferior ao início do intervalo",
+    "greater_range_start_error": "Deve ser maior que o início do intervalo",
+    "greater_range_end_error": "Deve ser maior que o fim do intervalo",
+    "subnet_error": "Endereços devem estar em uma sub-rede",
+    "gateway_or_subnet_invalid": "Máscara de sub-rede inválida",
     "dhcp_form_gateway_input": "IP do gateway",
     "dhcp_form_subnet_input": "Máscara de sub-rede",
     "dhcp_form_range_title": "Faixa de endereços IP",
@@ -193,6 +200,7 @@
     "form_error_url_or_path_format": "URL ou local da lista inválida",
     "custom_filter_rules": "Regras de filtragem personalizadas",
     "custom_filter_rules_hint": "Digite uma regra por linha. Você pode usar regras de bloqueio de anúncios ou a sintaxe de arquivos de hosts.",
+    "system_host_files": "Arquivos hosts do sistema",
     "examples_title": "Exemplos",
     "example_meaning_filter_block": "bloqueia o acesso ao domínio exemplo.org e a todos os seus subdomínios",
     "example_meaning_filter_whitelist": "desbloqueia o acesso ao domínio exemplo.org e a todos os seus subdomínios",
@@ -616,5 +624,8 @@
     "filter_allowlist": "AVISO: Esta ação também excluirá a regra \"{{disallowed_rule}}\" da lista de clientes permitidos.",
     "last_rule_in_allowlist": "Não é possível desautorizar este cliente porque excluir a regra \"{{disallowed_rule}}\" DESATIVARÁ a lista de \"Clientes permitidos\".",
     "experimental": "Experimental",
-    "use_saved_key": "Use a chave salva anteriormente"
+    "use_saved_key": "Use a chave salva anteriormente",
+    "parental_control": "Controle parental",
+    "safe_browsing": "Navegação segura",
+    "served_from_cache": "{{value}} <i>(servido do cache)</i>"
 }

client/src/__locales/pt-pt.json

@@ -36,16 +36,23 @@
     "dhcp_ipv4_settings": "Definições DHCP IPv4",
     "dhcp_ipv6_settings": "Definições DHCP IPv6",
     "form_error_required": "Campo obrigatório",
-    "form_error_ip4_format": "Formato de endereço IPv4 inválido",
-    "form_error_ip6_format": "Formato de endereço IPv6 inválido",
-    "form_error_ip_format": "Formato de endereço IPv4 inválido",
-    "form_error_mac_format": "Formato do endereço MAC inválido",
-    "form_error_client_id_format": "Formato inválido",
+    "form_error_ip4_format": "Endereço de IPv4 inválido",
+    "form_error_ip4_range_start_format": "Endereço IPv4 de início de intervalo inválido",
+    "form_error_ip4_range_end_format": "Endereço IPv4 de fim de intervalo inválido",
+    "form_error_ip4_gateway_format": "Endereço IPv4 de gateway inválido",
+    "form_error_ip6_format": "Endereço de IPv6 inválido",
+    "form_error_ip_format": "Endereço de IP inválido",
+    "form_error_mac_format": "Endereço de MAC inválido",
+    "form_error_client_id_format": "ID de cliente inválido",
     "form_error_server_name": "Nome de servidor inválido",
     "form_error_subnet": "A sub-rede \"{{cidr}}\" não contém o endereço IP \"{{ip}}\"",
     "form_error_positive": "Deve ser maior que 0",
-    "form_error_negative": "Deve ser igual ou superior a 0",
-    "range_end_error": "Deve ser maior que o início do intervalo",
+    "out_of_range_error": "Deve estar fora do intervalo \"{{start}}\"-\"{{end}}\"",
+    "lower_range_start_error": "Deve ser inferior ao início do intervalo",
+    "greater_range_start_error": "Deve ser maior que o início do intervalo",
+    "greater_range_end_error": "Deve ser maior que o fim do intervalo",
+    "subnet_error": "Os endereços devem estar em uma sub-rede",
+    "gateway_or_subnet_invalid": "Máscara de sub-rede inválida",
     "dhcp_form_gateway_input": "IP do gateway",
     "dhcp_form_subnet_input": "Máscara de sub-rede",
     "dhcp_form_range_title": "Faixa de endereços IP",
@@ -103,7 +110,7 @@
     "enabled_protection": "Ativar proteção",
     "disable_protection": "Desativar proteção",
     "disabled_protection": "Desativar proteção",
-    "refresh_statics": "Repor estatísticas",
+    "refresh_statics": "Actualizar estatísticas",
     "dns_query": "Consultas de DNS",
     "blocked_by": "<0>Bloqueado por filtros</0>",
     "stats_malware_phishing": "Malware/phishing bloqueados",
@@ -193,6 +200,7 @@
     "form_error_url_or_path_format": "URL ou local da lista inválida",
     "custom_filter_rules": "Regras de filtragem personalizadas",
     "custom_filter_rules_hint": "Insira uma regra por linha. Pode usar regras de bloqueio de anúncios ou a sintaxe de ficheiros de hosts.",
+    "system_host_files": "Arquivos hosts do sistema",
     "examples_title": "Exemplos",
     "example_meaning_filter_block": "bloqueia o acesso ao domínio exemplo.org e a todos os seus subdomínios",
     "example_meaning_filter_whitelist": "desbloqueia o acesso ao domínio exemplo.org e a todos os seus subdomínios",
@@ -616,5 +624,8 @@
     "filter_allowlist": "AVISO: Esta ação também excluirá a regra \"{{disallowed_rule}}\" da lista de clientes permitidos.",
     "last_rule_in_allowlist": "Não é possível desautorizar este cliente porque excluir a regra \"{{disallowed_rule}}\" DESATIVARÁ a lista de \"Clientes permitidos\".",
     "experimental": "Experimental",
-    "use_saved_key": "Use a chave guardada anteriormente"
+    "use_saved_key": "Use a chave guardada anteriormente",
+    "parental_control": "Controle parental",
+    "safe_browsing": "Navegação segura",
+    "served_from_cache": "{{value}} <i>(servido do cache)</i>"
 }

client/src/__locales/ro.json

@@ -36,16 +36,23 @@
     "dhcp_ipv4_settings": "Setări DHCP IPv4",
     "dhcp_ipv6_settings": "Setări DHCP IPv6",
     "form_error_required": "Câmp necesar",
-    "form_error_ip4_format": "Format IPv4 invalid",
-    "form_error_ip6_format": "Format IPv6 invalid",
-    "form_error_ip_format": "Format IP invalid",
-    "form_error_mac_format": "Format MAC invalid",
-    "form_error_client_id_format": "Format ID de client invalid",
+    "form_error_ip4_format": "Adresă IPv4 nevalidă",
+    "form_error_ip4_range_start_format": "Adresă IPv4 de început al intervalului nevalidă",
+    "form_error_ip4_range_end_format": "Adresa IPv4 de sfârșit al intervalului nevalidă",
+    "form_error_ip4_gateway_format": "Adresă IPv4 a gateway-ului nevalidă",
+    "form_error_ip6_format": "Adresa IPv6 nevalidă",
+    "form_error_ip_format": "Adresă IP nevalidă",
+    "form_error_mac_format": "Adresă MAC nevalidă",
+    "form_error_client_id_format": "ID client nevalid",
     "form_error_server_name": "Nume de server nevalid",
     "form_error_subnet": "Subrețeaua „{{cidr}}” nu conține adresa IP „{{ip}}”",
     "form_error_positive": "Trebuie să fie mai mare de 0",
-    "form_error_negative": "Trebuie să fie egală cu 0 sau mai mare",
-    "range_end_error": "Trebuie să fie mai mare decât începutul intervalului",
+    "out_of_range_error": "Trebuie să fie în afara intervalului „{{start}}”-„{{end}}”",
+    "lower_range_start_error": "Trebuie să fie mai mică decât începutul intervalului",
+    "greater_range_start_error": "Trebuie să fie mai mare decât începutul intervalului",
+    "greater_range_end_error": "Trebuie să fie mai mare decât sfârșitul intervalului",
+    "subnet_error": "Adresele trebuie să fie în aceeași subrețea",
+    "gateway_or_subnet_invalid": "Mască de subrețea nevalidă",
     "dhcp_form_gateway_input": "IP Gateway",
     "dhcp_form_subnet_input": "Mască subnet",
     "dhcp_form_range_title": "Interval de adrese IP",
@@ -112,6 +119,8 @@
     "for_last_24_hours": "în ultimele 24 ore",
     "for_last_days": "în ultima {{count}} zi",
     "for_last_days_plural": "pentru ultimele {{count}} zile",
+    "stats_disabled": "Statisticile au fost dezactivate. Puteți să le porniți din <0>pagina de setări</0>.",
+    "stats_disabled_short": "Statisticile au fost dezactivate",
     "no_domains_found": "Nu s-au găsit domenii",
     "requests_count": "Cont interogări",
     "top_blocked_domains": "Domeniile blocate cel mai des",
@@ -191,6 +200,7 @@
     "form_error_url_or_path_format": "Invalid URL sau o cale absolută a listei",
     "custom_filter_rules": "Reguli de filtrare personalizate",
     "custom_filter_rules_hint": "Introduceți o regulă pe linie. Puteți utiliza reguli de blocare sau sintaxa de fișiere hosts.",
+    "system_host_files": "Fișiere de sistem hosts",
     "examples_title": "Exemple",
     "example_meaning_filter_block": "blochează accesul la domeniul exemplu.org și la toate subdomeniile sale",
     "example_meaning_filter_whitelist": "deblochează accesul la domeniul exemplu.org și la toate subdomeniile sale",
@@ -206,7 +216,7 @@
     "example_upstream_sdns": "puteți utiliza <0>DNS Stamps</0> pentru rezolvere <1>DNSCrypt</1> sau <2>DNS-over-HTTPS</2>",
     "example_upstream_tcp": "DNS clasic (over TCP)",
     "all_lists_up_to_date_toast": "Toate listele sunt deja la zi",
-    "updated_upstream_dns_toast": "Serverele DNS în amonte aduse la zi",
+    "updated_upstream_dns_toast": "Serverele din amonte au fost salvate cu succes",
     "dns_test_ok_toast": "Serverele DNS specificate funcționează corect",
     "dns_test_not_ok_toast": "Serverul \"{{key}}\": nu a putut fi utilizat, verificați dacă l-ați scris corect",
     "unblock": "Deblocați",
@@ -233,7 +243,7 @@
     "loading_table_status": "Se încarcă...",
     "page_table_footer_text": "Pagina",
     "rows_table_footer_text": "linii",
-    "updated_custom_filtering_toast": "Reguli personalizate de filtrare aduse la zi",
+    "updated_custom_filtering_toast": "Regulile personalizate au fost salvate cu succes",
     "rule_removed_from_custom_filtering_toast": "Regulă scoasă din regullei personalizate de filtrare: {{rule}}",
     "rule_added_to_custom_filtering_toast": "Regulă adăugată la regulile de filtrare personalizate: {{rule}}",
     "query_log_response_status": "Statut: {{value}}",
@@ -304,7 +314,7 @@
     "install_settings_dns_desc": "Va trebui să configurați aparatele sau routerul pentru a utiliza serverul DNS pe următoarele adrese:",
     "install_settings_all_interfaces": "Toate interfețele",
     "install_auth_title": "Autentificare",
-    "install_auth_desc": "Este foarte recomandat să configurați o parolă pentru accesul la interfața web de administrare AdGuard Home. Chiar dacă este accesibil numai în rețeaua dvs. locală, este încă important să îl protejați de accesul fără restricții.",
+    "install_auth_desc": "Trebuie configurată autentificarea cu parolă la interfața web AdGuard Home admin. Chiar dacă AdGuard Home este accesibil numai în rețeaua locală, este important să îl protejați de accesul fără restricții.",
     "install_auth_username": "Nume utilizator",
     "install_auth_password": "Parola",
     "install_auth_confirm": "Confirmați parola",
@@ -327,7 +337,7 @@
     "install_devices_windows_list_3": "În partea stângă a ecranului găsiți \"Schimbare setări adaptor\" și clicați pe el.",
     "install_devices_windows_list_4": "Selectați conexiunea activă, faceți clic dreapta pe ea și alegeți \"Proprietăți\".",
     "install_devices_windows_list_5": "Găsiți Internet Protocol Versiunea 4 (TCP/IPv4) din listă, selectați-l și apoi clicați din nou pe Proprietăți.",
-    "install_devices_windows_list_6": "Alegeți Utilizați următoarele adrese de server DNS și introduceți adresele de server AdGuard Home.",
+    "install_devices_windows_list_6": "Alegeți „Utilizați următoarele adrese de server DNS” și introduceți adresele serverului dvs. AdGuard Home.",
     "install_devices_macos_list_1": "Clicați pe icoana Apple și accesați Preferințele Sistemului.",
     "install_devices_macos_list_2": "Clicați pe Network.",
     "install_devices_macos_list_3": "Selectați prima conexiune din listă și clicați pe Avansat.",
@@ -501,6 +511,7 @@
     "statistics_clear_confirm": "Sunteți sigur că doriți să ștergeți statisticile?",
     "statistics_retention_confirm": "Sunteți sigur că doriți să schimbați păstrarea statisticilor? Dacă reduceți valoarea intervalului, unele date vor fi pierdute",
     "statistics_cleared": "Statisticile au fost șterse cu succes",
+    "statistics_enable": "Activați statisticile",
     "interval_hours": "{{count}} oră",
     "interval_hours_plural": "{{count}} ore",
     "filters_configuration": "Configurația filtrelor",
@@ -595,6 +606,8 @@
     "cache_ttl_min_override_desc": "Extinde valorile timp-de-viață scurte (secunde) primite de la serverul din amonte la stocarea în cache a răspunsurilor DNS",
     "cache_ttl_max_override_desc": "Setează o valoare maximă a timpului-de-viață (secunde) pentru intrările din memoria cache DNS",
     "ttl_cache_validation": "Valoarea TTL cache minimă trebuie să fie mai mică sau egală cu valoarea maximă",
+    "cache_optimistic": "Caching optimistic",
+    "cache_optimistic_desc": "Face ca AdGuard Home să răspundă din cache chiar și atunci când intrările au expirate și de asemenea, încearcă să le reîmprospăteze.",
     "filter_category_general": "General",
     "filter_category_security": "Securitate",
     "filter_category_regional": "Regional",
@@ -608,6 +621,10 @@
     "click_to_view_queries": "Clicați pentru a vizualiza interogări",
     "port_53_faq_link": "Portul 53 este adesea ocupat de serviciile \"DNSStubListener\" sau \"systemd-resolved\". Vă rugăm să citiți <0>această instrucțiune</0> despre cum să rezolvați aceasta.",
     "adg_will_drop_dns_queries": "AdGuard Home va renunța la toate interogările DNS de la acest client.",
-    "client_not_in_allowed_clients": "Clientul nu este permis deoarece nu este în lista de \"Clienți permiși\".",
-    "experimental": "Experimental"
+    "filter_allowlist": "AVERTISMENT: Această acțiune va exclude și regula „{{disallowed_rule}}” din lista de clienți permiși.",
+    "last_rule_in_allowlist": "Acest client nu poate fi exclus deoarece excluderea regulii „{{disallowed_rule}}” va DEZACTIVA lista „Clienți acceptați”.",
+    "experimental": "Experimental",
+    "use_saved_key": "Folosiți cheia salvată anterior",
+    "parental_control": "Control parental",
+    "safe_browsing": "Navigare sigura"
 }

client/src/__locales/ru.json

@@ -36,16 +36,23 @@
     "dhcp_ipv4_settings": "Настройки DHCP IPv4",
     "dhcp_ipv6_settings": "Настройки DHCP IPv6",
     "form_error_required": "Обязательное поле",
-    "form_error_ip4_format": "Неверный формат IPv4",
-    "form_error_ip6_format": "Неверный формат IPv6",
-    "form_error_ip_format": "Неверный формат IP-адреса",
-    "form_error_mac_format": "Некорректный формат MAC",
-    "form_error_client_id_format": "Неверный формат ID клиента",
-    "form_error_server_name": "Неверное имя сервера",
+    "form_error_ip4_format": "Некорректный IPv4-адрес",
+    "form_error_ip4_range_start_format": "Некорректный IPv4-адрес начала диапазона",
+    "form_error_ip4_range_end_format": "Некорректный IPv4-адрес конца диапазона",
+    "form_error_ip4_gateway_format": "Некорректный IPv4-адрес шлюза",
+    "form_error_ip6_format": "Некорректный IPv6-адрес",
+    "form_error_ip_format": "Некорректный IP-адрес",
+    "form_error_mac_format": "Некорректный MAC-адрес",
+    "form_error_client_id_format": "Некорректный ID клиента",
+    "form_error_server_name": "Некорректное имя сервера",
     "form_error_subnet": "Подсеть «{{cidr}}» не содержит IP-адрес «{{ip}}»",
     "form_error_positive": "Должно быть больше 0",
-    "form_error_negative": "Должно быть не меньше 0",
-    "range_end_error": "Должно превышать начало диапазона",
+    "out_of_range_error": "Должно быть вне диапазона «{{start}}»-«{{end}}»",
+    "lower_range_start_error": "Должно быть меньше начала диапазона",
+    "greater_range_start_error": "Должно быть больше начала диапазона",
+    "greater_range_end_error": "Должно быть больше конца диапазона",
+    "subnet_error": "Адреса должны быть внутри одной подсети",
+    "gateway_or_subnet_invalid": "Некорректная маска подсети",
     "dhcp_form_gateway_input": "IP-адрес шлюза",
     "dhcp_form_subnet_input": "Маска подсети",
     "dhcp_form_range_title": "Диапазон IP-адресов",
@@ -189,10 +196,11 @@
     "choose_allowlist": "Выберите списки разрешённых",
     "enter_valid_blocklist": "Добавьте действующий URL-адрес в чёрный список.",
     "enter_valid_allowlist": "Добавьте действующий URL-адрес в белый список.",
-    "form_error_url_format": "Неверный формат URL",
-    "form_error_url_or_path_format": "Неверный URL или абсолютный путь к списку",
+    "form_error_url_format": "Некорректный URL",
+    "form_error_url_or_path_format": "Некорректный URL или абсолютный путь к списку",
     "custom_filter_rules": "Пользовательское правило фильтрации",
     "custom_filter_rules_hint": "Вводите по одному правилу на строчку. Вы можете использовать правила блокировки или синтаксис файлов hosts.",
+    "system_host_files": "Системные hosts-файлы",
     "examples_title": "Примеры",
     "example_meaning_filter_block": "заблокировать доступ к домену example.org и всем его поддоменам",
     "example_meaning_filter_whitelist": "разблокировать доступ к домену example.org и всем его поддоменам",
@@ -231,7 +239,7 @@
     "no_logs_found": "Логи не найдены",
     "refresh_btn": "Обновить",
     "previous_btn": "Назад",
-    "next_btn": "Вперёд",
+    "next_btn": "Далее",
     "loading_table_status": "Загрузка…",
     "page_table_footer_text": "Страница",
     "rows_table_footer_text": "строк",
@@ -314,9 +322,9 @@
     "install_auth_password_enter": "Введите пароль",
     "install_step": "Шаг",
     "install_devices_title": "Настройте ваши устройства",
-    "install_devices_desc": "Для того, чтобы использовать AdGuard Home, вам нужно настроить ваши устройства на его использование.",
+    "install_devices_desc": "Чтобы использовать AdGuard Home, настройте ваши устройства на его использование.",
     "install_submit_title": "Поздравляем!",
-    "install_submit_desc": "Процедура настройки завершена, AdGuard Home готов к использованию.",
+    "install_submit_desc": "Настройка завершена, AdGuard Home готов к использованию.",
     "install_devices_router": "Роутер",
     "install_devices_router_desc": "Эта настройка покроет все устройства, подключенные к вашему домашнему роутеру, и вам не нужно будет настраивать каждое вручную.",
     "install_devices_address": "DNS-сервер AdGuard Home доступен по следующим адресам",
@@ -344,7 +352,7 @@
     "install_devices_ios_list_3": "Нажмите на название сети, к которой устройство подключено в данный момент.",
     "install_devices_ios_list_4": "В поле «DNS» введите введите адреса AdGuard Home.",
     "get_started": "Поехали",
-    "next": "Дальше",
+    "next": "Далее",
     "open_dashboard": "Открыть Панель управления",
     "install_saved": "Успешно сохранено",
     "encryption_title": "Шифрование",
@@ -362,7 +370,7 @@
     "encryption_doq": "Порт DNS-over-QUIC",
     "encryption_doq_desc": "Если этот порт настроен, AdGuard Home запустит сервер DNS-over-QUIC на этом порте. Это экспериментально и может быть ненадёжно. Кроме того, не так много клиентов поддерживает этот способ в настоящий момент.",
     "encryption_certificates": "Сертификаты",
-    "encryption_certificates_desc": "Для использования шифрования вам необходимо предоставить валидную цепочку SSL-сертификатов для вашего домена. Вы можете получить бесплатный сертификат на <0>{{link}}</0> или вы можете купить его у одного из доверенных Центров Сертификации.",
+    "encryption_certificates_desc": "Для использования шифрования вам необходимо предоставить корректную цепочку SSL-сертификатов для вашего домена. Вы можете получить бесплатный сертификат на <0>{{link}}</0> или вы можете купить его у одного из доверенных Центров Сертификации.",
     "encryption_certificates_input": "Скопируйте сюда сертификаты в PEM-кодировке.",
     "encryption_status": "Статус",
     "encryption_expire": "Истекает",
@@ -370,10 +378,10 @@
     "encryption_key_input": "Скопируйте сюда приватный ключ в PEM-кодировке.",
     "encryption_enable": "Включить шифрование (HTTPS, DNS-over-HTTPS и DNS-over-TLS)",
     "encryption_enable_desc": "Если шифрование включено, веб-интерфейс AdGuard Home будет работать по HTTPS, а DNS-сервер будет также работать по DNS-over-HTTPS и DNS-over-TLS.",
-    "encryption_chain_valid": "Цепочка сертификатов валидна",
-    "encryption_chain_invalid": "Цепочка сертификатов не валидна",
-    "encryption_key_valid": "Валидный {{type}} приватный ключ",
-    "encryption_key_invalid": "Невалидный {{type}} приватный ключ",
+    "encryption_chain_valid": "Цепочка сертификатов прошла проверку",
+    "encryption_chain_invalid": "Цепочка сертификатов не прошла проверку",
+    "encryption_key_valid": "Корректный {{type}} приватный ключ",
+    "encryption_key_invalid": "Некорректный {{type}} приватный ключ",
     "encryption_subject": "Субъект",
     "encryption_issuer": "Издатель",
     "encryption_hostnames": "Имена хостов",
@@ -455,19 +463,19 @@
     "setup_dns_privacy_other_5": "Вы можете найти ещё варианты <0>тут</0> и <1>тут</1>.",
     "setup_dns_privacy_ioc_mac": "Конфигурация для iOS и macOS",
     "setup_dns_notice": "Чтобы использовать <1>DNS-over-HTTPS</1> или <1>DNS-over-TLS</1>, вам нужно <0>настроить шифрование</0> в настройках AdGuard Home.",
-    "rewrite_added": "Правило перенаправления DNS для «{{key}}» успешно добавлено",
-    "rewrite_deleted": "Правило перенаправления DNS для «{{key}}» успешно удалено",
-    "rewrite_add": "Добавить правило перенаправления DNS",
-    "rewrite_not_found": "Не найдено правил перенаправления DNS",
-    "rewrite_confirm_delete": "Вы уверены, что хотите удалить правило перенаправления DNS для «{{key}}»?",
+    "rewrite_added": "Правило перезаписи DNS-запросов для «{{key}}» успешно добавлено",
+    "rewrite_deleted": "Правило перезаписи DNS-запросов для «{{key}}» успешно удалено",
+    "rewrite_add": "Добавить правило перезаписи DNS-запросов",
+    "rewrite_not_found": "Не найдено правил перезаписи DNS-запросов",
+    "rewrite_confirm_delete": "Вы уверены, что хотите удалить правило перезаписи DNS-запросов для «{{key}}»?",
     "rewrite_desc": "Позволяет легко настроить пользовательский DNS-ответ для определеннного домена.",
-    "rewrite_applied": "Применено правило перенаправления",
+    "rewrite_applied": "Применено правило перезаписи",
     "rewrite_hosts_applied": "Переписано по правилу файла hosts",
-    "dns_rewrites": "Перенаправления DNS",
+    "dns_rewrites": "Перезапись DNS-запросов",
     "form_domain": "Введите домен",
     "form_answer": "Введите IP адрес или домен",
-    "form_error_domain_format": "Неверный формат домена",
-    "form_error_answer_format": "Неверный формат ответа",
+    "form_error_domain_format": "Некорректный домен",
+    "form_error_answer_format": "Некорректный ответ",
     "configure": "Настроить",
     "main_settings": "Основные настройки",
     "block_services": "Выбрать заблокированные сервисы",
@@ -529,9 +537,9 @@
     "blocked_by_cname_or_ip": "Заблокировано с помощью CNAME или IP",
     "try_again": "Попробовать ещё раз",
     "domain_desc": "Введите имя или маску домена, который вы хотите перенаправить.",
-    "example_rewrite_domain": "перенаправляет ответы только для этого домена.",
-    "example_rewrite_wildcard": "перенаправляет ответы для всех поддоменов <0>example.org</0>.",
-    "rewrite_ip_address": "IP-адрес: используйте этот IP для А или АААА ответов",
+    "example_rewrite_domain": "переписывать ответы только для этого домена.",
+    "example_rewrite_wildcard": "переписывать ответы для всех поддоменов <0>example.org</0>.",
+    "rewrite_ip_address": "IP-адрес: использовать этот IP для А или АААА ответов",
     "rewrite_domain_name": "Доменное имя: добавить запись CNAME",
     "rewrite_A": "<0>A</0>: специальное значение, хранить записи <0>A</0> с upstream-сервера",
     "rewrite_AAAA": "<0>AAAA</0>: специальное значение, хранить записи <0>AAAA</0> с upstream-сервера",
@@ -616,5 +624,8 @@
     "filter_allowlist": "ВНИМАНИЕ: Это действие также исключит правило «{{disallowed_rule}}» из списка разрешённых клиентов.",
     "last_rule_in_allowlist": "Нельзя заблокировать этого клиента, так как исключение правила «{{disallowed_rule}}» ОТКЛЮЧИТ режим белого списка.",
     "experimental": "Экспериментальный",
-    "use_saved_key": "Использовать сохранённый ранее ключ"
+    "use_saved_key": "Использовать сохранённый ранее ключ",
+    "parental_control": "Родительский контроль",
+    "safe_browsing": "Безопасный интернет",
+    "served_from_cache": "{{value}} <i>(получено из кеша)</i>"
 }

client/src/__locales/sk.json

@@ -36,16 +36,23 @@
     "dhcp_ipv4_settings": "Nastavenia DHCP IPv4",
     "dhcp_ipv6_settings": "Nastavenia DHCP IPv6",
     "form_error_required": "Povinná položka",
-    "form_error_ip4_format": "Nesprávny formát IPv4",
-    "form_error_ip6_format": "Nesprávny formát IPv6",
-    "form_error_ip_format": "Nesprávny formát IPv4",
-    "form_error_mac_format": "Nesprávny MAC formát",
-    "form_error_client_id_format": "Neplatný formát client ID",
+    "form_error_ip4_format": "Neplatná IPv4 adresa",
+    "form_error_ip4_range_start_format": "Neplatný začiatok rozsahu IPv4 formátu",
+    "form_error_ip4_range_end_format": "Neplatný koniec rozsahu IPv4 formátu",
+    "form_error_ip4_gateway_format": "Neplatná IPv4 adresa brány",
+    "form_error_ip6_format": "Neplatná IPv6 adresa",
+    "form_error_ip_format": "Neplatná IP adresa",
+    "form_error_mac_format": "Neplatná MAC adresa",
+    "form_error_client_id_format": "Neplatné ID klienta",
     "form_error_server_name": "Neplatné meno servera",
     "form_error_subnet": "Podsieť \"{{cidr}}\" neobsahuje IP adresu \"{{ip}}\"",
     "form_error_positive": "Musí byť väčšie ako 0",
-    "form_error_negative": "Musí byť číslo 0 alebo viac",
-    "range_end_error": "Musí byť väčšie ako začiatok rozsahu",
+    "out_of_range_error": "Musí byť mimo rozsahu \"{{start}}\"-\"{{end}}\"",
+    "lower_range_start_error": "Musí byť nižšie ako začiatok rozsahu",
+    "greater_range_start_error": "Musí byť väčšie ako začiatok rozsahu",
+    "greater_range_end_error": "Musí byť väčšie ako koniec rozsahu",
+    "subnet_error": "Adresy musia byť v spoločnej podsieti",
+    "gateway_or_subnet_invalid": "Maska podsiete je neplatná",
     "dhcp_form_gateway_input": "IP brána",
     "dhcp_form_subnet_input": "Maska podsiete",
     "dhcp_form_range_title": "Rozsah IP adries",
@@ -193,6 +200,7 @@
     "form_error_url_or_path_format": "Neplatná URL adresa alebo absolútna adresa zoznamu",
     "custom_filter_rules": "Vlastné filtračné pravidlá",
     "custom_filter_rules_hint": "Zadajte na každý riadok jedno pravidlo. Môžete použiť buď adblock pravidlá alebo syntax host súborov.",
+    "system_host_files": "Systémové súbory hosts",
     "examples_title": "Príklady",
     "example_meaning_filter_block": "zablokovať prístup k doméne example.org  a všetkým jej subdoménam",
     "example_meaning_filter_whitelist": "odblokovať prístup k doméne example.org  a všetkým jej subdoménam",
@@ -616,5 +624,8 @@
     "filter_allowlist": "UPOZORNENIE: Táto akcia tiež vylúči pravidlo \"\"{{disallowed_rule}}\"\" zo zoznamu povolených klientov.",
     "last_rule_in_allowlist": "Nemôžete zakázať tohto klienta, pretože vylúčenie pravidla \"{{disallowed_rule}}\" zakáže zoznam \"povolených klientov\".",
     "experimental": "Experimentálne",
-    "use_saved_key": "Použiť predtým uložený kľúč"
+    "use_saved_key": "Použiť predtým uložený kľúč",
+    "parental_control": "Rodičovská kontrola",
+    "safe_browsing": "Bezpečné prehliadanie",
+    "served_from_cache": "{{value}} <i>(prevzatá z cache pamäte)</i>"
 }

client/src/__locales/sl.json

@@ -36,16 +36,23 @@
     "dhcp_ipv4_settings": "Nastavitve DHCP IPv4",
     "dhcp_ipv6_settings": "Nastavitve DHCP IPv6",
     "form_error_required": "Zahtevano polje",
-    "form_error_ip4_format": "Neveljaven format IPv4",
-    "form_error_ip6_format": "Neveljaven format IPv6",
-    "form_error_ip_format": "Neveljaven format IP",
-    "form_error_mac_format": "Neveljaven MAC format",
-    "form_error_client_id_format": "Neveljaven format ID odjemalca",
+    "form_error_ip4_format": "Neveljaven naslov IPv4",
+    "form_error_ip4_range_start_format": "Neveljaven začetek oblike razpona IPv4",
+    "form_error_ip4_range_end_format": "Neveljaven konec oblike razpona IPv4",
+    "form_error_ip4_gateway_format": "Neveljaven naslov IPv4 prehoda",
+    "form_error_ip6_format": "Neveljaven naslov IPv6",
+    "form_error_ip_format": "Neveljaven naslov IP",
+    "form_error_mac_format": "Neveljaven naslov MAC",
+    "form_error_client_id_format": "Neveljaven ID odjemalca",
     "form_error_server_name": "Neveljavno ime strežnika",
     "form_error_subnet": "Podomrežje \"{{cidr}}\" ne vsebuje naslova IP \"{{ip}}\"",
     "form_error_positive": "Mora biti večja od 0",
-    "form_error_negative": "Mora biti enako ali več kot 0",
-    "range_end_error": "Mora biti večji od začtka razpona",
+    "out_of_range_error": "Mora biti izven razpona \"{{start}}\"-\"{{end}}\"",
+    "lower_range_start_error": "Mora biti manjši od začetka razpona",
+    "greater_range_start_error": "Mora biti večji od začetka razpona",
+    "greater_range_end_error": "Mora biti večji od konca razpona",
+    "subnet_error": "Naslovi morajo biti v enem podomrežju",
+    "gateway_or_subnet_invalid": "Maska podomrežja ni veljavna",
     "dhcp_form_gateway_input": "IP prehoda",
     "dhcp_form_subnet_input": "Maska podomrežja",
     "dhcp_form_range_title": "Razpon naslovov IP",
@@ -193,6 +200,7 @@
     "form_error_url_or_path_format": "Neveljaven URL ali absolutna pot seznama",
     "custom_filter_rules": "Pravila filtriranja po meri",
     "custom_filter_rules_hint": "V vrstico vnesite eno pravilo. Uporabite lahko pravila zaviranja oglasov ali sintakso gostiteljskih datotek.",
+    "system_host_files": "Sistemske gostiteljske datooteke",
     "examples_title": "Primeri",
     "example_meaning_filter_block": "onemogoči dostop do domene example.org in vseh njenih poddomen",
     "example_meaning_filter_whitelist": "omogoči dostop do domene example.org in vseh njenih poddomen",
@@ -616,5 +624,8 @@
     "filter_allowlist": "OPOZORILO: S to akcijo bo pravilo \"{{disallowed_rule}}\" izključeno s seznama dovoljenih odjemalcev.",
     "last_rule_in_allowlist": "Tega odjemalca ni mogoče onemogočiti, ker izključitev pravila \"{{disallowed_rule}}\" bo ONEMOGOČILO seznam 'Dovoljeni odjemalci'.",
     "experimental": "Eksperimentalno",
-    "use_saved_key": "Uporabi prej shranjeni ključ"
+    "use_saved_key": "Uporabi prej shranjeni ključ",
+    "parental_control": "Starševski nadzor",
+    "safe_browsing": "Varno brskanje",
+    "served_from_cache": "{{value}} <i>(postreženo iz predpomnilnika)</i>"
 }

client/src/__locales/sr-cs.json

@@ -26,8 +26,6 @@
     "form_error_mac_format": "Nevažeći MAC format",
     "form_error_client_id_format": "Nevažeći format klijenta",
     "form_error_positive": "Mora biti veće od 0",
-    "form_error_negative": "Mora biti 0 ili veće",
-    "range_end_error": "Mora biti veće od početnog opsega",
     "dhcp_form_gateway_input": "IP mrežnog prolaza",
     "dhcp_form_subnet_input": "Subnet mask",
     "dhcp_form_range_title": "Opseg IP adresa",
@@ -226,8 +224,10 @@
     "custom_ip": "Prilagođeni IP",
     "blocking_ipv4": "Blokiranje IPv4",
     "blocking_ipv6": "Blokiranje IPv6",
+    "dnscrypt": "DNSCrypt",
     "dns_over_https": "DNS-over-HTTPS",
     "dns_over_tls": "DNS-over-TLS",
+    "dns_over_quic": "DNS-over-QUIC",
     "download_mobileconfig_doh": "Preuzimanja",
     "download_mobileconfig_dot": "Preuzmi .mobileconfig za DNS-over-TLS",
     "plain_dns": "Plain DNS",
@@ -430,6 +430,7 @@
     "encryption_key_source_content": "Nalepi sadržaj privatnog ključa",
     "stats_params": "Konfiguracija statistike",
     "config_successfully_saved": "Konfiguracija je uspešno sačuvana",
+    "interval_6_hour": "6 sati",
     "interval_24_hour": "24 časa",
     "interval_days": "{{count}} dan",
     "interval_days_plural": "{{count}} dana",
@@ -549,6 +550,6 @@
     "click_to_view_queries": "Kliknite da pogledate zahteve",
     "port_53_faq_link": "Port 53 je najčešće zauzet od \"DNSStubListener\" ili \"systemd-resolved\" usluga. Pročitajte <0>ovo uputstvo</0> kako da to rešite.",
     "adg_will_drop_dns_queries": "AdGuard Home će odbacivati sve DNS unose od ovog klijenta.",
-    "client_not_in_allowed_clients": "Klijent nije dozvoljen zato što se ne nalazi na spisku dozvoljenih klijenata.",
-    "experimental": "Eksperimentalno"
+    "experimental": "Eksperimentalno",
+    "parental_control": "Roditeljska kontrola"
 }

client/src/__locales/sv.json

@@ -16,8 +16,8 @@
     "dhcp_static_leases": "Statiska DHCP-leases",
     "dhcp_leases_not_found": "Ingen DHCP-lease hittad",
     "form_error_required": "Obligatoriskt fält",
-    "form_error_ip_format": "Ogiltigt IPv4-format",
-    "form_error_mac_format": "Ogiltigt MAC-format",
+    "form_error_ip_format": "Ogiltig IP-adress",
+    "form_error_mac_format": "Ogiltig MAC-adress",
     "form_error_positive": "Måste vara större än noll",
     "dhcp_form_gateway_input": "Gateway-IP",
     "dhcp_form_subnet_input": "Subnetmask",
@@ -39,14 +39,18 @@
     "delete_confirm": "Är du säker på att du vill ta bort \"{{key}}\"?",
     "form_enter_hostname": "Skriv in värdnamn",
     "error_details": "Felinformation",
+    "request_details": "Förfrågningsdetaljer",
+    "details": "Detaljer",
     "back": "Tiilbaka",
     "dashboard": "Kontrollpanel",
     "settings": "Inställningar",
     "filters": "Filter",
+    "filter": "Filter",
     "query_log": "Förfrågningslogg",
     "faq": "FAQ",
     "version": "version",
     "address": "Adress",
+    "protocol": "Protokoll",
     "on": "PÅ",
     "off": "AV",
     "copyright": "Copyright",
@@ -85,6 +89,7 @@
     "no_servers_specified": "Inga servrar angivna",
     "general_settings": "Allmänna inställningar",
     "dns_settings": "DNS-inställningar",
+    "custom_filtering_rules": "Egna filterregler",
     "encryption_settings": "Krypteringsinställningar",
     "dhcp_settings": "DHCP-inställningar",
     "upstream_dns": "Upstream DNS-servrar",
@@ -159,6 +164,12 @@
     "query_log_disabled": "Förfrågningsloggen är avaktiverad och kan konfigureras i <0>inställningar</0>",
     "query_log_strict_search": "Använd dubbla citattecken för strikt sökning",
     "query_log_retention_confirm": "Är du säker på att du vill ändra förfrågningsloggars retentionstid? Om du minskar intervallet kommer viss data att gå förlorad",
+    "default": "Standard",
+    "custom_ip": "Eget IP",
+    "dnscrypt": "DNSCrypt",
+    "dns_over_https": "DNS-over-HTTPS",
+    "dns_over_tls": "DNS-over-TLS",
+    "dns_over_quic": "DNS-over-QUIC",
     "source_label": "Källa",
     "found_in_known_domain_db": "Hittad i domändatabas.",
     "category_label": "Kategori",
@@ -333,12 +344,21 @@
     "location": "Plats",
     "orgname": "Organisationsnamn",
     "netname": "Nätverksnamn",
+    "network": "Nätverk",
     "descr": "Beskrivning",
     "whois": "Whois",
     "filtering_rules_learn_more": "<0>Mer info</0> om att skapa dina egna blockeringslistor för värdar.",
     "try_again": "Försök igen",
     "show_blocked_responses": "Blockerade",
+    "show_whitelisted_responses": "Vitlistade",
+    "show_processed_responses": "Utförda",
     "blocked_adult_websites": "Blockerade vuxensajter",
     "blocked_threats": "Blockerade hot",
-    "use_saved_key": "Använd den tidigare sparade nyckeln"
+    "allowed": "Vitlistade",
+    "safe_search": "Säker surf",
+    "filter_category_general": "General",
+    "filter_category_security": "säkerhet",
+    "filter_category_other": "Övrigt",
+    "use_saved_key": "Använd den tidigare sparade nyckeln",
+    "parental_control": "Föräldrakontroll"
 }

client/src/__locales/th.json

@@ -20,7 +20,6 @@
     "form_error_mac_format": "รูปแบบ MAC ไม่ถูกต้อง",
     "form_error_client_id_format": "รูปแบบ ID ลูกค้าไม่ถูกต้อง",
     "form_error_positive": "ต้องมากกว่า 0",
-    "form_error_negative": "ต้องเท่ากับ 0 หรือมากกว่า",
     "dhcp_form_gateway_input": "IP ของเกตเวย์",
     "dhcp_form_subnet_input": "ซับเน็ตมาสก์",
     "dhcp_form_range_title": "ช่วงของที่อยู่ IP",
@@ -41,6 +40,7 @@
     "delete_confirm": "คุณแน่ใจหรือว่าต้องการลบ \"{{key}}\"?",
     "form_enter_hostname": "ป้อนชื่อโฮสต์",
     "error_details": "รายละเอียดข้อผิดพลาด",
+    "request_details": "ขอรายละเอียด",
     "back": "กลับ",
     "dashboard": "แผงควบคุม",
     "settings": "การตั้งค่า",
@@ -87,6 +87,7 @@
     "no_servers_specified": "ไม่ได้ระบุเซิร์ฟเวอร์",
     "general_settings": "การตั้งค่าทั่วไป",
     "dns_settings": "การตั้งค่า DNS",
+    "custom_filtering_rules": "กฎการกรองที่กำหนดเอง",
     "encryption_settings": "การตั้งค่าการเข้ารหัส",
     "dhcp_settings": "การตั้งค่า DHCP",
     "upstream_dns": "เซิร์ฟเวอร์ DNS ต้นทาง",
@@ -169,6 +170,9 @@
     "custom_ip": "IP กำหนดเอง",
     "blocking_ipv4": "ปิดกั้น IPv4",
     "blocking_ipv6": "ปิดกั้น IPv6",
+    "dnscrypt": "DNSCrypt",
+    "dns_over_https": "DNS-over-HTTPS",
+    "dns_over_tls": "DNS-over-TLS",
     "form_enter_rate_limit": "ป้อนขีดจำกัดอัตรา",
     "rate_limit": "จำกัดอัตรา",
     "edns_enable": "เปิดใช้งานซับเน็ตไคลเอ็นต์ EDNS",
@@ -333,6 +337,7 @@
     "encryption_key_source_content": "วางเนื้อหาคีย์ส่วนตัว",
     "stats_params": "การกำหนดค่าสถิติ",
     "config_successfully_saved": "บันทึกการตั้งค่าเรีบยร้อยแล้ว",
+    "interval_6_hour": "6 ชั่วโมง",
     "interval_24_hour": "24 ชั่วโมง",
     "interval_days": "{{count}} วัน",
     "interval_days_plural": "{{count}} วัน",
@@ -383,5 +388,9 @@
     "form_select_tags": "เลือกแท็กเครื่อง",
     "check_title": "ตรวจสอบการกรอง",
     "check_desc": "ตรวจสอบว่าชื่อโฮสต์ถูกกรอง",
-    "form_enter_host": "ป้อนชื่อโฮสต์"
+    "form_enter_host": "ป้อนชื่อโฮสต์",
+    "show_processed_responses": "การประมวลผล",
+    "safe_search": "ค้นหาอย่างปลอดภัย",
+    "filter_category_other": "อื่น ๆ",
+    "parental_control": "ควบคุมโดยผู้ปกครอง"
 }

client/src/__locales/tr.json

@@ -7,7 +7,7 @@
     "load_balancing": "Yük dengeleme",
     "load_balancing_desc": "Her seferde bir üst sunucuyu sorgulayın. AdGuard Home, sunucuyu seçmek için ağırlıklı rastgele algoritmasını kullanır, böylece en hızlı sunucu daha sık kullanılır.",
     "bootstrap_dns": "DNS Önyükleme sunucuları",
-    "bootstrap_dns_desc": "DNS Önyükleme sunucuları, belirttiğiniz üst sunucuların DoH/DoT çözücülerine ait IP adreslerinin çözülmesi için kullanılır.",
+    "bootstrap_dns_desc": "DNS Önyükleme sunucuları, belirttiğiniz üst sunucuların DoH/DoT çözümleyicilerine ait IP adreslerinin çözümlemek için kullanılır.",
     "local_ptr_title": "Özel ters DNS sunucuları",
     "local_ptr_desc": "AdGuard Home'un yerel PTR sorguları için kullandığı DNS sunucuları. Bu sunucular, rDNS kullanarak \"192.168.12.34\" gibi özel IP adreslerine sahip istemcilerin ana bilgisayar adlarını çözmek için kullanılır. Ayarlanmadığı durumda AdGuard Home, işletim sisteminizin varsayılan DNS çözümleme adreslerini kullanır.",
     "local_ptr_default_resolver": "AdGuard Home, varsayılan olarak aşağıdaki ters DNS çözümleyicilerini kullanır: {{ip}}.",
@@ -36,21 +36,28 @@
     "dhcp_ipv4_settings": "DHCP IPv4 Ayarları",
     "dhcp_ipv6_settings": "DHCP IPv6 Ayarları",
     "form_error_required": "Gerekli alan",
-    "form_error_ip4_format": "Geçersiz IPv4 biçimi",
-    "form_error_ip6_format": "Geçersiz IPv6 biçimi",
-    "form_error_ip_format": "Geçersiz IP biçimi",
-    "form_error_mac_format": "Geçersiz MAC biçimi",
-    "form_error_client_id_format": "Geçersiz istemci kimliği biçimi",
-    "form_error_server_name": "Geçersiz sunucu adı",
+    "form_error_ip4_format": "IPv4 adresi geçersiz",
+    "form_error_ip4_range_start_format": "Başlangıç aralığı IPv4 adresi geçersiz",
+    "form_error_ip4_range_end_format": "Bitiş aralığı IPv4 adresi geçersiz",
+    "form_error_ip4_gateway_format": "Ağ geçidi IPv4 adresi geçersiz",
+    "form_error_ip6_format": "IPv6 adresi geçersiz",
+    "form_error_ip_format": "IP adresi geçersiz",
+    "form_error_mac_format": "MAC adresi geçersiz",
+    "form_error_client_id_format": "İstemci kimliği geçersiz",
+    "form_error_server_name": "Sunucu adı geçersiz",
     "form_error_subnet": "\"{{cidr}}\" alt ağı, \"{{ip}}\" IP adresini içermiyor",
     "form_error_positive": "0'dan büyük olmalıdır",
-    "form_error_negative": "0 veya daha büyük olmalıdır",
-    "range_end_error": "Başlangıç aralığından daha büyük olmalı",
+    "out_of_range_error": "\"{{start}}\"-\"{{end}}\" aralığının dışında olmalıdır",
+    "lower_range_start_error": "Başlangıç aralığından daha düşük olmalıdır",
+    "greater_range_start_error": "Başlangıç aralığından daha büyük olmalıdır",
+    "greater_range_end_error": "Bitiş aralığından daha büyük olmalıdır",
+    "subnet_error": "Adresler bir alt ağda olmalıdır",
+    "gateway_or_subnet_invalid": "Alt ağ maskesi geçersiz",
     "dhcp_form_gateway_input": "Ağ Geçidi IP'si",
     "dhcp_form_subnet_input": "Alt ağ maskesi",
     "dhcp_form_range_title": "IP adresi aralığı",
-    "dhcp_form_range_start": "Aralık başlangıcı",
-    "dhcp_form_range_end": "Aralık sonu",
+    "dhcp_form_range_start": "Başlangıç aralığı",
+    "dhcp_form_range_end": "Bitiş aralığı",
     "dhcp_form_lease_title": "DHCP kira süresi (saniye olarak)",
     "dhcp_form_lease_input": "Kira süresi",
     "dhcp_interface_select": "DHCP arayüzünü seç",
@@ -58,7 +65,7 @@
     "dhcp_ip_addresses": "IP adresleri",
     "ip": "IP",
     "dhcp_table_hostname": "Bilgisayar Adı",
-    "dhcp_table_expires": "Geçerlilik Tarihi",
+    "dhcp_table_expires": "Bitiş tarihi",
     "dhcp_warning": "DHCP sunucusunu yine de etkinleştirmek istiyorsanız, ağınızda başka aktif DHCP sunucusu olmadığından emin olun, aksi takdirde ağa bağlı cihazların İnternet bağlantısı kesilebilir!",
     "dhcp_error": "AdGuard Home, ağda başka bir etkin DHCP sunucusu olup olmadığını belirleyemedi.",
     "dhcp_static_ip_error": "DHCP sunucusunu kullanmak için sabit bir IP adresi ayarlanmalıdır. AdGuard Home, bu ağ arayüzünün sabit bir IP adresi kullanılarak yapılandırılıp yapılandırılmadığını belirleyemedi. Lütfen sabit IP adresini elle ayarlayın.",
@@ -189,10 +196,11 @@
     "choose_allowlist": "İzin listelerini seçin",
     "enter_valid_blocklist": "Engel listesine geçerli bir URL girin.",
     "enter_valid_allowlist": "İzin listesine geçerli bir URL girin.",
-    "form_error_url_format": "Geçersiz URL biçimi",
+    "form_error_url_format": "URL biçimi geçersiz",
     "form_error_url_or_path_format": "Listenin URL adresi veya dosya konumu geçersiz",
     "custom_filter_rules": "Özel filtreleme kuralları",
     "custom_filter_rules_hint": "Her satıra bir kural girin. Reklam engelleme kuralı veya ana bilgisayar dosyası söz dizimi kullanabilirsiniz.",
+    "system_host_files": "Sistem ana bilgisayar dosyaları",
     "examples_title": "Örnekler",
     "example_meaning_filter_block": "example.org alan adına ve tüm alt alan adlarına olan erişimi engeller",
     "example_meaning_filter_whitelist": "example.org alan adına ve tüm alt alan adlarına olan erişim engelini kaldırır",
@@ -316,7 +324,7 @@
     "install_devices_title": "Cihazlarınızı yapılandırın",
     "install_devices_desc": "AdGuard Home'u kullanmaya başlamak için, cihazlarınızı onu kullanacak şekilde yapılandırmanız gerekir.",
     "install_submit_title": "Tebrikler!",
-    "install_submit_desc": "Kurulum işlemi tamamlandı ve artık AdGuard Home'u kullanmaya hazırsınız.",
+    "install_submit_desc": "Yükleme işlemi tamamlandı ve artık AdGuard Home'u kullanmaya hazırsınız.",
     "install_devices_router": "Yönlendirici",
     "install_devices_router_desc": "Bu kurulum, ev yönlendiricinize bağlı tüm cihazları otomatik olarak kapsar ve her birini elle yapılandırmanıza gerek yoktur.",
     "install_devices_address": "AdGuard Home DNS sunucusu şu adresi dinleyecektir",
@@ -466,8 +474,8 @@
     "dns_rewrites": "DNS yeniden yazımları",
     "form_domain": "Alan adı veya joker karakter girin",
     "form_answer": "IP adresi veya alan adı girin",
-    "form_error_domain_format": "Geçersiz alan adı biçimi",
-    "form_error_answer_format": "Geçersiz yanıt biçimi",
+    "form_error_domain_format": "Alan adı biçimi geçersiz",
+    "form_error_answer_format": "Yanıt biçimi geçersiz",
     "configure": "Yapılandır",
     "main_settings": "Ana ayarlar",
     "block_services": "Belirli hizmetleri engelle",
@@ -501,7 +509,7 @@
     "statistics_retention_desc": "Zaman değerini azaltırsanız, bazı veriler kaybolacaktır",
     "statistics_clear": " İstatistikleri temizle",
     "statistics_clear_confirm": "İstatistikleri temizlemek istediğinizden emin misiniz?",
-    "statistics_retention_confirm": "İstatistik saklama süresini değiştirmek istediğinizden emin misiniz? Zaman değerini azaltırsanız, bazı veriler kaybolacaktır",
+    "statistics_retention_confirm": "İstatistik saklama süresini değiştirmek istediğinizden emin misiniz? Aralık değerini azaltırsanız, bazı veriler kaybolacaktır",
     "statistics_cleared": "İstatistikler başarıyla temizlendi",
     "statistics_enable": "İstatistikleri etkinleştir",
     "interval_hours": "{{count}} saat",
@@ -576,13 +584,13 @@
     "dnssec_enable_desc": "Giden DNS sorguları için DNSSEC özelliğini etkinleştir ve sonucu kontrol et (DNSSEC özellikli çözümleyici gerekli).",
     "validated_with_dnssec": "DNSSEC ile doğrulandı",
     "all_queries": "Tüm sorgular",
-    "show_blocked_responses": "Engellendi",
+    "show_blocked_responses": "Engellenen",
     "show_whitelisted_responses": "İzin verilen",
-    "show_processed_responses": "İşlendi",
+    "show_processed_responses": "İşlenen",
     "blocked_safebrowsing": "Güvenli gezinti tarafından engellendi",
     "blocked_adult_websites": "Engellenen yetişkin içerikli siteler",
     "blocked_threats": "Engellenen tehditler",
-    "allowed": "İzin verildi",
+    "allowed": "İzin verilen",
     "filtered": "Filtrelenen",
     "rewritten": "Yeniden yazılan",
     "safe_search": "Güvenli arama",
@@ -590,8 +598,8 @@
     "milliseconds_abbreviation": "ms",
     "cache_size": "Önbellek boyutu",
     "cache_size_desc": "DNS önbellek boyutu (bayt cinsinden)",
-    "cache_ttl_min_override": "Minimum TTL'yi değiştir",
-    "cache_ttl_max_override": "Maksimum TTL'yi değiştir",
+    "cache_ttl_min_override": "Minimum TTL'i değiştir",
+    "cache_ttl_max_override": "Maksimum TTL'i değiştir",
     "enter_cache_size": "Önbellek boyutunu girin (bayt)",
     "enter_cache_ttl_min_override": "Minimum TTL değerini girin (saniye)",
     "enter_cache_ttl_max_override": "Maksimum TTL değerini girin (saniye)",
@@ -616,5 +624,7 @@
     "filter_allowlist": "UYARI: Bu işlem ayrıca \"{{disallowed_rule}}\" kuralını izin verilen istemciler listesinden hariç tutacaktır.",
     "last_rule_in_allowlist": "\"{{disallowed_rule}}\" kuralı hariç tutulduğunda \"İzin verilen istemciler\" listesi DEVRE DIŞI bırakılacağı için bu istemciye izin verilemez.",
     "experimental": "Deneysel",
-    "use_saved_key": "Önceden kaydedilmiş anahtarı kullan"
+    "use_saved_key": "Önceden kaydedilmiş anahtarı kullan",
+    "parental_control": "Ebeveyn denetimi",
+    "safe_browsing": "Güvenli gezinti"
 }

client/src/__locales/uk.json

@@ -0,0 +1,631 @@
+{
+    "client_settings": "Налаштування клієнта",
+    "example_upstream_reserved": "Ви можете вказати DNS-сервер <0>для певних доменів</0>",
+    "example_upstream_comment": "Ви можете вказати коментар",
+    "upstream_parallel": "Використовувати паралельні запити, щоб пришвидшити вирішення одночасною чергою всіх оригінальних серверів.",
+    "parallel_requests": "Паралельні запити",
+    "load_balancing": "Балансування навантаження",
+    "load_balancing_desc": "Запитувати один сервер за раз. AdGuard Home використовуватиме зважений випадковий алгоритм для вибору сервера, щоб найшвидший сервер використовувався частіше.",
+    "bootstrap_dns": "Bootstrap DNS-сервери",
+    "bootstrap_dns_desc": "Bootstrap DNS-сервери використовуються для пошуку IP-адреси DoH/DoT серверів, які ви встановили.",
+    "local_ptr_title": "Приватні сервери для зворотного DNS",
+    "local_ptr_desc": "DNS-сервери, які AdGuard Home використовує для локальних PTR-запитів. Ці сервери, використовуючи rDNS, використовуються для отримання доменних імен клієнтів у приватних мережах, наприклад, «192.168.12.34». Якщо список порожній, буде використовуватись системний DNS-сервер.",
+    "local_ptr_default_resolver": "AdGuard Home усталено використовує такі зворотні DNS-резолвери: {{ip}}.",
+    "local_ptr_no_default_resolver": "AdGuard Home не зміг визначити приватні реверсивні DNS-резолвери, що були б придатними для цієї системи.",
+    "local_ptr_placeholder": "Вводьте одну адресу на рядок",
+    "resolve_clients_title": "Увімкнути запитування доменних імен для IP-адрес клієнтів",
+    "resolve_clients_desc": "Визначати доменні імена клієнтів за допомогою PTR-запитів до відповідних серверів — приватних DNS-серверів для локальних клієнтів та upstream-серверів для клієнтів з публічними IP-адресами.",
+    "use_private_ptr_resolvers_title": "Використовувати приватні зворотні DNS-резолвери",
+    "use_private_ptr_resolvers_desc": "Надсилати зворотні DNS-запити до вказаних серверів для клієнтів, що обслуговуються локально. Якщо вимкнено, AdGuard Home буде відповідати NXDOMAIN на всі такі PTR-запити, окрім запитів про клієнтів, що уже відомі по DHCP, /etc/hosts тощо.",
+    "check_dhcp_servers": "Перевірити DHCP-сервери",
+    "save_config": "Зберегти конфігурацію",
+    "enabled_dhcp": "DHCP-сервер увімкнено",
+    "disabled_dhcp": "DHCP-сервер вимкнено",
+    "unavailable_dhcp": "DHCP недоступний",
+    "unavailable_dhcp_desc": "AdGuard Home не може запустити DHCP-сервер у вашій ОС",
+    "dhcp_title": "DHCP-сервер (експериментальний!)",
+    "dhcp_description": "Якщо ваш роутер не пропонує налаштування DHCP, ви можете використати власний вбудований DHCP-сервер AdGuard.",
+    "dhcp_enable": "Увімкнути DHCP-сервер",
+    "dhcp_disable": "Вимкнути DHCP-сервер",
+    "dhcp_not_found": "Можна безпечно увімкнути вбудований DHCP-сервер — ми не знайшли жодного активного DHCP-сервера в мережі. Однак, ми радимо вам ще раз перевірити вручну, тому що наш автоматичний тест наразі не дає 100% гарантії.",
+    "dhcp_found": "Не знайдено DHCP-сервера в мережі. Вмикати вбудований DHCP-сервер небезпечно.",
+    "dhcp_leases": "Оренда DHCP",
+    "dhcp_static_leases": "Статичні оренди DHCP",
+    "dhcp_leases_not_found": "Оренду DHCP не знайдено",
+    "dhcp_config_saved": "Конфігурацію DHCP-сервера успішно збережено",
+    "dhcp_ipv4_settings": "Налаштування DHCP IPv4",
+    "dhcp_ipv6_settings": "Налаштування DHCP IPv6",
+    "form_error_required": "Обов'язкове поле",
+    "form_error_ip4_format": "Неправильна IPv4-адреса",
+    "form_error_ip4_range_start_format": "Неправильна IPv4-адреса для початку діапазону",
+    "form_error_ip4_range_end_format": "Неправильна IPv4-адреса для кінця діапазону",
+    "form_error_ip4_gateway_format": "Неправильна IPv4-адреса для шлюзу",
+    "form_error_ip6_format": "Неправильна IPv6-адреса",
+    "form_error_ip_format": "Неправильна IP-адреса",
+    "form_error_mac_format": "Неправильна MAC-адреса",
+    "form_error_client_id_format": "Неправильний ID клієнта",
+    "form_error_server_name": "Неправильна назва сервера",
+    "form_error_subnet": "Підмережа «{{cidr}}» не містить IP-адресу «{{ip}}»",
+    "form_error_positive": "Повинно бути більше 0",
+    "out_of_range_error": "Не повинна бути в діапазоні «{{start}}»−«{{end}}»",
+    "lower_range_start_error": "Має бути меншим за початкову адресу",
+    "greater_range_start_error": "Має бути більшим за початкову адресу",
+    "greater_range_end_error": "Має бути більшим за кінцеву адресу",
+    "subnet_error": "Адреси повинні бути в одній підмережі",
+    "gateway_or_subnet_invalid": "Неправильна маска підмережі",
+    "dhcp_form_gateway_input": "IP-адреса шлюзу",
+    "dhcp_form_subnet_input": "Маска підмережі",
+    "dhcp_form_range_title": "Діапазон IP-адрес",
+    "dhcp_form_range_start": "Початок діапазону",
+    "dhcp_form_range_end": "Кінець діапазону",
+    "dhcp_form_lease_title": "Час оренди DHCP (в секундах)",
+    "dhcp_form_lease_input": "Тривалість оренди",
+    "dhcp_interface_select": "Оберіть інтерфейс DHCP",
+    "dhcp_hardware_address": "Апаратна адреса",
+    "dhcp_ip_addresses": "IP-адреси",
+    "ip": "IP",
+    "dhcp_table_hostname": "Назва вузла",
+    "dhcp_table_expires": "Термін дії",
+    "dhcp_warning": "Якщо ви однаково хочете увімкнути DHCP-сервер, переконайтеся, що у вашій мережі немає інших активних DHCP-серверів. Інакше, це може порушити роботу інтернету на під'єднаних пристроях!",
+    "dhcp_error": "Не вдалося визначити, чи є в мережі інший DHCP-сервер.",
+    "dhcp_static_ip_error": "Для використання DHCP-сервера необхідно встановити статичну IP-адресу. Нам не вдалося визначити, чи цей мережевий інтерфейс налаштовано для використання статичної IP-адреси. Встановіть статичну IP-адресу вручну.",
+    "dhcp_dynamic_ip_found": "Ваша система використовує конфігурацію з динамічною IP-адресою для інтерфейсу <0>{{interfaceName}}</0>. Для використання DHCP-сервера необхідно встановити статичну IP-адресу. Ваша поточна IP-адреса <0>{{ipAddress}}</0>. Ми автоматично встановимо цю IP-адресу як статичну, якщо ви натиснете кнопку «Увімкнути DHCP-сервер».",
+    "dhcp_lease_added": "Статичну оренду «{{key}}» успішно додано",
+    "dhcp_lease_deleted": "Статичну оренду «{{key}}» успішно видалено",
+    "dhcp_new_static_lease": "Нова статична оренда",
+    "dhcp_static_leases_not_found": "Не знайдено статичних оренд DHCP",
+    "dhcp_add_static_lease": "Додати статичну оренду",
+    "dhcp_reset_leases": "Скинути всі аренди",
+    "dhcp_reset_leases_confirm": "Ви дійсно хочете скинути усі аренди?",
+    "dhcp_reset_leases_success": "Аренди DHCP успішно скинуто",
+    "dhcp_reset": "Ви дійсно хочете скинути DHCP-конфігурацію?",
+    "country": "Країна",
+    "city": "Місто",
+    "delete_confirm": "Ви дійсно хочете видалити «{{key}}»?",
+    "form_enter_hostname": "Введіть назву вузла",
+    "error_details": "Подробиці помилки",
+    "response_details": "Деталі відповіді",
+    "request_details": "Деталі запиту",
+    "client_details": "Подробиці про клієнта",
+    "details": "Подробиці",
+    "back": "Назад",
+    "dashboard": "Панель керування",
+    "settings": "Налаштування",
+    "filters": "Фільтри",
+    "filter": "Фільтр",
+    "query_log": "Журнал запитів",
+    "compact": "Стисло",
+    "nothing_found": "Нічого не знайдено...",
+    "faq": "Часті питання",
+    "version": "Версія",
+    "address": "Адреса",
+    "protocol": "Протокол",
+    "on": "УВІМК",
+    "off": "ВИМК",
+    "copyright": "Авторське право",
+    "homepage": "Домашня сторінка",
+    "report_an_issue": "Повідомити про проблему",
+    "privacy_policy": "Політика приватності",
+    "enable_protection": "Увімкнути захист",
+    "enabled_protection": "Захист увімкнено",
+    "disable_protection": "Вимкнути захист",
+    "disabled_protection": "Захист вимкнено",
+    "refresh_statics": "Оновити статистику",
+    "dns_query": "DNS-запити",
+    "blocked_by": "<0>Заблоковано фільтрами</0>",
+    "stats_malware_phishing": "Заблоковано зловмисних/шахрайських програм",
+    "stats_adult": "Заблоковано вебсайтів для дорослих",
+    "stats_query_domain": "Найчастіші запити доменів",
+    "for_last_24_hours": "за останні 24 години",
+    "for_last_days": "за останній день",
+    "for_last_days_plural": "за останні {{count}} днів",
+    "stats_disabled": "Статистику вимкнено. Ви можете увімкнути її на <0>сторінці налаштувань</0>.",
+    "stats_disabled_short": "Статистику вимкнено",
+    "no_domains_found": "Доменів не знайдено",
+    "requests_count": "Кількість запитів",
+    "top_blocked_domains": "Найчастіше блоковані домени",
+    "top_clients": "Найактивніші клієнти",
+    "no_clients_found": "Клієнтів не знайдено",
+    "general_statistics": "Загальна статистика",
+    "number_of_dns_query_days": "Кількість DNS-запитів, оброблених за останні {{count}} дні",
+    "number_of_dns_query_days_plural": "Кількість DNS-запитів, оброблених за останні {{count}} днів",
+    "number_of_dns_query_24_hours": "Кількість DNS-запитів, оброблених за останні 24 години",
+    "number_of_dns_query_blocked_24_hours": "Кількість DNS-запитів, заблокованих фільтрами і списками блокування hosts",
+    "number_of_dns_query_blocked_24_hours_by_sec": "Кількість DNS-запитів, заблокованих модулем безпеки перегляду AdGuard",
+    "number_of_dns_query_blocked_24_hours_adult": "Кількість заблокованих вебсайтів для дорослих",
+    "enforced_save_search": "Примусовий безпечний пошук",
+    "number_of_dns_query_to_safe_search": "Кількість DNS-запитів до пошукових систем, для яких примусово застосований безпечний пошук",
+    "average_processing_time": "Середній час обробки",
+    "average_processing_time_hint": "Середній час обробки DNS запиту в мілісекундах",
+    "block_domain_use_filters_and_hosts": "Блокувати домени з використанням фільтрів та hosts-файлів",
+    "filters_block_toggle_hint": "Ви можете налаштувати правила блокування в розділі <a>Фільтри</a>.",
+    "use_adguard_browsing_sec": "Використовувати веб-службу безпечного перегляду AdGuard",
+    "use_adguard_browsing_sec_hint": "AdGuard Home перевірятиме, чи додано домен до списку веб-служби безпечного перегляду браузера. Він використовуватиме API для перевірки — на сервер надсилається лише короткий префікс хешу SHA256 доменного імені.",
+    "use_adguard_parental": "Використовувати вебсервіс Батьківського контролю AdGuard",
+    "use_adguard_parental_hint": "AdGuard Home перевірятиме, чи домен містить матеріали для дорослих. Він використовує той самий орієнтований на приватність API, що й веб-служба безпечного перегляду.",
+    "enforce_safe_search": "Використовувати безпечний пошук",
+    "enforce_save_search_hint": "AdGuard Home може примусово застосовувати безпечний пошук в таких пошукових системах: Google, YouTube, Bing, DuckDuckGo, Yandex, Pixabay.",
+    "no_servers_specified": "Не вказано сервери",
+    "general_settings": "Загальні налаштування",
+    "dns_settings": "Налаштування DNS",
+    "dns_blocklists": "Список блокування DNS",
+    "dns_allowlists": "Списки дозволів DNS",
+    "dns_blocklists_desc": "AdGuard Home блокуватиме домени зі списків блокування.",
+    "dns_allowlists_desc": "Домени зі списків дозволів DNS будуть дозволятися, навіть якщо вони знаходяться в будь-якому зі списків блокування.",
+    "custom_filtering_rules": "Власні правила фільтрування",
+    "encryption_settings": "Налаштування шифрування",
+    "dhcp_settings": "Налаштування DHCP",
+    "upstream_dns": "Upstream DNS-сервери",
+    "upstream_dns_help": "Введіть адреси серверів по одній на рядок. <a>Докладніше</a> про налаштування DNS-серверів.",
+    "upstream_dns_configured_in_file": "Налаштовано в {{path}}",
+    "test_upstream_btn": "Тест upstream серверів",
+    "upstreams": "Upstreams",
+    "apply_btn": "Застосувати",
+    "disabled_filtering_toast": "Фільтрування вимкнено",
+    "enabled_filtering_toast": "Фільтрування увімкнено",
+    "disabled_safe_browsing_toast": "Безпечний перегляд вимкнено",
+    "enabled_safe_browsing_toast": "Безпечний перегляд увімкнено",
+    "disabled_parental_toast": "Батьківський контроль вимкнено",
+    "enabled_parental_toast": "Батьківський контроль увімкнено",
+    "disabled_safe_search_toast": "Безпечний пошук вимкнено",
+    "enabled_save_search_toast": "Безпечний пошук увімкнено",
+    "enabled_table_header": "Увімкнено",
+    "name_table_header": "Назва",
+    "list_url_table_header": "URL списку",
+    "rules_count_table_header": "Кількість правил",
+    "last_time_updated_table_header": "Востаннє оновлено",
+    "actions_table_header": "Дії",
+    "request_table_header": "Запит",
+    "edit_table_action": "Редагувати",
+    "delete_table_action": "Видалити",
+    "elapsed": "Витрачений час",
+    "filters_and_hosts_hint": "AdGuard Home розуміє основні правила блокування і синтаксис файлів hosts.",
+    "no_blocklist_added": "Списків блокування не додано",
+    "no_whitelist_added": "Списків дозволів не додано",
+    "add_blocklist": "Додати список блокування",
+    "add_allowlist": "Додати список дозволів",
+    "cancel_btn": "Скасувати",
+    "enter_name_hint": "Введіть назву",
+    "enter_url_or_path_hint": "Уведіть URL-адресу чи абсолютний шлях до списку",
+    "check_updates_btn": "Перевірити оновлення",
+    "new_blocklist": "Новий список блокування",
+    "new_allowlist": "Новий список дозволів",
+    "edit_blocklist": "Змінити список блокування",
+    "edit_allowlist": "Змінити список дозволів",
+    "choose_blocklist": "Виберіть списки блокування",
+    "choose_allowlist": "Обрати списки дозволених сайтів",
+    "enter_valid_blocklist": "Введіть дійсну URL-адресу в список блокування.",
+    "enter_valid_allowlist": "Введіть дійсну URL-адресу в список дозволів.",
+    "form_error_url_format": "Неправильний формат URL",
+    "form_error_url_or_path_format": "Помилкова URL-адреса чи абсолютний шлях до списку",
+    "custom_filter_rules": "Власні правила фільтрування",
+    "custom_filter_rules_hint": "Вводьте одне правило на рядок. Ви можете використовувати правила блокування чи синтаксис файлів hosts.",
+    "system_host_files": "Системні hosts-файли",
+    "examples_title": "Зразки",
+    "example_meaning_filter_block": "блокує доступ до домену example.org та всіх його піддоменів",
+    "example_meaning_filter_whitelist": "розблоковує доступ до домену example.org та всіх його піддоменів",
+    "example_meaning_host_block": "AdGuard Home повертатиме адресу 127.0.0.1 для домену example.org (але не його піддоменів).",
+    "example_comment": "! Так можна додавати коментар",
+    "example_comment_meaning": "просто коментар",
+    "example_comment_hash": "# Це також коментар",
+    "example_regex_meaning": "блокує доступ до доменів, що відповідають вказаному звичайному виразу",
+    "example_upstream_regular": "звичайний DNS (через UDP)",
+    "example_upstream_dot": "зашифрований <0>DNS-over-TLS</0>",
+    "example_upstream_doh": "зашифрований <0>DNS-over-HTTPS</0>",
+    "example_upstream_doq": "зашифрований <0>DNS-over-QUIC</0>",
+    "example_upstream_sdns": "ви можете використовувати <0>DNS Stamps</0> для вирішення <1>DNSCrypt</1> або <2>DNS-over-HTTPS</2>",
+    "example_upstream_tcp": "звичайний DNS (через TCP)",
+    "all_lists_up_to_date_toast": "Всі списки вже оновлені",
+    "updated_upstream_dns_toast": "DNS-сервери оновлено",
+    "dns_test_ok_toast": "Вказані DNS сервери працюють правильно",
+    "dns_test_not_ok_toast": "Сервер «{{key}}»: неможливо використати. Перевірте правильність введення",
+    "unblock": "Дозволити",
+    "block": "Заборонити",
+    "disallow_this_client": "Заборонити цього клієнта",
+    "allow_this_client": "Дозволити цей клієнт",
+    "block_for_this_client_only": "Заборонити тільки цей клієнт",
+    "unblock_for_this_client_only": "Дозволити тільки цей клієнт",
+    "time_table_header": "Час",
+    "date": "Дата",
+    "domain_name_table_header": "Назва домену",
+    "domain_or_client": "Домен чи клієнт",
+    "type_table_header": "Тип",
+    "response_table_header": "Відповідь",
+    "response_code": "Код відповіді",
+    "client_table_header": "Клієнт",
+    "empty_response_status": "Порожньо",
+    "show_all_filter_type": "Показати все",
+    "show_filtered_type": "Показати фільтровані",
+    "no_logs_found": "Немає записів",
+    "refresh_btn": "Оновити",
+    "previous_btn": "Назад",
+    "next_btn": "Далі",
+    "loading_table_status": "Завантаження...",
+    "page_table_footer_text": "Сторінка",
+    "rows_table_footer_text": "рядків",
+    "updated_custom_filtering_toast": "Власні правила фільтрування збережено",
+    "rule_removed_from_custom_filtering_toast": "Правило вилучено з власних правил фільтрування: {{rule}}",
+    "rule_added_to_custom_filtering_toast": "Правило додано до власних правил фільтрування: {{rule}}",
+    "query_log_response_status": "Стан: {{value}}",
+    "query_log_filtered": "Фільтровано з {{filter}}",
+    "query_log_confirm_clear": "Ви впевнені, що хочете цілком очистити журнал запитів?",
+    "query_log_cleared": "Журнал запитів успішно очищено",
+    "query_log_updated": "Журнал запитів успішно оновлено",
+    "query_log_clear": "Очистити журнал запитів",
+    "query_log_retention": "Час зберігання журналу",
+    "query_log_enable": "Увімкнути журнал",
+    "query_log_configuration": "Конфігурація журналу",
+    "query_log_disabled": "Журнал запитів вимкнений. Конфігурацію можна змінити в <0>налаштуваннях</0>",
+    "query_log_strict_search": "Використовуйте подвійні лапки для точного пошуку",
+    "query_log_retention_confirm": "Ви дійсно хочете змінити час зберігання журналу? Якщо ви зменшите значення, деякі дані будуть втрачені",
+    "anonymize_client_ip": "Анонімізація IP-адреси клієнта",
+    "anonymize_client_ip_desc": "Не зберігайте повну IP-адресу клієнта в журналах і статистиці",
+    "dns_config": "Конфігурація DNS-сервера",
+    "dns_cache_config": "Конфігурація кешу DNS",
+    "dns_cache_config_desc": "Тут ви можете налаштувати кеш DNS",
+    "blocking_mode": "Режим блокування",
+    "default": "Типовий",
+    "nxdomain": "NXDOMAIN",
+    "refused": "REFUSED",
+    "null_ip": "Нульовий IP",
+    "custom_ip": "Власний IP",
+    "blocking_ipv4": "Блокування IPv4",
+    "blocking_ipv6": "Блокування IPv6",
+    "dnscrypt": "DNSCrypt",
+    "dns_over_https": "DNS-over-HTTPS",
+    "dns_over_tls": "DNS-over-TLS",
+    "dns_over_quic": "DNS-over-QUIC",
+    "client_id": "Ідентифікатор клієнта",
+    "client_id_placeholder": "Введіть ідентифікатор клієнта",
+    "client_id_desc": "Різні клієнти можуть бути розпізнані завдяки спеціальному ідентифікатору. <a>Докладніше про ідентифікацію клієнтів</a>.",
+    "download_mobileconfig_doh": "Завантажити .mobileconfig для DNS-over-HTTPS",
+    "download_mobileconfig_dot": "Завантажити .mobileconfig для DNS-over-TLS",
+    "download_mobileconfig": "Завантажити файл конфігурації",
+    "plain_dns": "Звичайний DNS",
+    "form_enter_rate_limit": "Уведіть обмеження швидкості",
+    "rate_limit": "Обмеження швидкості",
+    "edns_enable": "Увімкнути відправку EDNS Client Subnet",
+    "edns_cs_desc": "Надсилати підмережі клієнтів на DNS-сервери.",
+    "rate_limit_desc": "Кількість запитів в секунду, які може робити один клієнт. Встановлене значення «0» означатиме необмежену кількість.",
+    "blocking_ipv4_desc": "IP-адреса, яку потрібно видати для заблокованого A запиту",
+    "blocking_ipv6_desc": "IP-адреса, яку потрібно видати для заблокованого АААА запиту",
+    "blocking_mode_default": "Усталено: відповідь із нульовою IP-адресою (0.0.0.0 для A; :: для AAAA), якщо заблоковано правилом у Adblock-стилі; відповідь зазначеною у правилі IP-адресою, якщо заблокувано правилом у hosts-стилі",
+    "blocking_mode_refused": "ВІДМОВЛЕНО: Відповісти з кодом ВІДМОВЛЕНО",
+    "blocking_mode_nxdomain": "NXDOMAIN: Відповісти з кодом NXDOMAIN",
+    "blocking_mode_null_ip": "Нульовий IP: Відповісти з нульовою IP-адресою (0.0.0.0 для A; :: для AAAA)",
+    "blocking_mode_custom_ip": "Спеціальна IP-адреса: Відповісти із вручну встановленою IP-адресою",
+    "upstream_dns_client_desc": "Якщо це поле залишатиметься порожнім, AdGuard Home використовуватиме сервери, вказані в <0>налаштуваннях DNS</0>.",
+    "tracker_source": "Джерело відстежувача",
+    "source_label": "Джерело",
+    "found_in_known_domain_db": "Знайдений у базі даних відомих доменів.",
+    "category_label": "Категорія",
+    "rule_label": "Правило(-а)",
+    "list_label": "Список",
+    "unknown_filter": "Невідомий фільтр {{filterId}}",
+    "known_tracker": "Відомі трекери",
+    "install_welcome_title": "Вітаємо в AdGuard Home!",
+    "install_welcome_desc": "AdGuard Home — це мережевий DNS-сервер, що блокує рекламу та відстеження. Його мета — надати вам контроль над усією мережею та всіма пристроями в ній без потреби використання програми на стороні клієнта.",
+    "install_settings_title": "Веб-інтерфейс адміністратора",
+    "install_settings_listen": "Мережевий інтерфейс",
+    "install_settings_port": "Порт",
+    "install_settings_interface_link": "Веб-інтерфейс адміністратора AdGuard Home буде доступний за такими адресами:",
+    "form_error_port": "Уведіть правильне значення порту",
+    "install_settings_dns": "DNS-сервер",
+    "install_settings_dns_desc": "Вам потрібно буде налаштувати свої пристрої або маршрутизатор для використання DNS-сервера за такими адресами:",
+    "install_settings_all_interfaces": "Усі інтерфейси",
+    "install_auth_title": "Авторизація",
+    "install_auth_desc": "Необходно налаштувати автентифікацію паролем для вебінтерфейсу AdGuard Home. Навіть якщо він доступний лише у вашій локальній мережі, важливо захистити його від необмеженого доступу.\n\nДолжна быть настроена аутентификация паролем для веб-интерфейса AdGuard Home. Даже если он доступен только в вашей локальной сети, важно защитить его от неограниченного доступа.",
+    "install_auth_username": "Ім'я користувача",
+    "install_auth_password": "Пароль",
+    "install_auth_confirm": "Підтвердьте пароль",
+    "install_auth_username_enter": "Уведіть ім'я користувача",
+    "install_auth_password_enter": "Введіть пароль",
+    "install_step": "Крок",
+    "install_devices_title": "Налаштуйте ваші пристрої",
+    "install_devices_desc": "Щоби розпочати використовувати AdGuard Home, вам потрібно налаштувати ваші пристої для його використання.",
+    "install_submit_title": "Вітаємо!",
+    "install_submit_desc": "Процедура налаштування завершена і тепер все готово, аби почати користуватися AdGuard Home.",
+    "install_devices_router": "Роутер",
+    "install_devices_router_desc": "Це налаштування буде автоматично охоплювати всі пристрої, що під'єднано до домашнього маршрутизатора. Вам не потрібно буде налаштовувати кожен з них вручну.",
+    "install_devices_address": "DNS-сервер AdGuard Home прослуховує наступні адреси",
+    "install_devices_router_list_1": "Відкрийте налаштування маршрутизатора. Зазвичай ви можете отримати до нього доступ із браузера за допомогою URL-адреси, наприклад, http://192.168.0.1/ або http://192.168.1.1/. Можливо, треба буде ввести пароль. Якщо ви його не знаєте, часто можна скинути пароль, натиснувши кнопку на самому маршрутизаторі. Для деяких маршрутизаторів потрібна спеціальна програма, яка в такому випадку повинна бути вже встановлена на вашому комп’ютері чи телефоні.",
+    "install_devices_router_list_2": "Знайдіть налаштування DHCP/DNS. Шукайте літери DNS поруч із полем, в яке можна ввести два або три набори чисел, кожен з яких розбитий на чотири групи від однієї до трьох цифр.",
+    "install_devices_router_list_3": "Введіть туди адреси вашого домашнього сервера AdGuard.",
+    "install_devices_router_list_4": "Ви не можете встановити власний DNS-сервер на деяких типах маршрутизаторів. У цьому разі вам може допомогти налаштування AdGuard Home в якості <0>DHCP-сервера</0>. В іншому разі вам потрібно знайти інструкцію щодо налаштування DNS-сервера для вашої конкретної моделі маршрутизатора.",
+    "install_devices_windows_list_1": "Відкрийте Панель керування через меню «Пуск» або пошук Windows.",
+    "install_devices_windows_list_2": "Перейдіть до категорії Мережа й Інтернет, а потім до Центру мереж і спільного доступу.",
+    "install_devices_windows_list_3": "У лівій частині екрана знайдіть текст «Змінити настройки адаптера» та натисніть на нього.",
+    "install_devices_windows_list_4": "Виберіть своє активне з'єднання, клацніть на ньому правою кнопкою миші та виберіть Властивості.",
+    "install_devices_windows_list_5": "Знайдіть у списку пункт «Internet Protocol Version 4 (TCP/IPv4)» або «Internet Protocol Version 6 (TCP/IPv6)», виберіть його та натисніть кнопку Властивості ще раз.",
+    "install_devices_windows_list_6": "Виберіть «Використовувати наступні адреси DNS-серверів» та введіть адреси вашого сервера AdGuard Home.",
+    "install_devices_macos_list_1": "Клацніть на піктограму Apple і перейдіть до Системних налаштувань.",
+    "install_devices_macos_list_2": "Клацніть на Мережа.",
+    "install_devices_macos_list_3": "Виберіть перше з'єднання зі списку та натисніть кнопку Додатково.",
+    "install_devices_macos_list_4": "Виберіть вкладку DNS і введіть адреси сервера AdGuard Home.",
+    "install_devices_android_list_1": "На головному екрані меню Android торкніться Налаштування.",
+    "install_devices_android_list_2": "У меню торкніться Wi-Fi. З'явиться екран із переліком усіх доступних мереж (неможливо встановити власний DNS для мобільного з'єднання).",
+    "install_devices_android_list_3": "Довго натисніть на мережу, до якої ви приєднані, та торкніться «Змінити мережу».",
+    "install_devices_android_list_4": "На деяких пристроях вам може знадобитися встановити прапорець Додатково, щоб побачити подальші налаштування. Щоб відредагувати налаштування DNS для Android, вам потрібно буде переключити налаштування IP з DHCP на статичні.",
+    "install_devices_android_list_5": "Змініть встановлені значення DNS 1 і DNS 2 на адреси вашого домашнього сервера AdGuard.",
+    "install_devices_ios_list_1": "На головному екрані торкніться Налаштування.",
+    "install_devices_ios_list_2": "Виберіть Wi-Fi у меню ліворуч (неможливо налаштувати DNS для мобільних мереж).",
+    "install_devices_ios_list_3": "Натисніть на назву поточно активної мережі.",
+    "install_devices_ios_list_4": "У полі DNS введіть адреси вашого сервера AdGuard Home.",
+    "get_started": "Розпочати",
+    "next": "Наступні",
+    "open_dashboard": "Відкрити інформаційну панель",
+    "install_saved": "Збережено успішно",
+    "encryption_title": "Шифрування",
+    "encryption_desc": "Підтримка шифрування (HTTPS/TLS) як для DNS так і для веб-інтерфейсу адміністратора",
+    "encryption_config_saved": "Конфігурацію шифрування збережено",
+    "encryption_server": "Назва сервера",
+    "encryption_server_enter": "Введіть ваше доменне ім'я",
+    "encryption_server_desc": "Для використання HTTPS вам потрібно ввести назву сервера, який відповідає вашому SSL-сертифікату або сертифікату з підтримкою піддоменів. Якщо значення не вказано, то сервер буде приймати TLS-з'єднання для будь-якого домену.",
+    "encryption_redirect": "Автоматично перенаправляти на HTTPS",
+    "encryption_redirect_desc": "Якщо встановлено, AdGuard Home автоматично перенаправить вас з HTTP на адреси HTTPS.",
+    "encryption_https": "Порт HTTPS",
+    "encryption_https_desc": "Якщо HTTPS-порт налаштовано, інтерфейс адміністратора AdGuard Home буде доступний через HTTPS, а також DNS-over-HTTPS-сервер буде доступний за адресою /dns-query.",
+    "encryption_dot": "Порт DNS-over-TLS",
+    "encryption_dot_desc": "Якщо цей порт налаштовано, AdGuard Home запустить на цьому порту сервер DNS-over-TLS.",
+    "encryption_doq": "Порт DNS-over-QUIC",
+    "encryption_doq_desc": "Якщо цей порт налаштовано, AdGuard Home запустить на цьому порту сервер DNS-over-QUIC. Це експериментально і може бути ненадійним. Крім того, зараз не так багато клієнтів, які це підтримують.",
+    "encryption_certificates": "Сертифікати",
+    "encryption_certificates_desc": "Для використання шифрування потрібно надати дійсний ланцюжок сертифікатів SSL для вашого домену. Ви можете отримати безкоштовний сертифікат на <0>{{link}}</0> або придбати його в одному з надійних Центрів Сертифікації.",
+    "encryption_certificates_input": "Скопіюйте/вставте сюди свої кодовані PEM сертифікати.",
+    "encryption_status": "Статус",
+    "encryption_expire": "Закічнується",
+    "encryption_key": "Приватний ключ",
+    "encryption_key_input": "Скопіюйте/вставте сюди свій приватний ключ кодований PEM для вашого сертифіката.",
+    "encryption_enable": "Увімкнути шифрування (HTTPS, DNS-over-HTTPS і DNS-over-TLS)",
+    "encryption_enable_desc": "Якщо ввімкнено шифрування, інтерфейс адміністратора AdGuard Home буде працювати через HTTPS, а DNS-сервер буде прослуховувати запити через DNS-over-HTTPS і DNS-over-TLS.",
+    "encryption_chain_valid": "Ланцюжок сертифікатів дійсний",
+    "encryption_chain_invalid": "Ланцюжок сертифікатів не дійсний",
+    "encryption_key_valid": "Це дійсний приватний ключ {{type}}",
+    "encryption_key_invalid": "Це недійсний приватний ключ {{type}}",
+    "encryption_subject": "Обє'кт",
+    "encryption_issuer": "Видавець",
+    "encryption_hostnames": "Назви вузлів",
+    "encryption_reset": "Ви впевнені, що хочете скинути налаштування шифрування?",
+    "topline_expiring_certificate": "Ваш сертифікат SSL скоро закінчиться. Оновіть <0>Налаштування шифрування</0>.",
+    "topline_expired_certificate": "Термін дії вашого сертифіката SSL закінчився. Оновіть <0>Налаштування шифрування</0>.",
+    "form_error_port_range": "Введіть значення порту в діапазоні 80−65535",
+    "form_error_port_unsafe": "Це небезпечний порт",
+    "form_error_equal": "Мають бути різні значення",
+    "form_error_password": "Пароль не співпадає",
+    "reset_settings": "Скинути налаштування",
+    "update_announcement": "AdGuard Home {{version}} тепер доступний! <0>Докладніше</0>.",
+    "setup_guide": "Посібник з налаштування",
+    "dns_addresses": "DNS-адреси",
+    "dns_start": "DNS-сервер запускається",
+    "dns_status_error": "Помилка перевірки стану сервера DNS",
+    "down": "Недоступний",
+    "fix": "Виправити",
+    "dns_providers": "<0>Список відомих DNS-провайдерів</0> на вибір.",
+    "update_now": "Оновити зараз",
+    "update_failed": "Помилка автоматичного оновлення. Будь ласка, <a>виконайте ці кроки</a> аби оновити вручну.",
+    "processing_update": "Зачекайте будь ласка, AdGuard Home оновлюється",
+    "clients_title": "Клієнти",
+    "clients_desc": "Налаштуйте пристрої, під'єднані до AdGuard Home",
+    "settings_global": "Загальні",
+    "settings_custom": "Власні",
+    "table_client": "Клієнт",
+    "table_name": "Назва",
+    "save_btn": "Зберегти",
+    "client_add": "Додати Клієнта",
+    "client_new": "Новий Клієнт",
+    "client_edit": "Редагувати Клієнта",
+    "client_identifier": "Ідентифікатор",
+    "ip_address": "IP-адреса",
+    "client_identifier_desc": "Клієнтів можна ідентифікувати за IP-, CIDR-, MAC-адресами або ж за спеціальним клієнтським ідентифікатором (можливий для DoT, DoH та DoQ). <0>Докладніше про ідентифікацію клієнтів</0>.",
+    "form_enter_ip": "Введіть IP",
+    "form_enter_subnet_ip": "Введіть IP-адресу в підмережі «{{cidr}}»",
+    "form_enter_mac": "Введіть MAC",
+    "form_enter_id": "Введіть ідентифікатор",
+    "form_add_id": "Додати ідентифікатор",
+    "form_client_name": "Введіть ім'я клієнта",
+    "name": "Ім'я",
+    "client_global_settings": "Використати загальні налаштування",
+    "client_deleted": "Клієнта «{{key}}» успішно видалено",
+    "client_added": "Клієнта «{{key}}» успішно додано",
+    "client_updated": "Клієнта «{{key}}» успішно оновлено",
+    "clients_not_found": "Клієнтів не знайдено",
+    "client_confirm_delete": "Ви впевнені, що хочете видалити клієнта «{{key}}»?",
+    "list_confirm_delete": "Ви впевнені, що хочете видалити цей список?",
+    "auto_clients_title": "Клієнти (поза налаштуванням)",
+    "auto_clients_desc": "Дані про клієнтів, які використовують AdGuard Home, але не зберігаються в конфігурації",
+    "access_title": "Налаштування доступу",
+    "access_desc": "Тут ви можете налаштувати правила доступу для DNS-сервера AdGuard Home.",
+    "access_allowed_title": "Дозволені клієнти",
+    "access_allowed_desc": "Перелік CIDR-, IP-адрес та клієнтських ідентифікаторів. Якщо налаштовано, AdGuard Home прийматиме запити лише від цих клієнтів.",
+    "access_disallowed_title": "Заборонені клієнти",
+    "access_disallowed_desc": "Перелік CIDR-, IP-адрес та клієнтських ідентифікаторів. Якщо налаштовано, AdGuard Home буде скасовувати запити від цих клієнтів. Проте якщо налаштовано список дозволених клієнтів, то це поле проігнорується.",
+    "access_blocked_title": "Заборонені домени",
+    "access_blocked_desc": "Не плутайте з фільтрами. AdGuard Home буде ігнорувати DNS-запити з цими доменами, такі запити навіть не будуть записані до журналу. Ви можете вказати точні доменні імена, замінні знаки та правила фільтрування URL-адрес, наприклад, 'example.org', '*.example.org' або '||example.org^' відповідно.",
+    "access_settings_saved": "Налаштування доступу успішно збережено",
+    "updates_checked": "Оновлення успішно перевірені",
+    "updates_version_equal": "AdGuard Home останньої версії",
+    "check_updates_now": "Перевірити наявність оновлень",
+    "dns_privacy": "Конфіденційність DNS",
+    "setup_dns_privacy_1": "<0>DNS-over-TLS: </0>Використайте рядок <1>{{address}}</1>.",
+    "setup_dns_privacy_2": "<0>DNS-over-HTTPS:</0> Використайте рядок <1>{{address}}</1>.",
+    "setup_dns_privacy_3": "<0>Ось перелік програмного забезпечення, яке можете використати.</0>",
+    "setup_dns_privacy_4": "На пристрої iOS 14 або macOS Big Sur ви можете завантажити спеціальний файл .mobileconfig, який додасть до налаштувань DNS сервери <highlight>DNS-over-HTTPS</highlight> або <highlight>DNS-over-TLS</highlight>.",
+    "setup_dns_privacy_android_1": "Android 9 підтримує DNS-over-TLS. Щоб його налаштувати, перейдіть у Налаштування → Мережа та Інтернет → Додатково → Приватний DNS і введіть там свій домен.",
+    "setup_dns_privacy_android_2": "<0>AdGuard для Android</0> підтримує <1>DNS-over-HTTPS</1> і <1>DNS-over-TLS</1>.",
+    "setup_dns_privacy_android_3": "<0>Intra</0> додає підтримку <1>DNS-over-HTTPS</1> для Android.",
+    "setup_dns_privacy_ios_1": "<0>DNSCloak</0> підтримує <1>DNS-over-HTTPS</1>, але для того, щоб налаштувати його на використання власного сервера, вам потрібно буде створити для нього <2>штамп DNS</2>.",
+    "setup_dns_privacy_ios_2": "<0>AdGuard для iOS</0> підтримує налаштування <1>DNS over-HTTPS</1> і <1>DNS over over TLS</1>.",
+    "setup_dns_privacy_other_title": "Інші реалізації",
+    "setup_dns_privacy_other_1": "Сам AdGuard Home може слугувати захищеним клієнтом DNS на будь-якій платформі.",
+    "setup_dns_privacy_other_2": "<0>dnsproxy</0> підтримує всі відомі захищені протоколи DNS.",
+    "setup_dns_privacy_other_3": "<0>dnscrypt-proxy</0> підтримує <1>DNS-over-HTTPS</1>.",
+    "setup_dns_privacy_other_4": "<0>Mozilla Firefox</0> підтримує <1>DNS-over-HTTPS</1>.",
+    "setup_dns_privacy_other_5": "Ви знайдете більше реалізацій <0>тут</0> та <1>тут</1>.",
+    "setup_dns_privacy_ioc_mac": "Конфігурація для iOS та macOS",
+    "setup_dns_notice": "Для використання <1>DNS-over-HTTPS</1> або <1>DNS-over-TLS</1>, вам потрібно <0>налаштувати Шифрування</0> в налаштуваннях AdGuard Home.",
+    "rewrite_added": "Перезапис DNS для «{{key}}» успішно додано",
+    "rewrite_deleted": "Перезапис DNS для «{{key}}» успішно видалено",
+    "rewrite_add": "Додати перезапис DNS",
+    "rewrite_not_found": "Перезаписів DNS не знайдено",
+    "rewrite_confirm_delete": "Ви впевнені, що хочете видалити перезапис DNS для «{{key}}»?",
+    "rewrite_desc": "Дозволяє легко налаштувати власну відповідь DNS для певного доменного імені.",
+    "rewrite_applied": "Застосовано правило перезапису",
+    "rewrite_hosts_applied": "Перезаписано правилом hosts-файлу",
+    "dns_rewrites": "DNS перезаписи",
+    "form_domain": "Введіть доменне ім’я або підстановний знак",
+    "form_answer": "Введіть IP-адресу або доменне ім'я",
+    "form_error_domain_format": "Неправильний формат домену",
+    "form_error_answer_format": "Неправильний формат відопвіді",
+    "configure": "Налаштувати",
+    "main_settings": "Головні налаштування",
+    "block_services": "Блокувати конкретні сервіси",
+    "blocked_services": "Заблоковані сервіси",
+    "blocked_services_desc": "Дозволяє швидко блокувати популярні сайти та сервіси.",
+    "blocked_services_saved": "Заблоковані сервіси успішно збережено",
+    "blocked_services_global": "Використовувати глобально заблоковані сервіси",
+    "blocked_service": "Заблокований сервіс",
+    "block_all": "Блокувати все",
+    "unblock_all": "Розблокувати все",
+    "encryption_certificate_path": "Шлях до сертифіката",
+    "encryption_private_key_path": "Шлях до приватного ключа",
+    "encryption_certificates_source_path": "Вказати шлях до сертифікату",
+    "encryption_certificates_source_content": "Вставити вміст сертифікату",
+    "encryption_key_source_path": "Вказати приватний ключ",
+    "encryption_key_source_content": "Вставити вміст приватного ключа",
+    "stats_params": "Налаштування статистики",
+    "config_successfully_saved": "Конфігурацію успішно збережено",
+    "interval_6_hour": "6 годин",
+    "interval_24_hour": "24 години",
+    "interval_days": "{{count}} день",
+    "interval_days_plural": "{{count}} дні(в)",
+    "domain": "Домен",
+    "punycode": "Punycode",
+    "answer": "Відповідь",
+    "filter_added_successfully": "Фільтр успішно додано",
+    "filter_removed_successfully": "Фільтр успішно видалено",
+    "filter_updated": "Фільтр успішно оновлено",
+    "statistics_configuration": "Налаштування статистики",
+    "statistics_retention": "Збереження статистики",
+    "statistics_retention_desc": "Якщо зменшити значення інтервалу, деякі дані будуть втрачені",
+    "statistics_clear": "Очистити статистику",
+    "statistics_clear_confirm": "Ви впевнені, що хочете очистити статистику?",
+    "statistics_retention_confirm": "Ви впевнені, що хочете змінити тривалість статистики? Якщо зменшити значення інтервалу, деякі дані будуть втрачені",
+    "statistics_cleared": "Статистика успішно очищена",
+    "statistics_enable": "Увімкнути статистику",
+    "interval_hours": "{{count}} година",
+    "interval_hours_plural": "{{count}} годин(и)",
+    "filters_configuration": "Конфігурація фільтрів",
+    "filters_enable": "Увімкнути фільтри",
+    "filters_interval": "Інтервал оновлення фільтрів",
+    "disabled": "Вимкнено",
+    "username_label": "Ім'я користувача",
+    "username_placeholder": "Уведіть ім'я користувача",
+    "password_label": "Пароль",
+    "password_placeholder": "Введіть пароль",
+    "sign_in": "Увійти",
+    "sign_out": "Вийти",
+    "forgot_password": "Забули пароль?",
+    "forgot_password_desc": "Виконайте <0>ці кроки</0>, щоб створити новий пароль для свого імені користувача.",
+    "location": "Місцезнаходження",
+    "orgname": "Назва організації",
+    "netname": "Назва мережі",
+    "network": "Мережа",
+    "descr": "Опис",
+    "whois": "Whois",
+    "filtering_rules_learn_more": "<0>Як створити власні списки блокування</0>.",
+    "blocked_by_response": "У відповідь заблоковано по CNAME або IP",
+    "blocked_by_cname_or_ip": "Заблоковано по CNAME або IP",
+    "try_again": "Спробувати знову",
+    "domain_desc": "Введіть доменне ім’я або підстановний знак, який потрібно переписати.",
+    "example_rewrite_domain": "перепишіть відповіді лише для цього доменного імені.",
+    "example_rewrite_wildcard": "перепишіть відповіді для всіх субдоменів <0>example.org</0>.",
+    "rewrite_ip_address": "IP-адреса: використайте цю IP-адресу у відповіді A або AAAA",
+    "rewrite_domain_name": "Доменне ім’я: додайте запис CNAME",
+    "rewrite_A": "<0>A</0>: спеціальне значення, зберігайте <0>A</0> записи із вищого сервера",
+    "rewrite_AAAA": "<0>AAAA</0>: спеціальне значення, зберігайте <0>AAAA</0> записи із вищого сервера",
+    "disable_ipv6": "Вимкнути вирішення IPv6-адрес",
+    "disable_ipv6_desc": "Ігнорувати DNS-запити для IPv6-адрес (тип AAAA).",
+    "fastest_addr": "Найшвидша IP-адреса",
+    "fastest_addr_desc": "Опитати всі DNS-сервери й повернути найшвидшу IP-адресу серед усіх наданих. Це сповільнить швидкість DNS-запитів, оскільки AdGuard Home повинен буде чекати відповіді усіх DNS-серверів, але водночас може покращити якість з'єднання.",
+    "autofix_warning_text": "Якщо ви натиснете «Виправити», AdGuard Home налаштує вашу систему на використання DNS-сервера AdGuard Home.",
+    "autofix_warning_list": "Це виконає наступні завдання: <0>Деактивує систему DNSStubListener</0> <0>Змінить адресу DNS сервера на 127.0.0.1</0> <0>Замінить символічне посилання /etc/resolv.conf на /run/systemd/resolve/resolv.conf</0> <0>Зупинить DNSStubListener (перезапустить сервіс systemd-resolved)</0>",
+    "autofix_warning_result": "В результаті буде усталено, що усі DNS-запити вашої системи будуть опрацьовані AdGuard Home.",
+    "tags_title": "Теги",
+    "tags_desc": "Ви можете вибрати теги, які відповідають клієнту. Теги можна використати в правилах фільтрування, щоб точніше застосовувати їх. <0>Докладніше</0>",
+    "form_select_tags": "Виберіть теги клієнта",
+    "check_title": "Перевірте фільтрування",
+    "check_desc": "Перевірте чи фільтрується назва вузла",
+    "check": "Перевірити",
+    "form_enter_host": "Введіть назву вузла",
+    "filtered_custom_rules": "Відфільтровано за власними правилами фільтрування",
+    "choose_from_list": "Виберіть зі списку",
+    "add_custom_list": "Додати власний список",
+    "host_whitelisted": "Вузол додано до списку дозволів",
+    "check_ip": "IP адреси: {{ip}}",
+    "check_cname": "CNAME: {{cname}}",
+    "check_reason": "Причина: {{reason}}",
+    "check_service": "Назва сервісу: {{service}}",
+    "service_name": "Назва сервісу",
+    "check_not_found": "Не знайдено у ваших списках фільтрів",
+    "client_confirm_block": "Ви впевнені, що хочете заблокувати клієнта «{{ip}}»?",
+    "client_confirm_unblock": "Ви впевнені, що хочете розблокувати клієнт «{{ip}}»?",
+    "client_blocked": "Клієнта «{{ip}}» успішно заблоковано",
+    "client_unblocked": "Клієнта «{{ip}}» успішно розблоковано",
+    "static_ip": "Статична IP-адреса",
+    "static_ip_desc": "AdGuard Home - це сервер, тому йому потрібна статична IP-адреса для нормальної роботи. В іншому випадку, в певний момент, ваш маршрутизатор може призначити іншу IP-адресу цьому пристрою.",
+    "set_static_ip": "Встановити статичну IP-адресу",
+    "install_static_ok": "Гарні новини! Статична IP-адреса вже налаштована",
+    "install_static_error": "AdGuard Home не може налаштувати його автоматично для цього мережевого інтерфейсу. Будь ласка, шукайте інструкції як це зробити вручну.",
+    "install_static_configure": "AdGuard Home виявив, що використовується динамічна IP-адреса — <0>{{ip}}</0>. Ви хочете встановити її як свою статичну адресу?",
+    "confirm_static_ip": "AdGuard Home налаштує {{ip}} як вашу статичну IP-адресу. Ви хочете продовжити?",
+    "list_updated": "{{count}} список оновлено",
+    "list_updated_plural": "{{count}} списки оновлено",
+    "dnssec_enable": "Увімкнути DNSSEC",
+    "dnssec_enable_desc": "Встановити прапорець DNSSEC для вихідних DNS запитів та перевірити результат (потрібен розпізнавач з підтримкою DNSSEC).",
+    "validated_with_dnssec": "Засвідчено DNSSEC",
+    "all_queries": "Усі запити",
+    "show_blocked_responses": "Заблоковані",
+    "show_whitelisted_responses": "Дозволені",
+    "show_processed_responses": "Оброблені",
+    "blocked_safebrowsing": "Безпечний перегляд заблоковано",
+    "blocked_adult_websites": "Заблоковані вебсайти для дорослих",
+    "blocked_threats": "Заблоковано загроз",
+    "allowed": "Дозволено",
+    "filtered": "Відфільтровано",
+    "rewritten": "Перезаписано",
+    "safe_search": "Безпечний пошук",
+    "blocklist": "Список блокування",
+    "milliseconds_abbreviation": "мс",
+    "cache_size": "Розмір кешу",
+    "cache_size_desc": "Розмір кешу DNS (у байтах)",
+    "cache_ttl_min_override": "Замінити мінімальний TTL",
+    "cache_ttl_max_override": "Замінити максимальний TTL",
+    "enter_cache_size": "Введіть розмір кешу (байт)",
+    "enter_cache_ttl_min_override": "Введіть мінімальний TTL (секунди)",
+    "enter_cache_ttl_max_override": "Введіть максимальний TTL (секунди)",
+    "cache_ttl_min_override_desc": "Розширити короткі значення time-to-live (секунди) отримані від основного сервера під час кешування відповідей DNS",
+    "cache_ttl_max_override_desc": "Встановіть максимальне значення time-to-live (секунди) для записів у кеші DNS",
+    "ttl_cache_validation": "Мінімальне значення TTL кеш-пам'яті має бути меншим або рівним максимальному значенню",
+    "cache_optimistic": "Оптимістичне кешування",
+    "cache_optimistic_desc": "AdGuard Home буде відповідати з кешу, навіть якщо відповіді в ньому застарілі, а також спробує оновити їх.",
+    "filter_category_general": "Загальні",
+    "filter_category_security": "Безпека",
+    "filter_category_regional": "Регіональні",
+    "filter_category_other": "Інші",
+    "filter_category_general_desc": "Списки, які блокують відстеження та рекламу на більшості пристроїв",
+    "filter_category_security_desc": "Фільтри, які спеціалізуються на блокуванні зловмисних програм, фішингу та шахрайських доменів",
+    "filter_category_regional_desc": "Списки, орієнтовані на регіональні оголошення та сервери відстеження",
+    "filter_category_other_desc": "Інші списки блокувань",
+    "setup_config_to_enable_dhcp_server": "Налаштуйте конфігурацію для увімкнення DHCP-сервера",
+    "original_response": "Оригінальна відповідь",
+    "click_to_view_queries": "Клацніть, щоб переглянути запити",
+    "port_53_faq_link": "Порт 53 часто зайнятий службами «DNSStubListener» або «systemd-resolved». <0>Як це вирішити</0>.",
+    "adg_will_drop_dns_queries": "AdGuard Home буде видаляти всі запити DNS із цього клієнта.",
+    "filter_allowlist": "ПОПЕРЕДЖЕННЯ: Таким чином ви також виключите правило «{{disallowed_rule}}» зі списку дозволених клієнтів.",
+    "last_rule_in_allowlist": "Неможливо заблокувати цього клієнта, тому що правило «{{disallowed_rule}}» ВИМКНЕ режим списку дозволів.",
+    "experimental": "Експериментальний",
+    "use_saved_key": "Використати раніше збережений ключ",
+    "parental_control": "Батьківський контроль",
+    "safe_browsing": "Безпечний інтернет",
+    "served_from_cache": "{{value}} <i>(отримано з кешу)</i>"
+}

client/src/__locales/vi.json

@@ -44,8 +44,6 @@
     "form_error_server_name": "Tên máy chủ không hợp lệ",
     "form_error_subnet": "Mạng con \"{{cidr}}\" không chứa địa chỉ IP \"{{ip}}\"",
     "form_error_positive": "Phải lớn hơn 0",
-    "form_error_negative": "Phải lớn hơn hoặc bằng 0",
-    "range_end_error": "Phải lớn hơn khoảng bắt đầu",
     "dhcp_form_gateway_input": "Cổng IP",
     "dhcp_form_subnet_input": "Mặt nạ mạng con",
     "dhcp_form_range_title": "Phạm vi của địa chỉ IP",
@@ -613,5 +611,6 @@
     "adg_will_drop_dns_queries": "AdGuard Home sẽ loại bỏ tất cả các truy vấn DNS từ ứng dụng khách này.",
     "filter_allowlist": "CẢNH BÁO: Hành động này cũng sẽ loại trừ quy tắc \"{{disallowed_rule}}\" khỏi danh sách các ứng dụng khách được phép.",
     "last_rule_in_allowlist": "Không thể không cho phép ứng dụng khách này vì việc loại trừ quy tắc \"{{disallowed_rule}}\" sẽ TẮT danh sách \"Ứng dụng khách được phép\".",
-    "experimental": "Thử nghiệm"
+    "experimental": "Thử nghiệm",
+    "parental_control": "Quản lý của phụ huynh"
 }

client/src/__locales/zh-cn.json

@@ -36,16 +36,23 @@
     "dhcp_ipv4_settings": "DHCP IPv4设置",
     "dhcp_ipv6_settings": "DHCP IPv6设置",
     "form_error_required": "必填字段",
-    "form_error_ip4_format": "无效的 IPv4 格式",
-    "form_error_ip6_format": "无效的 IPv6 格式",
-    "form_error_ip_format": "无效的 IP 格式",
-    "form_error_mac_format": "无效的 MAC 格式",
-    "form_error_client_id_format": "无效的客户端 ID 格式",
+    "form_error_ip4_format": "无效的 IPv4 地址",
+    "form_error_ip4_range_start_format": "范围起始值的 IPv4 地址无效",
+    "form_error_ip4_range_end_format": "范围终值的 IPv4 地址无效",
+    "form_error_ip4_gateway_format": "网关 IPv4 地址无效",
+    "form_error_ip6_format": "无效的 IPv6 地址",
+    "form_error_ip_format": "无效的 IP 地址",
+    "form_error_mac_format": "无效的 MAC 地址",
+    "form_error_client_id_format": "无效的客户端 ID",
     "form_error_server_name": "无效的服务器名",
     "form_error_subnet": "子网 \"{{cidr}}\" 不包含 IP 地址 \"{{ip}}\"",
     "form_error_positive": "必须大于 0",
-    "form_error_negative": "必须大于等于 0",
-    "range_end_error": "必须大于范围起始值",
+    "out_of_range_error": "必定超出了范围 \"{{start}}\"-\"{{end}}\"",
+    "lower_range_start_error": "必须小于范围起始值",
+    "greater_range_start_error": "必须大于范围起始值",
+    "greater_range_end_error": "必须大于范围终值",
+    "subnet_error": "地址必须在一个子网内",
+    "gateway_or_subnet_invalid": "子网掩码无效",
     "dhcp_form_gateway_input": "网关 IP",
     "dhcp_form_subnet_input": "子网掩码",
     "dhcp_form_range_title": "IP 地址范围",
@@ -193,6 +200,7 @@
     "form_error_url_or_path_format": "无效的URL或列表的绝对路径",
     "custom_filter_rules": "自定义过滤器规则",
     "custom_filter_rules_hint": "请确保每行只输入一条规则。你可以输入符合 adblock 语法或 Hosts 语法的规则。",
+    "system_host_files": "系统主机文件",
     "examples_title": "范例",
     "example_meaning_filter_block": "拦截 example.org 域名及其所有子域名",
     "example_meaning_filter_whitelist": "放行 example.org 及其所有子域名",
@@ -616,5 +624,8 @@
     "filter_allowlist": "警告：此操作将把规则 \"{{disallowed_rule}}\" 排除在允许客户端的列表之外。",
     "last_rule_in_allowlist": "无法禁止此客户端，因为排除 “{{disallowed_rule}}” 规则将禁用“允许客户端”的列表。",
     "experimental": "实验性的",
-    "use_saved_key": "使用之前保存的密钥"
+    "use_saved_key": "使用之前保存的密钥",
+    "parental_control": "家长控制",
+    "safe_browsing": "安全浏览",
+    "served_from_cache": "{{value}}<i>(由缓存提供)</i>"
 }

client/src/__locales/zh-hk.json

@@ -44,8 +44,6 @@
     "form_error_server_name": "無效伺服器名稱",
     "form_error_subnet": "子網路 \"{{cidr}}\" 不包含 IP 位址 \"{{ip}}\"",
     "form_error_positive": "數值必須大於 0",
-    "form_error_negative": "數值必須大於等於 0",
-    "range_end_error": "必須大於起始值",
     "dhcp_form_gateway_input": "閘道 IP 位址",
     "dhcp_form_subnet_input": "子網路遮罩",
     "dhcp_form_range_title": "IP 位址範圍",
@@ -612,6 +610,5 @@
     "click_to_view_queries": "按一下以檢視查詢結果",
     "port_53_faq_link": "連接埠 53 經常被「DNSStubListener」或「systemd-resolved」服務佔用。請閱讀下列有關解決<0>這個問題</0>的說明",
     "adg_will_drop_dns_queries": "AdGuard Home 將停止回應此用戶端的所有 DNS 查詢。",
-    "client_not_in_allowed_clients": "此用戶端不被允許，它不在\"允許的用戶端\"列表中。",
     "experimental": "實驗性"
 }

client/src/__locales/zh-tw.json

@@ -36,16 +36,23 @@
     "dhcp_ipv4_settings": "DHCP IPv4 設定",
     "dhcp_ipv6_settings": "DHCP IPv6 設定",
     "form_error_required": "必填的欄位",
-    "form_error_ip4_format": "無效的 IPv4 格式",
-    "form_error_ip6_format": "無效的 IPv6 格式",
-    "form_error_ip_format": "無效的 IP 格式",
-    "form_error_mac_format": "無效的媒體存取控制（MAC）格式",
-    "form_error_client_id_format": "無效的用戶端 ID 格式",
+    "form_error_ip4_format": "無效的 IPv4 位址",
+    "form_error_ip4_range_start_format": "無效起始範圍的 IPv4 位址",
+    "form_error_ip4_range_end_format": "無效結束範圍的 IPv4 位址",
+    "form_error_ip4_gateway_format": "無效閘道的 IPv4 位址",
+    "form_error_ip6_format": "無效的 IPv6 位址",
+    "form_error_ip_format": "無效的 IP 位址",
+    "form_error_mac_format": "無效的媒體存取控制（MAC）位址",
+    "form_error_client_id_format": "無效的用戶端 ID",
     "form_error_server_name": "無效的伺服器名稱",
     "form_error_subnet": "子網路 \"{{cidr}}\" 不包含該 IP 位址 \"{{ip}}\"",
     "form_error_positive": "必須大於 0",
-    "form_error_negative": "必須等於或大於 0",
-    "range_end_error": "必須大於起始範圍",
+    "out_of_range_error": "必須在\"{{start}}\"-\"{{end}}\"範圍之外",
+    "lower_range_start_error": "必須低於起始範圍",
+    "greater_range_start_error": "必須大於起始範圍",
+    "greater_range_end_error": "必須大於結束範圍",
+    "subnet_error": "位址必須在子網路中",
+    "gateway_or_subnet_invalid": "無效的子網路遮罩",
     "dhcp_form_gateway_input": "閘道 IP",
     "dhcp_form_subnet_input": "子網路遮罩",
     "dhcp_form_range_title": "IP 位址範圍",
@@ -193,6 +200,7 @@
     "form_error_url_or_path_format": "該清單之網址或絕對的路徑為無效的",
     "custom_filter_rules": "自訂的過濾規則",
     "custom_filter_rules_hint": "於一行上輸入一項規則。您可使用廣告封鎖規則或主機檔案語法。",
+    "system_host_files": "系統主機檔案",
     "examples_title": "範例",
     "example_meaning_filter_block": "封鎖至 example.org 網域及其所有的子網域之存取",
     "example_meaning_filter_whitelist": "解除封鎖至 example.org 網域及其所有的子網域之存取",
@@ -215,8 +223,8 @@
     "block": "封鎖",
     "disallow_this_client": "不允許此用戶端",
     "allow_this_client": "允許此用戶端",
-    "block_for_this_client_only": "僅封鎖此用戶端",
-    "unblock_for_this_client_only": "僅解除封鎖此用戶端",
+    "block_for_this_client_only": "僅對此用戶端封鎖",
+    "unblock_for_this_client_only": "僅對此用戶端解除封鎖",
     "time_table_header": "時間",
     "date": "日期",
     "domain_name_table_header": "域名",
@@ -320,7 +328,7 @@
     "install_devices_router": "路由器",
     "install_devices_router_desc": "此設置將自動地涵蓋所有被連線到您的家庭路由器之裝置，而您將無需手動地配置它們。",
     "install_devices_address": "AdGuard Home DNS 伺服器正在監聽下列的位址",
-    "install_devices_router_list_1": "開啟用於您的路由器之偏好設定。通常地，您可透過網址，諸如 http://192.168.0.1/ 或 http://192.168.1.1/，從您的瀏覽器中存取它。您可能被提醒輸入密碼。如果您不記得它，您經常可透過按壓於該路由器本身上的按鈕來重置密碼，但請明白如果此步驟被選擇，您將可能失去整個路由器配置。如果您的路由器需要應用程式去設置它，請於您的手機或個人電腦上安裝該應用程式，並使用它來存取該路由器的設定。",
+    "install_devices_router_list_1": "開啟用於您的路由器之偏好設定。通常，您可透過網址，諸如 http://192.168.0.1/ 或 http://192.168.1.1/，從您的瀏覽器中存取它。您可能被提醒去輸入密碼。如果您不記得它，您經常可透過按壓於該路由器本身上的按鈕來重置密碼，但請明白如果此步驟被選擇，您將可能失去整個路由器配置。如果您的路由器需要應用程式去設置它，請於您的手機或個人電腦上安裝該應用程式，並使用它來存取該路由器的設定。",
     "install_devices_router_list_2": "找到 DHCP/DNS 設定。尋找緊鄰著允許兩組或三組數字集的欄位之 DNS 字母，每組被拆成四個含有一至三個數字的群集。",
     "install_devices_router_list_3": "在那裡輸入您的 AdGuard Home 伺服器位址。",
     "install_devices_router_list_4": "於某些路由器機型上，自訂的 DNS 伺服器無法被設置。在這種情況下，設置 AdGuard Home 作為 <0>DHCP</0> 伺服器可能有所幫助。否則，您應查明有關如何對您的特定路由器型號自訂 DNS 伺服器之路由器用法說明。",
@@ -529,7 +537,7 @@
     "blocked_by_cname_or_ip": "被正規名稱（CNAME）或 IP 封鎖",
     "try_again": "再次嘗試",
     "domain_desc": "輸入您想要被改寫的域名或萬用字元（wildcard）。",
-    "example_rewrite_domain": "僅對於此域名改寫回應。",
+    "example_rewrite_domain": "僅對此域名改寫回應。",
     "example_rewrite_wildcard": "對於所有的 <0>example.org</0> 子網域改寫回應。",
     "rewrite_ip_address": "IP 位址：在一個 A 或 AAAA 回應中使用此 IP",
     "rewrite_domain_name": "域名：新增一筆正規名稱（CNAME）記錄",
@@ -616,5 +624,8 @@
     "filter_allowlist": "警告：此操作將把 \"{{disallowed_rule}}\" 規則排除在已允許用戶端的清單之外。",
     "last_rule_in_allowlist": "無法禁止此用戶端，因為排除 “{{disallowed_rule}}” 規則將禁用“已允許用戶端”的清單。",
     "experimental": "實驗性的",
-    "use_saved_key": "使用該先前已儲存的金鑰"
+    "use_saved_key": "使用該先前已儲存的金鑰",
+    "parental_control": "家長監控",
+    "safe_browsing": "安全瀏覽",
+    "served_from_cache": "{{value}} <i>（由快取提供）</i>"
 }

client/src/components/Dashboard/Counters.js

@@ -16,18 +16,31 @@ const Row = ({
         ? <LogsSearchLink response_status={response_status}>{formatNumber(count)}</LogsSearchLink>
         : count;
 
-    return <tr key={label}>
-        <td>
-            <Trans components={translationComponents}>{label}</Trans>
-            <Tooltip content={tooltipTitle} placement="top"
-                     className="tooltip-container tooltip-custom--narrow text-center">
-                <svg className="icons icon--20 icon--lightgray ml-2">
-                    <use xlinkHref="#question" />
-                </svg>
-            </Tooltip>
-        </td>
-        <td className="text-right"><strong>{content}</strong></td>
-    </tr>;
+    return (
+        <div className="counters__row" key={label}>
+            <div className="counters__column">
+                <span className="counters__title">
+                    <Trans components={translationComponents}>
+                        {label}
+                    </Trans>
+                </span>
+                <span className="counters__tooltip">
+                    <Tooltip
+                        content={tooltipTitle}
+                        placement="top"
+                        className="tooltip-container tooltip-custom--narrow text-center"
+                    >
+                        <svg className="icons icon--20 icon--lightgray ml-2">
+                            <use xlinkHref="#question" />
+                        </svg>
+                    </Tooltip>
+                </span>
+            </div>
+            <div className="counters__column counters__column--value">
+                <strong>{content}</strong>
+            </div>
+        </div>
+    );
 };
 
 const Counters = ({ refreshButton, subtitle }) => {
@@ -88,9 +101,9 @@ const Counters = ({ refreshButton, subtitle }) => {
             bodyType="card-table"
             refresh={refreshButton}
         >
-            <table className="table card-table">
-                <tbody>{rows.map(Row)}</tbody>
-            </table>
+            <div className="counters">
+                {rows.map(Row)}
+            </div>
         </Card>
     );
 };

client/src/components/Dashboard/Dashboard.css

@@ -49,3 +49,39 @@
         display: block;
     }
 }
+
+.counters__row {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    border-top: 1px solid #dee2e6;
+    padding: 0.75rem 1.5rem;
+}
+
+.counters__column--value {
+    flex-shrink: 0;
+    margin-left: 1.5rem;
+    text-align: right;
+    white-space: nowrap;
+}
+
+@media screen and (min-width: 768px) {
+    .counters__column {
+        display: flex;
+        align-items: center;
+        overflow: hidden;
+    }
+
+    .counters__title {
+        display: block;
+        max-width: 100%;
+        white-space: nowrap;
+        text-overflow: ellipsis;
+        overflow: hidden;
+    }
+
+    .counters__tooltip {
+        display: block;
+        flex-shrink: 0;
+    }
+}

client/src/components/Logs/Cells/ResponseCell.js

@@ -21,6 +21,7 @@ const ResponseCell = ({
     upstream,
     rules,
     service_name,
+    cached,
 }) => {
     const { t } = useTranslation();
     const filters = useSelector((state) => state.filtering.filters, shallowEqual);
@@ -36,6 +37,9 @@ const ResponseCell = ({
 
     const statusLabel = t(isBlockedByResponse ? 'blocked_by_cname_or_ip' : FILTERED_STATUS_TO_META_MAP[reason]?.LABEL || reason);
     const boldStatusLabel = <span className="font-weight-bold">{statusLabel}</span>;
+    const upstreamString = cached
+        ? t('served_from_cache', { value: upstream, i: <i /> })
+        : upstream;
 
     const renderResponses = (responseArr) => {
         if (!responseArr || responseArr.length === 0) {
@@ -53,7 +57,7 @@ const ResponseCell = ({
 
     const COMMON_CONTENT = {
         encryption_status: boldStatusLabel,
-        install_settings_dns: upstream,
+        install_settings_dns: upstreamString,
         elapsed: formattedElapsedMs,
         response_code: status,
         ...(service_name
@@ -90,8 +94,9 @@ const ResponseCell = ({
 
     const detailedInfo = getDetailedInfo(reason);
 
-    return <div className="logs__cell logs__cell--response" role="gridcell">
-        <IconTooltip
+    return (
+        <div className="logs__cell logs__cell--response" role="gridcell">
+            <IconTooltip
                 className={classNames('icons mr-4 icon--24 icon--lightgray', { 'my-3': isDetailed })}
                 columnClass='grid grid--limited'
                 tooltipClass='px-5 pb-5 pt-4 mw-75 custom-tooltip__response-details'
@@ -100,14 +105,15 @@ const ResponseCell = ({
                 title='response_details'
                 content={content}
                 placement='bottom'
-        />
-        <div className="text-truncate">
-            <div className="text-truncate" title={statusLabel}>{statusLabel}</div>
-            {isDetailed && <div
-                    className="detailed-info d-none d-sm-block pt-1 text-truncate"
-                    title={detailedInfo}>{detailedInfo}</div>}
+            />
+            <div className="text-truncate">
+                <div className="text-truncate" title={statusLabel}>{statusLabel}</div>
+                {isDetailed && <div
+                        className="detailed-info d-none d-sm-block pt-1 text-truncate"
+                        title={detailedInfo}>{detailedInfo}</div>}
+            </div>
         </div>
-    </div>;
+    );
 };
 
 ResponseCell.propTypes = {
@@ -117,6 +123,7 @@ ResponseCell.propTypes = {
     response: propTypes.array.isRequired,
     status: propTypes.string.isRequired,
     upstream: propTypes.string.isRequired,
+    cached: propTypes.bool.isRequired,
     rules: propTypes.arrayOf(propTypes.shape({
         text: propTypes.string.isRequired,
         filter_list_id: propTypes.number.isRequired,

client/src/components/Logs/Cells/index.js

@@ -76,6 +76,7 @@ const Row = memo(({
             originalResponse,
             status,
             service_name,
+            cached,
         } = rowProps;
 
         const hasTracker = !!tracker;
@@ -116,6 +117,9 @@ const Row = memo(({
 
         const blockingForClientKey = isFiltered ? 'unblock_for_this_client_only' : 'block_for_this_client_only';
         const clientNameBlockingFor = getBlockingClientName(clients, client);
+        const upstreamString = cached
+            ? t('served_from_cache', { value: upstream, i: <i /> })
+            : upstream;
 
         const onBlockingForClientClick = () => {
             dispatch(toggleBlockingForClient(buttonType, domain, clientNameBlockingFor));
@@ -175,7 +179,7 @@ const Row = memo(({
                             className="link--green">{sourceData.name}
                     </a>,
             response_details: 'title',
-            install_settings_dns: upstream,
+            install_settings_dns: upstreamString,
             elapsed: formattedElapsedMs,
             ...(rules.length > 0
                     && { rule_label: getRulesToFilterList(rules, filters, whitelistFilters) }
@@ -230,6 +234,7 @@ Row.propTypes = {
         time: propTypes.string.isRequired,
         tracker: propTypes.object,
         upstream: propTypes.string.isRequired,
+        cached: propTypes.bool.isRequired,
         type: propTypes.string.isRequired,
         client_proto: propTypes.string.isRequired,
         client_id: propTypes.string,

client/src/components/Settings/Dhcp/FormDHCPv4.js

@@ -13,6 +13,9 @@ import {
     validateIpv4,
     validateRequiredValue,
     validateIpv4RangeEnd,
+    validateGatewaySubnetMask,
+    validateIpForGatewaySubnetMask,
+    validateNotInRange,
 } from '../../../helpers/validators';
 
 const FormDHCPv4 = ({
@@ -54,7 +57,11 @@ const FormDHCPv4 = ({
                         type="text"
                         className="form-control"
                         placeholder={t(ipv4placeholders.gateway_ip)}
-                        validate={[validateIpv4, validateRequired]}
+                        validate={[
+                            validateIpv4,
+                            validateRequired,
+                            validateNotInRange,
+                        ]}
                         disabled={!isInterfaceIncludesIpv4}
                     />
                 </div>
@@ -66,7 +73,11 @@ const FormDHCPv4 = ({
                         type="text"
                         className="form-control"
                         placeholder={t(ipv4placeholders.subnet_mask)}
-                        validate={[validateIpv4, validateRequired]}
+                        validate={[
+                            validateIpv4,
+                            validateRequired,
+                            validateGatewaySubnetMask,
+                        ]}
                         disabled={!isInterfaceIncludesIpv4}
                     />
                 </div>
@@ -84,7 +95,11 @@ const FormDHCPv4 = ({
                                 type="text"
                                 className="form-control"
                                 placeholder={t(ipv4placeholders.range_start)}
-                                validate={[validateIpv4]}
+                                validate={[
+                                    validateIpv4,
+                                    validateGatewaySubnetMask,
+                                    validateIpForGatewaySubnetMask,
+                                ]}
                                 disabled={!isInterfaceIncludesIpv4}
                             />
                         </div>
@@ -95,7 +110,12 @@ const FormDHCPv4 = ({
                                 type="text"
                                 className="form-control"
                                 placeholder={t(ipv4placeholders.range_end)}
-                                validate={[validateIpv4, validateIpv4RangeEnd]}
+                                validate={[
+                                    validateIpv4,
+                                    validateIpv4RangeEnd,
+                                    validateGatewaySubnetMask,
+                                    validateIpForGatewaySubnetMask,
+                                ]}
                                 disabled={!isInterfaceIncludesIpv4}
                             />
                         </div>

client/src/components/Settings/Dhcp/StaticLeases/Form.js

@@ -53,7 +53,11 @@ const Form = ({
                         type="text"
                         className="form-control"
                         placeholder={t('form_enter_subnet_ip', { cidr })}
-                        validate={[validateRequiredValue, validateIpv4, validateIpv4InCidr]}
+                        validate={[
+                            validateRequiredValue,
+                            validateIpv4,
+                            validateIpv4InCidr,
+                        ]}
                     />
                 </div>
                 <div className="form__group">

client/src/components/Settings/Dhcp/StaticLeases/Modal.js

@@ -11,6 +11,8 @@ const Modal = ({
     handleSubmit,
     processingAdding,
     cidr,
+    rangeStart,
+    rangeEnd,
 }) => {
     const dispatch = useDispatch();
 
@@ -38,10 +40,14 @@ const Modal = ({
                         ip: '',
                         hostname: '',
                         cidr,
+                        rangeStart,
+                        rangeEnd,
                     }}
                     onSubmit={handleSubmit}
                     processingAdding={processingAdding}
                     cidr={cidr}
+                    rangeStart={rangeStart}
+                    rangeEnd={rangeEnd}
                 />
             </div>
         </ReactModal>
@@ -53,6 +59,8 @@ Modal.propTypes = {
     handleSubmit: PropTypes.func.isRequired,
     processingAdding: PropTypes.bool.isRequired,
     cidr: PropTypes.string.isRequired,
+    rangeStart: PropTypes.string,
+    rangeEnd: PropTypes.string,
 };
 
 export default withTranslation()(Modal);

client/src/components/Settings/Dhcp/StaticLeases/index.js

@@ -22,6 +22,8 @@ const StaticLeases = ({
     processingDeleting,
     staticLeases,
     cidr,
+    rangeStart,
+    rangeEnd,
 }) => {
     const [t] = useTranslation();
     const dispatch = useDispatch();
@@ -100,6 +102,8 @@ const StaticLeases = ({
                 handleSubmit={handleSubmit}
                 processingAdding={processingAdding}
                 cidr={cidr}
+                rangeStart={rangeStart}
+                rangeEnd={rangeEnd}
             />
         </>
     );
@@ -111,6 +115,8 @@ StaticLeases.propTypes = {
     processingAdding: PropTypes.bool.isRequired,
     processingDeleting: PropTypes.bool.isRequired,
     cidr: PropTypes.string.isRequired,
+    rangeStart: PropTypes.string,
+    rangeEnd: PropTypes.string,
 };
 
 cellWrap.propTypes = {

client/src/components/Settings/Dhcp/index.js

@@ -102,6 +102,7 @@ const Dhcp = () => {
             Object.values(DHCP_FORM_NAMES)
                 .forEach((formName) => dispatch(destroy(formName)));
             dispatch(resetDhcp());
+            dispatch(getDhcpStatus());
         }
     };
 
@@ -275,6 +276,8 @@ const Dhcp = () => {
                             processingAdding={processingAdding}
                             processingDeleting={processingDeleting}
                             cidr={cidr}
+                            rangeStart={dhcp?.values?.v4?.range_start}
+                            rangeEnd={dhcp?.values?.v4?.range_end}
                         />
                         <div className="btn-list mt-2">
                             <button

client/src/components/ui/Guide/MobileConfigForm.js

@@ -14,7 +14,7 @@ import {
     toNumber,
 } from '../../../helpers/form';
 import {
-    validateClientId,
+    validateConfigClientId,
     validateServerName,
     validatePort,
     validateIsSafePort,
@@ -132,7 +132,7 @@ const MobileConfigForm = ({ invalid }) => {
                         component={renderInputField}
                         className="form-control"
                         placeholder={i18next.t('client_id_placeholder')}
-                        validate={validateClientId}
+                        validate={validateConfigClientId}
                     />
                 </div>
                 <div className="form__group form__group--settings">

client/src/helpers/constants.js

@@ -24,7 +24,7 @@ export const R_UNIX_ABSOLUTE_PATH = /^(\/[^/\x00]+)+$/;
 // eslint-disable-next-line no-control-regex
 export const R_WIN_ABSOLUTE_PATH = /^([a-zA-Z]:)?(\\|\/)(?:[^\\/:*?"<>|\x00]+\\)*[^\\/:*?"<>|\x00]*$/;
 
-export const R_CLIENT_ID = /^[a-z0-9-]{1,64}$/;
+export const R_CLIENT_ID = /^[a-z0-9-]{1,63}$/;
 
 export const HTML_PAGES = {
     INSTALL: '/install.html',
@@ -528,7 +528,14 @@ export const DETAILED_DATE_FORMAT_OPTIONS = {
     month: 'long',
 };
 
-export const CUSTOM_FILTERING_RULES_ID = 0;
+export const SPECIAL_FILTER_ID = {
+    CUSTOM_FILTERING_RULES: 0,
+    SYSTEM_HOSTS: -1,
+    BLOCKED_SERVICES: -2,
+    PARENTAL: -3,
+    SAFE_BROWSING: -4,
+    SAFE_SEARCH: -5,
+};
 
 export const BLOCK_ACTIONS = {
     BLOCK: 'block',

client/src/helpers/filters/filters.json

@@ -42,6 +42,12 @@
             "homepage": "https://someonewhocares.org/",
             "source": "https://someonewhocares.org/hosts/zero/hosts"
         },
+        "oisd": {
+            "name": "OISD Blocklist Basic",
+            "categoryId": "general",
+            "homepage": "https://oisd.nl/",
+            "source": "https://abp.oisd.nl/basic/"
+        },
         "game-console-adblock-list": {
             "name": "Game Console Adblock List",
             "categoryId": "general",
@@ -54,18 +60,6 @@
             "homepage": "https://github.com/Perflyst/PiHoleBlocklist",
             "source": "https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV-AGH.txt"
         },
-        "windows-spy-blocker" : {
-            "name": "WindowsSpyBlocker - Hosts spy rules",
-            "categoryId": "general",
-            "homepage": "https://github.com/crazy-max/WindowsSpyBlocker",
-            "source": "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt"
-        },
-        "spam404": {
-            "name": "Spam404",
-            "categoryId": "security",
-            "homepage": "https://github.com/Spam404/lists",
-            "source": "https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt"
-        },
         "nocoin-filter-list": {
             "name": "NoCoin Filter List",
             "categoryId": "security",
@@ -90,18 +84,18 @@
             "homepage": "https://gitlab.com/curben/urlhaus-filter",
             "source": "https://curben.gitlab.io/malware-filter/urlhaus-filter-agh-online.txt"
         },
+        "dandelion-sprouts-anti-malware-list": {
+            "name": "Dandelion Sprout's Anti-Malware List",
+            "categoryId": "security",
+            "homepage": "https://github.com/DandelionSprout/adfilt",
+            "source": "https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareAdGuardHome.txt"
+        },
         "NOR-dandelion-sprouts-nordiske-filtre": {
             "name": "NOR: Dandelion Sprouts nordiske filtre",
             "categoryId": "regional",
             "homepage": "https://github.com/DandelionSprout/adfilt",
             "source": "https://raw.githubusercontent.com/DandelionSprout/adfilt/master/NorwegianExperimentalList%20alternate%20versions/NordicFiltersAdGuardHome.txt"
         },
-        "TUR-nurcan-turk-ad-list": {
-            "name": "TUR: nurcan Türk ad-list",
-            "categoryId": "regional",
-            "homepage": "https://github.com/DandelionSprout/adfilt",
-            "source": "https://raw.githubusercontent.com/xorcan/hosts/master/xhosts.txt"
-        },
         "POL-polish-filters-for-pihole": {
             "name": "POL: Polish filters for Pi hole",
             "categoryId": "regional",
@@ -156,11 +150,17 @@
             "homepage": "https://github.com/ABPindo/indonesianadblockrules/",
             "source": "https://raw.githubusercontent.com/ABPindo/indonesianadblockrules/master/subscriptions/abpindo.txt"
         },
-        "barb-block": {
-            "name": "BarbBlock",
+        "NLD-Easylist": {
+            "name": "NLD: Easylist",
+            "categoryId": "regional",
+            "homepage": "https://forums.lanik.us/viewforum.php?f=100",
+            "source": "https://easylist-downloads.adblockplus.org/easylistdutch.txt"
+        },
+        "windows-spy-blocker" : {
+            "name": "WindowsSpyBlocker - Hosts spy rules",
             "categoryId": "other",
-            "homepage": "https://github.com/paulgb/BarbBlock/",
-            "source": "https://paulgb.github.io/BarbBlock/blacklists/hosts-file.txt"
+            "homepage": "https://github.com/crazy-max/WindowsSpyBlocker",
+            "source": "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt"
         }
     }
 }

client/src/helpers/helpers.js

@@ -13,7 +13,6 @@ import {
     ADDRESS_TYPES,
     CHECK_TIMEOUT,
     COMMENT_LINE_DEFAULT_TOKEN,
-    CUSTOM_FILTERING_RULES_ID,
     DEFAULT_DATE_FORMAT_OPTIONS,
     DEFAULT_LANGUAGE,
     DEFAULT_TIME_FORMAT,
@@ -26,6 +25,7 @@ import {
     STANDARD_DNS_PORT,
     STANDARD_HTTPS_PORT,
     STANDARD_WEB_PORT,
+    SPECIAL_FILTER_ID,
 } from './constants';
 
 /**
@@ -75,6 +75,7 @@ export const normalizeLogs = (logs) => logs.map((log) => {
         service_name,
         original_answer,
         upstream,
+        cached,
     } = log;
 
     const { name: domain, unicode_name: unicodeName, type } = question;
@@ -116,6 +117,7 @@ export const normalizeLogs = (logs) => logs.map((log) => {
         answer_dnssec,
         elapsedMs,
         upstream,
+        cached,
     };
 });
 
@@ -299,10 +301,10 @@ export const redirectToCurrentProtocol = (values, httpPort = 80) => {
     const {
         protocol, hostname, hash, port,
     } = window.location;
-    const { enabled, port_https } = values;
+    const { enabled, force_https, port_https } = values;
     const httpsPort = port_https !== STANDARD_HTTPS_PORT ? `:${port_https}` : '';
 
-    if (protocol !== 'https:' && enabled && port_https) {
+    if (protocol !== 'https:' && enabled && force_https && port_https) {
         checkRedirect(`https://${hostname}${httpsPort}/${hash}`);
     } else if (protocol === 'https:' && enabled && port_https && port_https !== parseInt(port, 10)) {
         checkRedirect(`https://${hostname}${httpsPort}/${hash}`);
@@ -552,6 +554,20 @@ export const isIpInCidr = (ip, cidr) => {
     }
 };
 
+/**
+ *
+ * @param {string} subnetMask
+ * @returns {IPv4 | null}
+ */
+export const parseSubnetMask = (subnetMask) => {
+    try {
+        return ipaddr.parse(subnetMask).prefixLengthFromSubnetMask();
+    } catch (e) {
+        console.error(e);
+        return null;
+    }
+};
+
 /**
  *
  * @param {string} subnetMask
@@ -759,6 +775,30 @@ export const sortIp = (a, b) => {
     }
 };
 
+
+/**
+ * @param {number} filterId
+ * @returns {string}
+ */
+export const getSpecialFilterName = (filterId) => {
+    switch (filterId) {
+        case SPECIAL_FILTER_ID.CUSTOM_FILTERING_RULES:
+            return i18n.t('custom_filter_rules');
+        case SPECIAL_FILTER_ID.SYSTEM_HOSTS:
+            return i18n.t('system_host_files');
+        case SPECIAL_FILTER_ID.BLOCKED_SERVICES:
+            return i18n.t('blocked_services');
+        case SPECIAL_FILTER_ID.PARENTAL:
+            return i18n.t('parental_control');
+        case SPECIAL_FILTER_ID.SAFE_BROWSING:
+            return i18n.t('safe_browsing');
+        case SPECIAL_FILTER_ID.SAFE_SEARCH:
+            return i18n.t('safe_search');
+        default:
+            return i18n.t('unknown_filter', { filterId });
+    }
+};
+
 /**
  * @param {array} filters
  * @param {array} whitelistFilters
@@ -770,16 +810,15 @@ export const getFilterName = (
     filters,
     whitelistFilters,
     filterId,
-    customFilterTranslationKey = 'custom_filter_rules',
     resolveFilterName = (filter) => (filter ? filter.name : i18n.t('unknown_filter', { filterId })),
 ) => {
-    if (filterId === CUSTOM_FILTERING_RULES_ID) {
-        return i18n.t(customFilterTranslationKey);
+    const specialFilterIds = Object.values(SPECIAL_FILTER_ID);
+    if (specialFilterIds.includes(filterId)) {
+        return getSpecialFilterName(filterId);
     }
 
     const matchIdPredicate = (filter) => filter.id === filterId;
     const filter = filters.find(matchIdPredicate) || whitelistFilters.find(matchIdPredicate);
-
     return resolveFilterName(filter);
 };
 

client/src/helpers/trackers/adguard.json

@@ -1,5 +1,5 @@
 {
-    "timeUpdated": "2018-10-14",
+    "timeUpdated": "2021-12-15",
     "categories": {
         "0": "audio_video_player",
         "1": "comments",
@@ -14,6 +14,7 @@
         "10": "hosting",
         "11": "unknown",
         "12": "extensions",
+        "13": "email",
         "101": "mobile_analytics"
     },
     "trackers": {

client/src/helpers/validators.js

@@ -1,4 +1,5 @@
 import i18next from 'i18next';
+
 import {
     MAX_PORT,
     R_CIDR,
@@ -14,7 +15,7 @@ import {
     R_DOMAIN,
 } from './constants';
 import { ip4ToInt, isValidAbsolutePath } from './form';
-import { isIpInCidr } from './helpers';
+import { isIpInCidr, parseSubnetMask } from './helpers';
 
 // Validation functions
 // https://redux-form.com/8.3.0/examples/fieldlevelvalidation/
@@ -44,7 +45,7 @@ export const validateIpv4RangeEnd = (_, allValues) => {
     const { range_end, range_start } = allValues.v4;
 
     if (ip4ToInt(range_end) <= ip4ToInt(range_start)) {
-        return 'range_end_error';
+        return 'greater_range_start_error';
     }
 
     return undefined;
@@ -61,6 +62,89 @@ export const validateIpv4 = (value) => {
     return undefined;
 };
 
+/**
+ * @returns {undefined|string}
+ * @param _
+ * @param allValues
+ */
+export const validateNotInRange = (value, allValues) => {
+    if (!allValues.v4) {
+        return undefined;
+    }
+
+    const { range_start, range_end } = allValues.v4;
+
+    if (range_start && validateIpv4(range_start)) {
+        return 'form_error_ip4_range_start_format';
+    }
+
+    if (range_end && validateIpv4(range_end)) {
+        return 'form_error_ip4_range_end_format';
+    }
+
+    const isAboveMin = range_start && ip4ToInt(value) >= ip4ToInt(range_start);
+    const isBelowMax = range_end && ip4ToInt(value) <= ip4ToInt(range_end);
+
+    if (isAboveMin && isBelowMax) {
+        return i18next.t('out_of_range_error', {
+            start: range_start,
+            end: range_end,
+        });
+    }
+
+    if (!range_end && isAboveMin) {
+        return 'lower_range_start_error';
+    }
+
+    if (!range_start && isBelowMax) {
+        return 'greater_range_end_error';
+    }
+
+    return undefined;
+};
+
+/**
+ * @returns {undefined|string}
+ * @param _
+ * @param allValues
+ */
+export const validateGatewaySubnetMask = (_, allValues) => {
+    if (!allValues || !allValues.v4 || !allValues.v4.subnet_mask || !allValues.v4.gateway_ip) {
+        return 'gateway_or_subnet_invalid';
+    }
+
+    const { subnet_mask, gateway_ip } = allValues.v4;
+
+    if (validateIpv4(gateway_ip)) {
+        return 'form_error_ip4_gateway_format';
+    }
+
+    return parseSubnetMask(subnet_mask) ? undefined : 'gateway_or_subnet_invalid';
+};
+
+/**
+ * @returns {undefined|string}
+ * @param value
+ * @param allValues
+ */
+export const validateIpForGatewaySubnetMask = (value, allValues) => {
+    if (!allValues || !allValues.v4 || !value) {
+        return undefined;
+    }
+
+    const {
+        gateway_ip, subnet_mask,
+    } = allValues.v4;
+
+    const subnetPrefix = parseSubnetMask(subnet_mask);
+
+    if (!isIpInCidr(value, `${gateway_ip}/${subnetPrefix}`)) {
+        return 'subnet_error';
+    }
+
+    return undefined;
+};
+
 /**
  * @param value {string}
  * @returns {undefined|string}
@@ -83,6 +167,21 @@ export const validateClientId = (value) => {
     return undefined;
 };
 
+/**
+ * @param value {string}
+ * @returns {undefined|string}
+ */
+export const validateConfigClientId = (value) => {
+    if (!value) {
+        return undefined;
+    }
+    const formattedValue = value.trim();
+    if (formattedValue && !R_CLIENT_ID.test(formattedValue)) {
+        return 'form_error_client_id_format';
+    }
+    return undefined;
+};
+
 /**
  * @param value {string}
  * @returns {undefined|string}
@@ -131,17 +230,6 @@ export const validateMac = (value) => {
     return undefined;
 };
 
-/**
- * @param value {number}
- * @returns {boolean|*}
- */
-export const validateBiggerOrEqualZeroValue = (value) => {
-    if (value < 0) {
-        return 'form_error_negative';
-    }
-    return false;
-};
-
 /**
  * @param value {number}
  * @returns {undefined|string}

client/src/i18n.js

@@ -12,6 +12,7 @@ import de from './__locales/de.json';
 import en from './__locales/en.json';
 import es from './__locales/es.json';
 import fa from './__locales/fa.json';
+import fi from './__locales/fi.json';
 import fr from './__locales/fr.json';
 import hr from './__locales/hr.json';
 import hu from './__locales/hu.json';
@@ -33,6 +34,7 @@ import srCS from './__locales/sr-cs.json';
 import sv from './__locales/sv.json';
 import th from './__locales/th.json';
 import tr from './__locales/tr.json';
+import uk from './__locales/uk.json';
 import vi from './__locales/vi.json';
 import zhCN from './__locales/zh-cn.json';
 import zhHK from './__locales/zh-hk.json';
@@ -40,108 +42,42 @@ import zhTW from './__locales/zh-tw.json';
 import { setHtmlLangAttr } from './helpers/helpers';
 
 const resources = {
-    en: {
-        translation: en,
-    },
-    enUS: {
-        translation: en,
-    },
-    vi: {
-        translation: vi,
-    },
-    ru: {
-        translation: ru,
-    },
-    es: {
-        translation: es,
-    },
-    fr: {
-        translation: fr,
-    },
-    ja: {
-        translation: ja,
-    },
-    sv: {
-        translation: sv,
-    },
-    'pt-br': {
-        translation: ptBR,
-    },
-    'zh-hk': {
-        translation: zhHK,
-    },
-    'zh-tw': {
-        translation: zhTW,
-    },
-    bg: {
-        translation: bg,
-    },
-    be: {
-        translation: be,
-    },
-    'zh-cn': {
-        translation: zhCN,
-    },
-    cs: {
-        translation: cs,
-    },
-    da: {
-        translation: da,
-    },
-    de: {
-        translation: de,
-    },
-    id: {
-        translation: id,
-    },
-    it: {
-        translation: it,
-    },
-    ko: {
-        translation: ko,
-    },
-    no: {
-        translation: no,
-    },
-    nl: {
-        translation: nl,
-    },
-    pl: {
-        translation: pl,
-    },
-    'pt-pt': {
-        translation: ptPT,
-    },
-    sk: {
-        translation: sk,
-    },
-    sl: {
-        translation: sl,
-    },
-    tr: {
-        translation: tr,
-    },
-    'sr-cs': {
-        translation: srCS,
-    },
-    hr: {
-        translation: hr,
-    },
-    hu: {
-        translation: hu,
-    },
-    fa: {
-        translation: fa,
-    },
-    th: {
-        translation: th,
-    },
-    ro: {
-        translation: ro,
-    },
-    'si-lk': {
-        translation: siLk,
-    },
+    be: { translation: be },
+    bg: { translation: bg },
+    cs: { translation: cs },
+    da: { translation: da },
+    de: { translation: de },
+    en: { translation: en },
+    'en-us': { translation: en },
+    es: { translation: es },
+    fa: { translation: fa },
+    fi: { translation: fi },
+    fr: { translation: fr },
+    hr: { translation: hr },
+    hu: { translation: hu },
+    id: { translation: id },
+    it: { translation: it },
+    ja: { translation: ja },
+    ko: { translation: ko },
+    nl: { translation: nl },
+    no: { translation: no },
+    pl: { translation: pl },
+    'pt-br': { translation: ptBR },
+    'pt-pt': { translation: ptPT },
+    ro: { translation: ro },
+    ru: { translation: ru },
+    'si-lk': { translation: siLk },
+    sk: { translation: sk },
+    sl: { translation: sl },
+    'sr-cs': { translation: srCS },
+    sv: { translation: sv },
+    th: { translation: th },
+    tr: { translation: tr },
+    uk: { translation: uk },
+    vi: { translation: vi },
+    'zh-cn': { translation: zhCN },
+    'zh-hk': { translation: zhHK },
+    'zh-tw': { translation: zhTW },
 };
 
 const availableLanguages = Object.keys(LANGUAGES);

go.mod

@@ -3,34 +3,40 @@ module github.com/AdguardTeam/AdGuardHome
 go 1.16
 
 require (
-	github.com/AdguardTeam/dnsproxy v0.39.8
-	github.com/AdguardTeam/golibs v0.9.3
-	github.com/AdguardTeam/urlfilter v0.14.6
+	github.com/AdguardTeam/dnsproxy v0.39.13
+	github.com/AdguardTeam/golibs v0.10.3
+	github.com/AdguardTeam/urlfilter v0.15.1
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/ameshkov/dnscrypt/v2 v2.2.2
 	github.com/digineo/go-ipset/v2 v2.2.1
 	github.com/fsnotify/fsnotify v1.4.9
 	github.com/go-ping/ping v0.0.0-20210506233800-ff8be3320020
 	github.com/google/go-cmp v0.5.5
+	github.com/google/gopacket v1.1.19
 	github.com/google/renameio v1.0.1
 	github.com/insomniacslk/dhcp v0.0.0-20210310193751-cfd4d47082c2
 	github.com/kardianos/service v1.2.0
 	github.com/lucas-clemente/quic-go v0.21.1
+	github.com/mdlayher/ethernet v0.0.0-20190606142754-0394541c37b7
 	github.com/mdlayher/netlink v1.4.0
-	github.com/mdlayher/raw v0.0.0-20210412142147-51b895745faf // indirect
+	github.com/mdlayher/raw v0.0.0-20210412142147-51b895745faf
 	github.com/miekg/dns v1.1.43
 	github.com/satori/go.uuid v1.2.0
-	github.com/stretchr/objx v0.1.1 // indirect
 	github.com/stretchr/testify v1.7.0
 	github.com/ti-mo/netfilter v0.4.0
 	go.etcd.io/bbolt v1.3.6
 	golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
-	golang.org/x/net v0.0.0-20210825183410-e898025ed96a
-	golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e
+	golang.org/x/net v0.0.0-20210929193557-e81a3d93ecf6
+	golang.org/x/sys v0.0.0-20210909193231-528a39cd75f3
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
 	gopkg.in/yaml.v2 v2.4.0
 	howett.net/plist v0.0.0-20201203080718-1454fab16a06
 )
 
+require github.com/stretchr/objx v0.1.1 // indirect
+
 // TODO(e.burkov):  Get rid of the fork in v0.108.0.
 replace github.com/insomniacslk/dhcp => github.com/AdguardTeam/dhcp v0.0.0-20210519141215-51808c73c0bf
+
+// TODO(a.garipov): Return to the main repo once miekg/dns#1317 is merged.
+replace github.com/miekg/dns => github.com/ameshkov/dns v1.1.32-0.20211214123418-7a5e0dc5f1b0

go.sum

@@ -9,26 +9,28 @@ dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D
 git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
 github.com/AdguardTeam/dhcp v0.0.0-20210519141215-51808c73c0bf h1:gc042VRSIRSUzZ+Px6xQCRWNJZTaPkomisDfUZmoFNk=
 github.com/AdguardTeam/dhcp v0.0.0-20210519141215-51808c73c0bf/go.mod h1:TKl4jN3Voofo4UJIicyNhWGp/nlQqQkFxmwIFTvBkKI=
-github.com/AdguardTeam/dnsproxy v0.39.8 h1:miRhkZBx/19Rs1o10r3QC0D0Zc2J2Id/cqXwfvLOyM0=
-github.com/AdguardTeam/dnsproxy v0.39.8/go.mod h1:eDpJKAdkHORRwAedjuERv+7SWlcz4cn+5uwrbUAWHRY=
+github.com/AdguardTeam/dnsproxy v0.39.13 h1:7YM5Mr4EpFZ8UO4/4xd6zBG3lZ6AzZO6Xq29Cr4ydOY=
+github.com/AdguardTeam/dnsproxy v0.39.13/go.mod h1:g7zjF1TWpKNeDVh6h3YrjQN8565zsWRd7zo++C/935c=
 github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/golibs v0.4.2/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/golibs v0.9.2/go.mod h1:fCAMwPBJ8S7YMYbTWvYS+eeTLblP5E04IDtNAo7y7IY=
-github.com/AdguardTeam/golibs v0.9.3 h1:noeKHJEzrSwxzX0Zi3USM3cXf1qQV99SO772jet/uEY=
-github.com/AdguardTeam/golibs v0.9.3/go.mod h1:fCAMwPBJ8S7YMYbTWvYS+eeTLblP5E04IDtNAo7y7IY=
+github.com/AdguardTeam/golibs v0.10.3 h1:FBgk17zf35ESVWQKIqEUiqqB2bDaCBC8X5vMU760yB4=
+github.com/AdguardTeam/golibs v0.10.3/go.mod h1:rSfQRGHIdgfxriDDNgNJ7HmE5zRoURq8R+VdR81Zuzw=
 github.com/AdguardTeam/gomitmproxy v0.2.0/go.mod h1:Qdv0Mktnzer5zpdpi5rAwixNJzW2FN91LjKJCkVbYGU=
-github.com/AdguardTeam/urlfilter v0.14.6 h1:emqoKZElooHACYehRBYENeKVN1a/rspxiqTIMYLuoIo=
-github.com/AdguardTeam/urlfilter v0.14.6/go.mod h1:klx4JbOfc4EaNb5lWLqOwfg+pVcyRukmoJRvO55lL5U=
+github.com/AdguardTeam/urlfilter v0.15.1 h1:dP6S7J6eFAk8MN4IDpUq2fZoBo8K8fmc6pXpxNIv84M=
+github.com/AdguardTeam/urlfilter v0.15.1/go.mod h1:EwXwrYhowP7bedqmOrmKKmQtpBYFyDNEBFQ+lxdUgQU=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
 github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
-github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d h1:G0m3OIz70MZUWq3EgK3CesDbo8upS2Vm9/P3FtgI+Jk=
-github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
+github.com/StackExchange/wmi v1.2.1 h1:VIkavFPXSjcnS+O8yTq7NI32k0R5Aj+v39y29VYDOSA=
+github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
 github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw=
 github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635/go.mod h1:lmLxL+FV291OopO93Bwf9fQLQeLyt33VJRUg5VJ30us=
+github.com/ameshkov/dns v1.1.32-0.20211214123418-7a5e0dc5f1b0 h1:a6ca3WlDG4zvUWqVFpVu48b9NZJ0fUFlRhiZKKkq+aw=
+github.com/ameshkov/dns v1.1.32-0.20211214123418-7a5e0dc5f1b0/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/ameshkov/dnscrypt/v2 v2.2.2 h1:lxtS1iSA2EjTOMToSi+2+rwspNA+b/wG5/JpccvE9CU=
 github.com/ameshkov/dnscrypt/v2 v2.2.2/go.mod h1:+8SbPbVXpxxcUsgGi8eodkqWPo1MyNHxKYC8hDpqLSo=
 github.com/ameshkov/dnsstamps v1.0.1/go.mod h1:Ii3eUu73dx4Vw5O4wjzmT5+lkCwovjzaEZZ4gKyIH5A=
@@ -60,11 +62,10 @@ github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
-github.com/go-ole/go-ole v1.2.4 h1:nNBDSCOigTSiarFpYE9J/KtEA1IOW4CNeqT9TQDqCxI=
-github.com/go-ole/go-ole v1.2.4/go.mod h1:XCwSNxSkXRo4vlyPy93sltvi/qJq0jqQhjqQNIwKuxM=
+github.com/go-ole/go-ole v1.2.5 h1:t4MGB5xEDZvXI+0rMjjsfBsD7yAgp/s9ZDkL1JndXwY=
+github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-ping/ping v0.0.0-20210506233800-ff8be3320020 h1:mdi6AbCEoKCA1xKCmp7UtRB5fvGFlP92PvlhxgdvXEw=
 github.com/go-ping/ping v0.0.0-20210506233800-ff8be3320020/go.mod h1:KmHOjTUmJh/l04ukqPoBWPEZr9jwN05h5NXQl5C+DyY=
-github.com/go-test/deep v1.0.5 h1:AKODKU3pDH1RzZzm6YZu77YWtEAq6uh1rLIAQlay2qc=
 github.com/go-test/deep v1.0.5/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
@@ -93,6 +94,8 @@ github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
+github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
+github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/renameio v1.0.1 h1:Lh/jXZmvZxb0BBeSY5VKEfidcbcbenKjZFzM/q0fSeU=
@@ -107,7 +110,6 @@ github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714 h1:/jC7qQFrv8
 github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714/go.mod h1:2Goc3h8EklBH5mspfHFxBnEoURQCGzQQH1ga9Myjvis=
 github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
-github.com/joomcode/errorx v1.0.1/go.mod h1:kgco15ekB6cs+4Xjzo7SPeXzx38PbJzBwbnu9qfVNHQ=
 github.com/joomcode/errorx v1.0.3 h1:3e1mi0u7/HTPNdg6d6DYyKGBhA5l9XpsfuVE29NxnWw=
 github.com/joomcode/errorx v1.0.3/go.mod h1:eQzdtdlNyN7etw6YCS4W4+lu442waxZYw5yvz0ULrRo=
 github.com/josharian/native v0.0.0-20200817173448-b6b71def0850 h1:uhL5Gw7BINiiPAo24A2sxkcDI0Jt/sqp1v5xQCniEFA=
@@ -168,10 +170,6 @@ github.com/mdlayher/raw v0.0.0-20191009151244-50f2db8cc065/go.mod h1:7EpbotpCmVZ
 github.com/mdlayher/raw v0.0.0-20210412142147-51b895745faf h1:InctQoB89TIkmgIFQeIL4KXNvWc1iebQXdZggqPSwL8=
 github.com/mdlayher/raw v0.0.0-20210412142147-51b895745faf/go.mod h1:7EpbotpCmVZcu+KCX4g9WaRNuu11uyhiW7+Le1dKawg=
 github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
-github.com/miekg/dns v1.1.35/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
-github.com/miekg/dns v1.1.40/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
-github.com/miekg/dns v1.1.43 h1:JKfpVSCB84vrAmHzyrsxB5NAr5kLoMXZArPSw7Qlgyg=
-github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo=
@@ -203,8 +201,8 @@ github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR
 github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
-github.com/shirou/gopsutil v2.20.3+incompatible h1:0JVooMPsT7A7HqEYdydp/OfjSOYSjhXV7w1hkKj/NPQ=
-github.com/shirou/gopsutil v2.20.3+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
+github.com/shirou/gopsutil/v3 v3.21.8 h1:nKct+uP0TV8DjjNiHanKf8SAuub+GNsbrOtM9Nl9biA=
+github.com/shirou/gopsutil/v3 v3.21.8/go.mod h1:YWp/H8Qs5fVmf17v7JNZzA0mPJ+mS2e9JdiUF9LlKzQ=
 github.com/shurcooL/component v0.0.0-20170202220835-f88ec8f54cc4/go.mod h1:XhFIlyj5a1fBNx5aJTbKoIq0mNaPvOagO+HjB3EtxrY=
 github.com/shurcooL/events v0.0.0-20181021180414-410e4ca65f48/go.mod h1:5u70Mqkb5O5cxEA8nxTsgrgLehJeAw6Oc4Ab1c/P1HM=
 github.com/shurcooL/github_flavored_markdown v0.0.0-20181002035957-2122de532470/go.mod h1:2dOwnU2uBioM+SGy2aZoq1f/Sd1l9OkAeAUvjSyvgU0=
@@ -244,6 +242,10 @@ github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cb
 github.com/ti-mo/netfilter v0.2.0/go.mod h1:8GbBGsY/8fxtyIdfwy29JiluNcPK4K7wIT+x42ipqUU=
 github.com/ti-mo/netfilter v0.4.0 h1:rTN1nBYULDmMfDeBHZpKuNKX/bWEXQUhe02a/10orzg=
 github.com/ti-mo/netfilter v0.4.0/go.mod h1:V54q75mUx8CNA2JnFl+wv9iZ5+JP9nCcRlaFS5OZSRM=
+github.com/tklauser/go-sysconf v0.3.9 h1:JeUVdAOWhhxVcU6Eqr/ATFHgXk/mmiItdKeJPev3vTo=
+github.com/tklauser/go-sysconf v0.3.9/go.mod h1:11DU/5sG7UexIrp/O6g35hrWzu0JxlwQ3LSFUzyeuhs=
+github.com/tklauser/numcpus v0.3.0 h1:ILuRUQBtssgnxw0XXIjKUC56fgnOrFoQQ/4+DeU2biQ=
+github.com/tklauser/numcpus v0.3.0/go.mod h1:yFGUr7TUHQRAhyqBcEg0Ge34zDBAsIvJJcyE6boqnA8=
 github.com/u-root/u-root v7.0.0+incompatible h1:u+KSS04pSxJGI5E7WE4Bs9+Zd75QjFv+REkjy/aoAc8=
 github.com/u-root/u-root v7.0.0+incompatible/go.mod h1:RYkpo8pTHrNjW08opNd/U6p/RJE7K0D8fXO0d47+3YY=
 github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
@@ -268,7 +270,9 @@ golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL
 golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -284,7 +288,6 @@ golang.org/x/net v0.0.0-20190419010253-1f3472d942ba/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191007182048-72f939374954/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
@@ -300,8 +303,9 @@ golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210825183410-e898025ed96a h1:bRuuGXV8wwSdGTB+CtJf+FjgO1APK1CoO39T4BN/XBw=
-golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210908191846-a5e095526f91/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210929193557-e81a3d93ecf6 h1:Z04ewVs7JhXaYkmDhBERPi41gnltfQpMWDnTnQbaCqk=
+golang.org/x/net v0.0.0-20210929193557-e81a3d93ecf6/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -327,7 +331,7 @@ golang.org/x/sys v0.0.0-20190418153312-f0ce4c0180be/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190606122018-79a91cf218c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -351,21 +355,23 @@ golang.org/x/sys v0.0.0-20210110051926-789bb1bd4061/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210123111255-9b0068b26619/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210216163648-f7da38b97c65/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e h1:XMgFehsDnnLGtjvjOfqWSUzt0alpTR1RSEuznObga2c=
-golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210816074244-15123e1e1f71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210909193231-528a39cd75f3 h1:3Ad41xy2WCESpufXwgs7NpDSu+vjxqLt2UFqUV+20bI=
+golang.org/x/sys v0.0.0-20210909193231-528a39cd75f3/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -376,8 +382,10 @@ golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2 h1:BonxutuHCTL0rBDnZlKjpGIQFTjyUVTexFOdWkB6Fg0=
+golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

internal/aghhttp/aghhttp.go

@@ -0,0 +1,24 @@
+// Package aghhttp provides some common methods to work with HTTP.
+package aghhttp
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+
+	"github.com/AdguardTeam/golibs/log"
+)
+
+// OK responds with word OK.
+func OK(w http.ResponseWriter) {
+	if _, err := io.WriteString(w, "OK\n"); err != nil {
+		log.Error("couldn't write body: %s", err)
+	}
+}
+
+// Error writes formatted message to w and also logs it.
+func Error(r *http.Request, w http.ResponseWriter, code int, format string, args ...interface{}) {
+	text := fmt.Sprintf(format, args...)
+	log.Error("%s %s: %s", r.Method, r.URL, text)
+	http.Error(w, text, code)
+}

internal/aghio/limitedreader.go

@@ -11,7 +11,7 @@ type LimitReachedError struct {
 	Limit int64
 }
 
-// Error implements error interface for LimitReachedError.
+// Error implements the error interface for LimitReachedError.
 //
 // TODO(a.garipov): Think about error string format.
 func (lre *LimitReachedError) Error() string {
@@ -35,7 +35,7 @@ func (lr *limitedReader) Read(p []byte) (n int, err error) {
 	}
 
 	if int64(len(p)) > lr.n {
-		p = p[0:lr.n]
+		p = p[:lr.n]
 	}
 
 	n, err = lr.r.Read(p)

internal/aghio/limitedreader_test.go

@@ -1,38 +1,38 @@
 package aghio
 
 import (
-	"fmt"
 	"io"
 	"strings"
 	"testing"
 
+	"github.com/AdguardTeam/golibs/testutil"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
 func TestLimitReader(t *testing.T) {
 	testCases := []struct {
-		want error
-		name string
-		n    int64
+		wantErrMsg string
+		name       string
+		n          int64
 	}{{
-		want: nil,
-		name: "positive",
-		n:    1,
+		wantErrMsg: "",
+		name:       "positive",
+		n:          1,
 	}, {
-		want: nil,
-		name: "zero",
-		n:    0,
+		wantErrMsg: "",
+		name:       "zero",
+		n:          0,
 	}, {
-		want: fmt.Errorf("aghio: invalid n in LimitReader: -1"),
-		name: "negative",
-		n:    -1,
+		wantErrMsg: "aghio: invalid n in LimitReader: -1",
+		name:       "negative",
+		n:          -1,
 	}}
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			_, err := LimitReader(nil, tc.n)
-			assert.Equal(t, tc.want, err)
+			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
 		})
 	}
 }
@@ -73,36 +73,23 @@ func TestLimitedReader_Read(t *testing.T) {
 	}}
 
 	for _, tc := range testCases {
+		readCloser := io.NopCloser(strings.NewReader(tc.rStr))
+		lreader, err := LimitReader(readCloser, tc.limit)
+		require.NoError(t, err)
+		require.NotNil(t, lreader)
+
 		t.Run(tc.name, func(t *testing.T) {
-			readCloser := io.NopCloser(strings.NewReader(tc.rStr))
 			buf := make([]byte, tc.limit+1)
+			n, rerr := lreader.Read(buf)
+			require.Equal(t, rerr, tc.err)
 
-			lreader, err := LimitReader(readCloser, tc.limit)
-			require.NoError(t, err)
-
-			n, err := lreader.Read(buf)
-			require.Equal(t, tc.err, err)
 			assert.Equal(t, tc.want, n)
 		})
 	}
 }
 
 func TestLimitedReader_LimitReachedError(t *testing.T) {
-	testCases := []struct {
-		err  error
-		name string
-		want string
-	}{{
-		err: &LimitReachedError{
-			Limit: 0,
-		},
-		name: "simplest",
-		want: "attempted to read more than 0 bytes",
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			assert.Equal(t, tc.want, tc.err.Error())
-		})
-	}
+	testutil.AssertErrorMsg(t, "attempted to read more than 0 bytes", &LimitReachedError{
+		Limit: 0,
+	})
 }

internal/aghnet/etchostscontainer.go

@@ -1,387 +0,0 @@
-package aghnet
-
-import (
-	"bufio"
-	"net"
-	"os"
-	"path/filepath"
-	"runtime"
-	"strings"
-	"sync"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
-	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/log"
-	"github.com/AdguardTeam/golibs/netutil"
-	"github.com/fsnotify/fsnotify"
-	"github.com/miekg/dns"
-)
-
-type onChangedT func()
-
-// EtcHostsContainer - automatic DNS records
-//
-// TODO(e.burkov): Move the logic under interface.  Refactor.  Probably remove
-// the resolving logic.
-type EtcHostsContainer struct {
-	// lock protects table and tableReverse.
-	lock sync.RWMutex
-	// table is the host-to-IPs map.
-	table map[string][]net.IP
-	// tableReverse is the IP-to-hosts map.  The type of the values in the
-	// map is []string.
-	tableReverse *netutil.IPMap
-
-	hostsFn   string            // path to the main hosts-file
-	hostsDirs []string          // paths to OS-specific directories with hosts-files
-	watcher   *fsnotify.Watcher // file and directory watcher object
-
-	// onlyWritesChan used to contain only writing events from watcher.
-	onlyWritesChan chan fsnotify.Event
-
-	onChanged onChangedT // notification to other modules
-}
-
-// SetOnChanged - set callback function that will be called when the data is changed
-func (ehc *EtcHostsContainer) SetOnChanged(onChanged onChangedT) {
-	ehc.onChanged = onChanged
-}
-
-// Notify other modules
-func (ehc *EtcHostsContainer) notify() {
-	if ehc.onChanged == nil {
-		return
-	}
-	ehc.onChanged()
-}
-
-// Init - initialize
-// hostsFn: Override default name for the hosts-file (optional)
-func (ehc *EtcHostsContainer) Init(hostsFn string) {
-	ehc.table = make(map[string][]net.IP)
-	ehc.onlyWritesChan = make(chan fsnotify.Event, 2)
-
-	ehc.hostsFn = "/etc/hosts"
-	if runtime.GOOS == "windows" {
-		ehc.hostsFn = os.ExpandEnv("$SystemRoot\\system32\\drivers\\etc\\hosts")
-	}
-	if len(hostsFn) != 0 {
-		ehc.hostsFn = hostsFn
-	}
-
-	if aghos.IsOpenWrt() {
-		// OpenWrt: "/tmp/hosts/dhcp.cfg01411c".
-		ehc.hostsDirs = append(ehc.hostsDirs, "/tmp/hosts")
-	}
-
-	// Load hosts initially
-	ehc.updateHosts()
-
-	var err error
-	ehc.watcher, err = fsnotify.NewWatcher()
-	if err != nil {
-		log.Error("etchosts: %s", err)
-	}
-}
-
-// Start - start module
-func (ehc *EtcHostsContainer) Start() {
-	if ehc == nil {
-		return
-	}
-
-	log.Debug("Start etchostscontainer module")
-
-	ehc.updateHosts()
-
-	if ehc.watcher != nil {
-		go ehc.watcherLoop()
-
-		err := ehc.watcher.Add(ehc.hostsFn)
-		if err != nil {
-			log.Error("Error while initializing watcher for a file %s: %s", ehc.hostsFn, err)
-		}
-
-		for _, dir := range ehc.hostsDirs {
-			err = ehc.watcher.Add(dir)
-			if err != nil {
-				log.Error("Error while initializing watcher for a directory %s: %s", dir, err)
-			}
-		}
-	}
-}
-
-// Close - close module
-func (ehc *EtcHostsContainer) Close() {
-	if ehc == nil {
-		return
-	}
-
-	if ehc.watcher != nil {
-		_ = ehc.watcher.Close()
-	}
-
-	// Don't close onlyWritesChan here and let onlyWrites close it after
-	// watcher.Events is closed to prevent close races.
-}
-
-// Process returns the list of IP addresses for the hostname or nil if nothing
-// found.
-func (ehc *EtcHostsContainer) Process(host string, qtype uint16) []net.IP {
-	if qtype == dns.TypePTR {
-		return nil
-	}
-
-	var ipsCopy []net.IP
-	ehc.lock.RLock()
-	defer ehc.lock.RUnlock()
-
-	if ips, ok := ehc.table[host]; ok {
-		ipsCopy = make([]net.IP, len(ips))
-		copy(ipsCopy, ips)
-	}
-
-	log.Debug("etchosts: answer: %s -> %v", host, ipsCopy)
-	return ipsCopy
-}
-
-// ProcessReverse processes a PTR request.  It returns nil if nothing is found.
-func (ehc *EtcHostsContainer) ProcessReverse(addr string, qtype uint16) (hosts []string) {
-	if qtype != dns.TypePTR {
-		return nil
-	}
-
-	ip, err := netutil.IPFromReversedAddr(addr)
-	if err != nil {
-		log.Error("etchosts: reversed addr: %s", err)
-
-		return nil
-	}
-
-	ehc.lock.RLock()
-	defer ehc.lock.RUnlock()
-
-	v, ok := ehc.tableReverse.Get(ip)
-	if !ok {
-		return nil
-	}
-
-	hosts, ok = v.([]string)
-	if !ok {
-		log.Error("etchosts: bad type %T in tableReverse for %s", v, ip)
-
-		return nil
-	} else if len(hosts) == 0 {
-		return nil
-	}
-
-	log.Debug("etchosts: reverse-lookup: %s -> %s", addr, hosts)
-
-	return hosts
-}
-
-// List returns an IP-to-hostnames table.  The type of the values in the map is
-// []string.  It is safe for concurrent use.
-func (ehc *EtcHostsContainer) List() (ipToHosts *netutil.IPMap) {
-	ehc.lock.RLock()
-	defer ehc.lock.RUnlock()
-
-	return ehc.tableReverse.ShallowClone()
-}
-
-// update table
-func (ehc *EtcHostsContainer) updateTable(table map[string][]net.IP, host string, ipAddr net.IP) {
-	ips, ok := table[host]
-	if ok {
-		for _, ip := range ips {
-			if ip.Equal(ipAddr) {
-				// IP already exists: don't add duplicates
-				ok = false
-				break
-			}
-		}
-		if !ok {
-			ips = append(ips, ipAddr)
-			table[host] = ips
-		}
-	} else {
-		table[host] = []net.IP{ipAddr}
-		ok = true
-	}
-	if ok {
-		log.Debug("etchosts: added %s -> %s", ipAddr, host)
-	}
-}
-
-// updateTableRev updates the reverse address table.
-func (ehc *EtcHostsContainer) updateTableRev(tableRev *netutil.IPMap, newHost string, ip net.IP) {
-	v, ok := tableRev.Get(ip)
-	if !ok {
-		tableRev.Set(ip, []string{newHost})
-		log.Debug("etchosts: added reverse-address %s -> %s", ip, newHost)
-
-		return
-	}
-
-	hosts, _ := v.([]string)
-	for _, host := range hosts {
-		if host == newHost {
-			return
-		}
-	}
-
-	hosts = append(hosts, newHost)
-	tableRev.Set(ip, hosts)
-
-	log.Debug("etchosts: added reverse-address %s -> %s", ip, newHost)
-}
-
-// parseHostsLine parses hosts from the fields.
-func parseHostsLine(fields []string) (hosts []string) {
-	for _, f := range fields {
-		hashIdx := strings.IndexByte(f, '#')
-		if hashIdx == 0 {
-			// The rest of the fields are a part of the comment.
-			// Skip immediately.
-			return
-		} else if hashIdx > 0 {
-			// Only a part of the field is a comment.
-			hosts = append(hosts, f[:hashIdx])
-
-			return hosts
-		}
-
-		hosts = append(hosts, f)
-	}
-
-	return hosts
-}
-
-// load reads IP-hostname pairs from the hosts file.  Multiple hostnames per
-// line for one IP are supported.
-func (ehc *EtcHostsContainer) load(
-	table map[string][]net.IP,
-	tableRev *netutil.IPMap,
-	fn string,
-) {
-	f, err := os.Open(fn)
-	if err != nil {
-		log.Error("etchosts: %s", err)
-
-		return
-	}
-
-	defer func() {
-		derr := f.Close()
-		if derr != nil {
-			log.Error("etchosts: closing file: %s", err)
-		}
-	}()
-
-	log.Debug("etchosts: loading hosts from file %s", fn)
-
-	s := bufio.NewScanner(f)
-	for s.Scan() {
-		line := strings.TrimSpace(s.Text())
-		fields := strings.Fields(line)
-		if len(fields) < 2 {
-			continue
-		}
-
-		ip := net.ParseIP(fields[0])
-		if ip == nil {
-			continue
-		}
-
-		hosts := parseHostsLine(fields[1:])
-		for _, host := range hosts {
-			ehc.updateTable(table, host, ip)
-			ehc.updateTableRev(tableRev, host, ip)
-		}
-	}
-
-	err = s.Err()
-	if err != nil {
-		log.Error("etchosts: %s", err)
-	}
-}
-
-// onlyWrites is a filter for (*fsnotify.Watcher).Events.
-func (ehc *EtcHostsContainer) onlyWrites() {
-	for event := range ehc.watcher.Events {
-		if event.Op&fsnotify.Write == fsnotify.Write {
-			ehc.onlyWritesChan <- event
-		}
-	}
-
-	close(ehc.onlyWritesChan)
-}
-
-// Receive notifications from fsnotify package
-func (ehc *EtcHostsContainer) watcherLoop() {
-	go ehc.onlyWrites()
-	for {
-		select {
-		case event, ok := <-ehc.onlyWritesChan:
-			if !ok {
-				return
-			}
-
-			// Assume that we sometimes have the same event occurred
-			// several times.
-			repeat := true
-			for repeat {
-				select {
-				case _, ok = <-ehc.onlyWritesChan:
-					repeat = ok
-				default:
-					repeat = false
-				}
-			}
-
-			if event.Op&fsnotify.Write == fsnotify.Write {
-				log.Debug("etchosts: modified: %s", event.Name)
-				ehc.updateHosts()
-			}
-
-		case err, ok := <-ehc.watcher.Errors:
-			if !ok {
-				return
-			}
-			log.Error("etchosts: %s", err)
-		}
-	}
-}
-
-// updateHosts - loads system hosts
-func (ehc *EtcHostsContainer) updateHosts() {
-	table := make(map[string][]net.IP)
-	tableRev := netutil.NewIPMap(0)
-
-	ehc.load(table, tableRev, ehc.hostsFn)
-
-	for _, dir := range ehc.hostsDirs {
-		des, err := os.ReadDir(dir)
-		if err != nil {
-			if !errors.Is(err, os.ErrNotExist) {
-				log.Error("etchosts: Opening directory: %q: %s", dir, err)
-			}
-
-			continue
-		}
-
-		for _, de := range des {
-			ehc.load(table, tableRev, filepath.Join(dir, de.Name()))
-		}
-	}
-
-	func() {
-		ehc.lock.Lock()
-		defer ehc.lock.Unlock()
-
-		ehc.table = table
-		ehc.tableReverse = tableRev
-	}()
-
-	ehc.notify()
-}

internal/aghnet/etchostscontainer_test.go

@@ -1,130 +0,0 @@
-package aghnet
-
-import (
-	"net"
-	"os"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
-	"github.com/miekg/dns"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestMain(m *testing.M) {
-	aghtest.DiscardLogOutput(m)
-}
-
-func prepareTestFile(t *testing.T) (f *os.File) {
-	t.Helper()
-
-	dir := t.TempDir()
-
-	f, err := os.CreateTemp(dir, "")
-	require.NoError(t, err)
-	require.NotNil(t, f)
-
-	t.Cleanup(func() {
-		assert.NoError(t, f.Close())
-	})
-
-	return f
-}
-
-func assertWriting(t *testing.T, f *os.File, strs ...string) {
-	t.Helper()
-
-	for _, str := range strs {
-		n, err := f.WriteString(str)
-		require.NoError(t, err)
-		assert.Equal(t, n, len(str))
-	}
-}
-
-func TestEtcHostsContainerResolution(t *testing.T) {
-	ehc := &EtcHostsContainer{}
-
-	f := prepareTestFile(t)
-
-	assertWriting(t, f,
-		"  127.0.0.1   host  localhost # comment \n",
-		"  ::1   localhost#comment  \n",
-	)
-	ehc.Init(f.Name())
-
-	t.Run("existing_host", func(t *testing.T) {
-		ips := ehc.Process("localhost", dns.TypeA)
-		require.Len(t, ips, 1)
-		assert.Equal(t, net.IPv4(127, 0, 0, 1), ips[0])
-	})
-
-	t.Run("unknown_host", func(t *testing.T) {
-		ips := ehc.Process("newhost", dns.TypeA)
-		assert.Nil(t, ips)
-
-		// Comment.
-		ips = ehc.Process("comment", dns.TypeA)
-		assert.Nil(t, ips)
-	})
-
-	t.Run("hosts_file", func(t *testing.T) {
-		names, ok := ehc.List().Get(net.IP{127, 0, 0, 1})
-		require.True(t, ok)
-		assert.Equal(t, []string{"host", "localhost"}, names)
-	})
-
-	t.Run("ptr", func(t *testing.T) {
-		testCases := []struct {
-			wantIP   string
-			wantHost string
-			wantLen  int
-		}{
-			{wantIP: "127.0.0.1", wantHost: "host", wantLen: 2},
-			{wantIP: "::1", wantHost: "localhost", wantLen: 1},
-		}
-
-		for _, tc := range testCases {
-			a, err := dns.ReverseAddr(tc.wantIP)
-			require.NoError(t, err)
-
-			a = strings.TrimSuffix(a, ".")
-			hosts := ehc.ProcessReverse(a, dns.TypePTR)
-			require.Len(t, hosts, tc.wantLen)
-			assert.Equal(t, tc.wantHost, hosts[0])
-		}
-	})
-}
-
-func TestEtcHostsContainerFSNotify(t *testing.T) {
-	ehc := &EtcHostsContainer{}
-
-	f := prepareTestFile(t)
-
-	assertWriting(t, f, "  127.0.0.1   host  localhost  \n")
-	ehc.Init(f.Name())
-
-	t.Run("unknown_host", func(t *testing.T) {
-		ips := ehc.Process("newhost", dns.TypeA)
-		assert.Nil(t, ips)
-	})
-
-	// Start monitoring for changes.
-	ehc.Start()
-	t.Cleanup(ehc.Close)
-
-	assertWriting(t, f, "127.0.0.2   newhost\n")
-	require.NoError(t, f.Sync())
-
-	// Wait until fsnotify has triggered and processed the file-modification
-	// event.
-	time.Sleep(50 * time.Millisecond)
-
-	t.Run("notified", func(t *testing.T) {
-		ips := ehc.Process("newhost", dns.TypeA)
-		assert.NotNil(t, ips)
-		require.Len(t, ips, 1)
-		assert.True(t, net.IP{127, 0, 0, 2}.Equal(ips[0]))
-	})
-}

internal/aghnet/hostscontainer.go

@@ -0,0 +1,563 @@
+package aghnet
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"io/fs"
+	"net"
+	"path"
+	"strings"
+	"sync"
+
+	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
+	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
+	"github.com/AdguardTeam/golibs/stringutil"
+	"github.com/AdguardTeam/urlfilter"
+	"github.com/AdguardTeam/urlfilter/filterlist"
+	"github.com/AdguardTeam/urlfilter/rules"
+	"github.com/miekg/dns"
+)
+
+// DefaultHostsPaths returns the slice of paths default for the operating system
+// to files and directories which are containing the hosts database.  The result
+// is intended to be used within fs.FS so the initial slash is omitted.
+func DefaultHostsPaths() (paths []string) {
+	return defaultHostsPaths()
+}
+
+// requestMatcher combines the logic for matching requests and translating the
+// appropriate rules.
+type requestMatcher struct {
+	// stateLock protects all the fields of requestMatcher.
+	stateLock *sync.RWMutex
+
+	// rulesStrg stores the rules obtained from the hosts' file.
+	rulesStrg *filterlist.RuleStorage
+	// engine serves rulesStrg.
+	engine *urlfilter.DNSEngine
+
+	// translator maps generated $dnsrewrite rules into hosts-syntax rules.
+	//
+	// TODO(e.burkov):  Store the filename from which the rule was parsed.
+	translator map[string]string
+}
+
+// MatchRequest processes the request rewriting hostnames and addresses read
+// from the operating system's hosts files.
+//
+// res is nil for any request having not an A/AAAA or PTR type.  Results
+// containing CNAME information may be queried again with the same question type
+// and the returned CNAME for Host field of request.  Results are guaranteed to
+// be direct, i.e. any returned CNAME resolves into actual address like an alias
+// in hosts does, see man hosts (5).
+//
+// It's safe for concurrent use.
+func (rm *requestMatcher) MatchRequest(
+	req urlfilter.DNSRequest,
+) (res *urlfilter.DNSResult, ok bool) {
+	switch req.DNSType {
+	case dns.TypeA, dns.TypeAAAA, dns.TypePTR:
+		log.Debug("%s: handling the request", hostsContainerPref)
+	default:
+		return nil, false
+	}
+
+	rm.stateLock.RLock()
+	defer rm.stateLock.RUnlock()
+
+	return rm.engine.MatchRequest(req)
+}
+
+// Translate returns the source hosts-syntax rule for the generated dnsrewrite
+// rule or an empty string if the last doesn't exist.
+func (rm *requestMatcher) Translate(rule string) (hostRule string) {
+	rm.stateLock.RLock()
+	defer rm.stateLock.RUnlock()
+
+	return rm.translator[rule]
+}
+
+// resetEng updates container's engine and the translation map.
+func (rm *requestMatcher) resetEng(rulesStrg *filterlist.RuleStorage, tr map[string]string) {
+	rm.stateLock.Lock()
+	defer rm.stateLock.Unlock()
+
+	rm.rulesStrg = rulesStrg
+	rm.engine = urlfilter.NewDNSEngine(rm.rulesStrg)
+
+	rm.translator = tr
+}
+
+// hostsContainerPref is a prefix for logging and wrapping errors in
+// HostsContainer's methods.
+const hostsContainerPref = "hosts container"
+
+// HostsContainer stores the relevant hosts database provided by the OS and
+// processes both A/AAAA and PTR DNS requests for those.
+type HostsContainer struct {
+	// requestMatcher matches the requests and translates the rules.  It's
+	// embedded to implement MatchRequest and Translate for *HostsContainer.
+	//
+	// TODO(a.garipov, e.burkov): Consider fully merging into HostsContainer.
+	requestMatcher
+
+	// done is the channel to sign closing the container.
+	done chan struct{}
+
+	// updates is the channel for receiving updated hosts.
+	updates chan *netutil.IPMap
+
+	// last is the set of hosts that was cached within last detected change.
+	last *netutil.IPMap
+
+	// fsys is the working file system to read hosts files from.
+	fsys fs.FS
+
+	// w tracks the changes in specified files and directories.
+	w aghos.FSWatcher
+
+	// patterns stores specified paths in the fs.Glob-compatible form.
+	patterns []string
+
+	// listID is the identifier for the list of generated rules.
+	listID int
+}
+
+// ErrNoHostsPaths is returned when there are no valid paths to watch passed to
+// the HostsContainer.
+const ErrNoHostsPaths errors.Error = "no valid paths to hosts files provided"
+
+// NewHostsContainer creates a container of hosts, that watches the paths with
+// w.  listID is used as an identifier of the underlying rules list.  paths
+// shouldn't be empty and each of paths should locate either a file or a
+// directory in fsys.  fsys and w must be non-nil.
+func NewHostsContainer(
+	listID int,
+	fsys fs.FS,
+	w aghos.FSWatcher,
+	paths ...string,
+) (hc *HostsContainer, err error) {
+	defer func() { err = errors.Annotate(err, "%s: %w", hostsContainerPref) }()
+
+	if len(paths) == 0 {
+		return nil, ErrNoHostsPaths
+	}
+
+	var patterns []string
+	patterns, err = pathsToPatterns(fsys, paths)
+	if err != nil {
+		return nil, err
+	} else if len(patterns) == 0 {
+		return nil, ErrNoHostsPaths
+	}
+
+	hc = &HostsContainer{
+		requestMatcher: requestMatcher{
+			stateLock: &sync.RWMutex{},
+		},
+		listID:   listID,
+		done:     make(chan struct{}, 1),
+		updates:  make(chan *netutil.IPMap, 1),
+		fsys:     fsys,
+		w:        w,
+		patterns: patterns,
+	}
+
+	log.Debug("%s: starting", hostsContainerPref)
+
+	// Load initially.
+	if err = hc.refresh(); err != nil {
+		return nil, err
+	}
+
+	for _, p := range paths {
+		if err = w.Add(p); err != nil {
+			if !errors.Is(err, fs.ErrNotExist) {
+				return nil, fmt.Errorf("adding path: %w", err)
+			}
+
+			log.Debug("%s: file %q expected to exist but doesn't", hostsContainerPref, p)
+		}
+	}
+
+	go hc.handleEvents()
+
+	return hc, nil
+}
+
+// Close implements the io.Closer interface for *HostsContainer.  Close must
+// only be called once.  The returned err is always nil.
+func (hc *HostsContainer) Close() (err error) {
+	log.Debug("%s: closing", hostsContainerPref)
+
+	close(hc.done)
+
+	return nil
+}
+
+// Upd returns the channel into which the updates are sent.  The receivable
+// map's values are guaranteed to be of type of *stringutil.Set.
+func (hc *HostsContainer) Upd() (updates <-chan *netutil.IPMap) {
+	return hc.updates
+}
+
+// pathsToPatterns converts paths into patterns compatible with fs.Glob.
+func pathsToPatterns(fsys fs.FS, paths []string) (patterns []string, err error) {
+	for i, p := range paths {
+		var fi fs.FileInfo
+		fi, err = fs.Stat(fsys, p)
+		if err != nil {
+			if errors.Is(err, fs.ErrNotExist) {
+				continue
+			}
+
+			// Don't put a filename here since it's already added by fs.Stat.
+			return nil, fmt.Errorf("path at index %d: %w", i, err)
+		}
+
+		if fi.IsDir() {
+			p = path.Join(p, "*")
+		}
+
+		patterns = append(patterns, p)
+	}
+
+	return patterns, nil
+}
+
+// handleEvents concurrently handles the events.  It closes the update channel
+// of HostsContainer when finishes.  Used to be called within a goroutine.
+func (hc *HostsContainer) handleEvents() {
+	defer log.OnPanic(fmt.Sprintf("%s: handling events", hostsContainerPref))
+
+	defer close(hc.updates)
+
+	ok, eventsCh := true, hc.w.Events()
+	for ok {
+		select {
+		case _, ok = <-eventsCh:
+			if !ok {
+				log.Debug("%s: watcher closed the events channel", hostsContainerPref)
+
+				continue
+			}
+
+			if err := hc.refresh(); err != nil {
+				log.Error("%s: %s", hostsContainerPref, err)
+			}
+		case _, ok = <-hc.done:
+			// Go on.
+		}
+	}
+}
+
+// hostsParser is a helper type to parse rules from the operating system's hosts
+// file.  It exists for only a single refreshing session.
+type hostsParser struct {
+	// rulesBuilder builds the resulting rulesBuilder list content.
+	rulesBuilder *strings.Builder
+
+	// translations maps generated $dnsrewrite rules to the hosts-translations
+	// rules.
+	translations map[string]string
+
+	// cnameSet prevents duplicating cname rules.
+	cnameSet *stringutil.Set
+
+	// table stores only the unique IP-hostname pairs.  It's also sent to the
+	// updates channel afterwards.
+	table *netutil.IPMap
+}
+
+func (hc *HostsContainer) newHostsParser() (hp *hostsParser) {
+	return &hostsParser{
+		rulesBuilder: &strings.Builder{},
+		// For A/AAAA and PTRs.
+		translations: make(map[string]string, hc.last.Len()*2),
+		cnameSet:     stringutil.NewSet(),
+		table:        netutil.NewIPMap(hc.last.Len()),
+	}
+}
+
+// parseFile is a aghos.FileWalker for parsing the files with hosts syntax.  It
+// never signs to stop walking and never returns any additional patterns.
+//
+// See man hosts(5).
+func (hp *hostsParser) parseFile(
+	r io.Reader,
+) (patterns []string, cont bool, err error) {
+	s := bufio.NewScanner(r)
+	for s.Scan() {
+		ip, hosts := hp.parseLine(s.Text())
+		if ip == nil || len(hosts) == 0 {
+			continue
+		}
+
+		hp.addPairs(ip, hosts)
+	}
+
+	return nil, true, s.Err()
+}
+
+// parseLine parses the line having the hosts syntax ignoring invalid ones.
+func (hp *hostsParser) parseLine(line string) (ip net.IP, hosts []string) {
+	fields := strings.Fields(line)
+	if len(fields) < 2 {
+		return nil, nil
+	}
+
+	if ip = net.ParseIP(fields[0]); ip == nil {
+		return nil, nil
+	}
+
+	for _, f := range fields[1:] {
+		hashIdx := strings.IndexByte(f, '#')
+		if hashIdx == 0 {
+			// The rest of the fields are a part of the comment so return.
+			break
+		} else if hashIdx > 0 {
+			// Only a part of the field is a comment.
+			f = f[:hashIdx]
+		}
+
+		// Make sure that invalid hosts aren't turned into rules.
+		//
+		// See https://github.com/AdguardTeam/AdGuardHome/issues/3946.
+		err := netutil.ValidateDomainName(f)
+		if err != nil {
+			log.Error("%s: host %q is invalid, ignoring", hostsContainerPref, f)
+
+			continue
+		}
+
+		hosts = append(hosts, f)
+	}
+
+	return ip, hosts
+}
+
+// Simple types of hosts in hosts database.  Zero value isn't used to be able
+// quizzaciously emulate nil with 0.
+const (
+	_ = iota
+	hostAlias
+	hostMain
+)
+
+// add tries to add the ip-host pair.  It returns:
+//
+//   hostAlias if the host is not the first one added for the ip.
+//   hostMain  if the host is the first one added for the ip.
+//   0         if the ip-host pair has already been added.
+//
+func (hp *hostsParser) add(ip net.IP, host string) (hostType int) {
+	v, ok := hp.table.Get(ip)
+	switch hosts, _ := v.(*stringutil.Set); {
+	case ok && hosts.Has(host):
+		return 0
+	case hosts == nil:
+		hosts = stringutil.NewSet(host)
+		hp.table.Set(ip, hosts)
+
+		return hostMain
+	default:
+		hosts.Add(host)
+
+		return hostAlias
+	}
+}
+
+// addPair puts the pair of ip and host to the rules builder if needed.  For
+// each ip the first member of hosts will become the main one.
+func (hp *hostsParser) addPairs(ip net.IP, hosts []string) {
+	// Put the rule in a preproccesed format like:
+	//
+	//   ip host1 host2 ...
+	//
+	hostsLine := strings.Join(append([]string{ip.String()}, hosts...), " ")
+	var mainHost string
+	for _, host := range hosts {
+		switch hp.add(ip, host) {
+		case 0:
+			continue
+		case hostMain:
+			mainHost = host
+			added, addedPtr := hp.writeMainHostRule(host, ip)
+			hp.translations[added], hp.translations[addedPtr] = hostsLine, hostsLine
+		case hostAlias:
+			pair := fmt.Sprint(host, " ", mainHost)
+			if hp.cnameSet.Has(pair) {
+				continue
+			}
+			// Since the hostAlias couldn't be returned from add before the
+			// hostMain the mainHost shouldn't appear empty.
+			hp.writeAliasHostRule(host, mainHost)
+			hp.cnameSet.Add(pair)
+		}
+
+		log.Debug("%s: added ip-host pair %q-%q", hostsContainerPref, ip, host)
+	}
+}
+
+// writeAliasHostRule writes the CNAME rule for the alias-host pair into
+// internal builders.
+func (hp *hostsParser) writeAliasHostRule(alias, host string) {
+	const (
+		nl = "\n"
+		sc = ";"
+
+		rwSuccess = rules.MaskSeparator + "$dnsrewrite=NOERROR" + sc + "CNAME" + sc
+		constLen  = len(rules.MaskStartURL) + len(rwSuccess) + len(nl)
+	)
+
+	hp.rulesBuilder.Grow(constLen + len(host) + len(alias))
+	stringutil.WriteToBuilder(hp.rulesBuilder, rules.MaskStartURL, alias, rwSuccess, host, nl)
+}
+
+// writeMainHostRule writes the actual rule for the qtype and the PTR for the
+// host-ip pair into internal builders.
+func (hp *hostsParser) writeMainHostRule(host string, ip net.IP) (added, addedPtr string) {
+	arpa, err := netutil.IPToReversedAddr(ip)
+	if err != nil {
+		return
+	}
+
+	const (
+		nl = "\n"
+
+		rwSuccess    = "^$dnsrewrite=NOERROR;"
+		rwSuccessPTR = "^$dnsrewrite=NOERROR;PTR;"
+
+		modLen    = len("||") + len(rwSuccess) + len(";")
+		modLenPTR = len("||") + len(rwSuccessPTR)
+	)
+
+	var qtype string
+	// The validation of the IP address has been performed earlier so it is
+	// guaranteed to be either an IPv4 or an IPv6.
+	if ip.To4() != nil {
+		qtype = "A"
+	} else {
+		qtype = "AAAA"
+	}
+
+	ipStr := ip.String()
+	fqdn := dns.Fqdn(host)
+
+	ruleBuilder := &strings.Builder{}
+	ruleBuilder.Grow(modLen + len(host) + len(qtype) + len(ipStr))
+	stringutil.WriteToBuilder(
+		ruleBuilder,
+		"||",
+		host,
+		rwSuccess,
+		qtype,
+		";",
+		ipStr,
+	)
+	added = ruleBuilder.String()
+
+	ruleBuilder.Reset()
+	ruleBuilder.Grow(modLenPTR + len(arpa) + len(fqdn))
+	stringutil.WriteToBuilder(
+		ruleBuilder,
+		"||",
+		arpa,
+		rwSuccessPTR,
+		fqdn,
+	)
+	addedPtr = ruleBuilder.String()
+
+	hp.rulesBuilder.Grow(len(added) + len(addedPtr) + 2*len(nl))
+	stringutil.WriteToBuilder(hp.rulesBuilder, added, nl, addedPtr, nl)
+
+	return added, addedPtr
+}
+
+// equalSet returns true if the internal hosts table just parsed equals target.
+func (hp *hostsParser) equalSet(target *netutil.IPMap) (ok bool) {
+	if target == nil {
+		// hp.table shouldn't appear nil since it's initialized on each refresh.
+		return target == hp.table
+	}
+
+	if hp.table.Len() != target.Len() {
+		return false
+	}
+
+	hp.table.Range(func(ip net.IP, val interface{}) (cont bool) {
+		v, hasIP := target.Get(ip)
+		// ok is set to true if the target doesn't contain ip or if the
+		// appropriate hosts set isn't equal to the checked one, i.e. the maps
+		// have at least one disperancy.
+		ok = !hasIP || !v.(*stringutil.Set).Equal(val.(*stringutil.Set))
+
+		// Continue only if maps has no discrepancies.
+		return !ok
+	})
+
+	// Return true if every value from the IP map has no disperancies with the
+	// appropriate one from the target.
+	return !ok
+}
+
+// sendUpd tries to send the parsed data to the ch.
+func (hp *hostsParser) sendUpd(ch chan *netutil.IPMap) {
+	log.Debug("%s: sending upd", hostsContainerPref)
+
+	upd := hp.table
+	select {
+	case ch <- upd:
+		// Updates are delivered.  Go on.
+	case <-ch:
+		ch <- upd
+		log.Debug("%s: replaced the last update", hostsContainerPref)
+	case ch <- upd:
+		// The previous update was just read and the next one pushed.  Go on.
+	default:
+		log.Error("%s: the updates channel is broken", hostsContainerPref)
+	}
+}
+
+// newStrg creates a new rules storage from parsed data.
+func (hp *hostsParser) newStrg(id int) (s *filterlist.RuleStorage, err error) {
+	return filterlist.NewRuleStorage([]filterlist.RuleList{&filterlist.StringRuleList{
+		ID:             id,
+		RulesText:      hp.rulesBuilder.String(),
+		IgnoreCosmetic: true,
+	}})
+}
+
+// refresh gets the data from specified files and propagates the updates if
+// needed.
+//
+// TODO(e.burkov):  Accept a parameter to specify the files to refresh.
+func (hc *HostsContainer) refresh() (err error) {
+	log.Debug("%s: refreshing", hostsContainerPref)
+
+	hp := hc.newHostsParser()
+	if _, err = aghos.FileWalker(hp.parseFile).Walk(hc.fsys, hc.patterns...); err != nil {
+		return fmt.Errorf("refreshing : %w", err)
+	}
+
+	if hp.equalSet(hc.last) {
+		log.Debug("%s: no updates detected", hostsContainerPref)
+
+		return nil
+	}
+	defer hp.sendUpd(hc.updates)
+
+	hc.last = hp.table.ShallowClone()
+
+	var rulesStrg *filterlist.RuleStorage
+	if rulesStrg, err = hp.newStrg(hc.listID); err != nil {
+		return fmt.Errorf("initializing rules storage: %w", err)
+	}
+
+	hc.resetEng(rulesStrg, hp.translations)
+
+	return nil
+}

internal/aghnet/hostscontainer_linux.go

@@ -0,0 +1,18 @@
+//go:build linux
+// +build linux
+
+package aghnet
+
+import (
+	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
+)
+
+func defaultHostsPaths() (paths []string) {
+	paths = []string{"etc/hosts"}
+
+	if aghos.IsOpenWrt() {
+		paths = append(paths, "tmp/hosts")
+	}
+
+	return paths
+}

internal/aghnet/hostscontainer_others.go

@@ -0,0 +1,8 @@
+//go:build !(windows || linux)
+// +build !windows,!linux
+
+package aghnet
+
+func defaultHostsPaths() (paths []string) {
+	return []string{"etc/hosts"}
+}

internal/aghnet/hostscontainer_test.go

@@ -0,0 +1,466 @@
+package aghnet
+
+import (
+	"io/fs"
+	"net"
+	"os"
+	"path"
+	"strings"
+	"sync/atomic"
+	"testing"
+	"testing/fstest"
+
+	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
+	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/stringutil"
+	"github.com/AdguardTeam/urlfilter"
+	"github.com/AdguardTeam/urlfilter/rules"
+	"github.com/miekg/dns"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+const (
+	nl = "\n"
+	sp = " "
+)
+
+func TestNewHostsContainer(t *testing.T) {
+	const dirname = "dir"
+	const filename = "file1"
+
+	p := path.Join(dirname, filename)
+
+	testFS := fstest.MapFS{
+		p: &fstest.MapFile{Data: []byte("127.0.0.1 localhost")},
+	}
+
+	testCases := []struct {
+		wantErr error
+		name    string
+		paths   []string
+	}{{
+		wantErr: nil,
+		name:    "one_file",
+		paths:   []string{p},
+	}, {
+		wantErr: ErrNoHostsPaths,
+		name:    "no_files",
+		paths:   []string{},
+	}, {
+		wantErr: ErrNoHostsPaths,
+		name:    "non-existent_file",
+		paths:   []string{path.Join(dirname, filename+"2")},
+	}, {
+		wantErr: nil,
+		name:    "whole_dir",
+		paths:   []string{dirname},
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			onAdd := func(name string) (err error) {
+				assert.Contains(t, tc.paths, name)
+
+				return nil
+			}
+
+			var eventsCalledCounter uint32
+			eventsCh := make(chan struct{})
+			onEvents := func() (e <-chan struct{}) {
+				assert.Equal(t, uint32(1), atomic.AddUint32(&eventsCalledCounter, 1))
+
+				return eventsCh
+			}
+
+			hc, err := NewHostsContainer(0, testFS, &aghtest.FSWatcher{
+				OnEvents: onEvents,
+				OnAdd:    onAdd,
+				OnClose:  func() (err error) { panic("not implemented") },
+			}, tc.paths...)
+			if tc.wantErr != nil {
+				require.ErrorIs(t, err, tc.wantErr)
+
+				assert.Nil(t, hc)
+
+				return
+			}
+
+			require.NoError(t, err)
+			require.NotNil(t, hc)
+
+			assert.NotNil(t, <-hc.Upd())
+
+			eventsCh <- struct{}{}
+			assert.Equal(t, uint32(1), atomic.LoadUint32(&eventsCalledCounter))
+		})
+	}
+
+	t.Run("nil_fs", func(t *testing.T) {
+		require.Panics(t, func() {
+			_, _ = NewHostsContainer(0, nil, &aghtest.FSWatcher{
+				// Those shouldn't panic.
+				OnEvents: func() (e <-chan struct{}) { return nil },
+				OnAdd:    func(name string) (err error) { return nil },
+				OnClose:  func() (err error) { return nil },
+			}, p)
+		})
+	})
+
+	t.Run("nil_watcher", func(t *testing.T) {
+		require.Panics(t, func() {
+			_, _ = NewHostsContainer(0, testFS, nil, p)
+		})
+	})
+
+	t.Run("err_watcher", func(t *testing.T) {
+		const errOnAdd errors.Error = "error"
+
+		errWatcher := &aghtest.FSWatcher{
+			OnEvents: func() (e <-chan struct{}) { panic("not implemented") },
+			OnAdd:    func(name string) (err error) { return errOnAdd },
+			OnClose:  func() (err error) { panic("not implemented") },
+		}
+
+		hc, err := NewHostsContainer(0, testFS, errWatcher, p)
+		require.ErrorIs(t, err, errOnAdd)
+
+		assert.Nil(t, hc)
+	})
+}
+
+func TestHostsContainer_Refresh(t *testing.T) {
+	knownIP := net.IP{127, 0, 0, 1}
+
+	const knownHost = "localhost"
+	const knownAlias = "hocallost"
+
+	const dirname = "dir"
+	const filename1 = "file1"
+	const filename2 = "file2"
+
+	p1 := path.Join(dirname, filename1)
+	p2 := path.Join(dirname, filename2)
+
+	testFS := fstest.MapFS{
+		p1: &fstest.MapFile{
+			Data: []byte(strings.Join([]string{knownIP.String(), knownHost}, sp) + nl),
+		},
+	}
+
+	// event is a convenient alias for an empty struct{} to emit test events.
+	type event = struct{}
+
+	eventsCh := make(chan event, 1)
+	t.Cleanup(func() { close(eventsCh) })
+
+	w := &aghtest.FSWatcher{
+		OnEvents: func() (e <-chan event) { return eventsCh },
+		OnAdd: func(name string) (err error) {
+			assert.Equal(t, dirname, name)
+
+			return nil
+		},
+		OnClose: func() (err error) { panic("not implemented") },
+	}
+
+	hc, err := NewHostsContainer(0, testFS, w, dirname)
+	require.NoError(t, err)
+
+	checkRefresh := func(t *testing.T, wantHosts *stringutil.Set) {
+		upd, ok := <-hc.Upd()
+		require.True(t, ok)
+		require.NotNil(t, upd)
+
+		assert.Equal(t, 1, upd.Len())
+
+		v, ok := upd.Get(knownIP)
+		require.True(t, ok)
+
+		var hosts *stringutil.Set
+		hosts, ok = v.(*stringutil.Set)
+		require.True(t, ok)
+
+		assert.True(t, hosts.Equal(wantHosts))
+	}
+
+	t.Run("initial_refresh", func(t *testing.T) {
+		checkRefresh(t, stringutil.NewSet(knownHost))
+	})
+
+	testFS[p2] = &fstest.MapFile{
+		Data: []byte(strings.Join([]string{knownIP.String(), knownAlias}, sp) + nl),
+	}
+	eventsCh <- event{}
+
+	t.Run("second_refresh", func(t *testing.T) {
+		checkRefresh(t, stringutil.NewSet(knownHost, knownAlias))
+	})
+
+	eventsCh <- event{}
+
+	t.Run("no_changes_refresh", func(t *testing.T) {
+		assert.Empty(t, hc.Upd())
+	})
+}
+
+func TestHostsContainer_PathsToPatterns(t *testing.T) {
+	const (
+		dir0 = "dir"
+		dir1 = "dir_1"
+		fn1  = "file_1"
+		fn2  = "file_2"
+		fn3  = "file_3"
+		fn4  = "file_4"
+	)
+
+	fp1 := path.Join(dir0, fn1)
+	fp2 := path.Join(dir0, fn2)
+	fp3 := path.Join(dir0, dir1, fn3)
+
+	gsfs := fstest.MapFS{
+		fp1: &fstest.MapFile{Data: []byte{1}},
+		fp2: &fstest.MapFile{Data: []byte{2}},
+		fp3: &fstest.MapFile{Data: []byte{3}},
+	}
+
+	testCases := []struct {
+		name    string
+		wantErr error
+		want    []string
+		paths   []string
+	}{{
+		name:    "no_paths",
+		wantErr: nil,
+		want:    nil,
+		paths:   nil,
+	}, {
+		name:    "single_file",
+		wantErr: nil,
+		want:    []string{fp1},
+		paths:   []string{fp1},
+	}, {
+		name:    "several_files",
+		wantErr: nil,
+		want:    []string{fp1, fp2},
+		paths:   []string{fp1, fp2},
+	}, {
+		name:    "whole_dir",
+		wantErr: nil,
+		want:    []string{path.Join(dir0, "*")},
+		paths:   []string{dir0},
+	}, {
+		name:    "file_and_dir",
+		wantErr: nil,
+		want:    []string{fp1, path.Join(dir0, dir1, "*")},
+		paths:   []string{fp1, path.Join(dir0, dir1)},
+	}, {
+		name:    "non-existing",
+		wantErr: nil,
+		want:    nil,
+		paths:   []string{path.Join(dir0, "file_3")},
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			patterns, err := pathsToPatterns(gsfs, tc.paths)
+			if tc.wantErr != nil {
+				assert.ErrorIs(t, err, tc.wantErr)
+
+				return
+			}
+
+			require.NoError(t, err)
+
+			assert.Equal(t, tc.want, patterns)
+		})
+	}
+
+	t.Run("bad_file", func(t *testing.T) {
+		const errStat errors.Error = "bad file"
+
+		badFS := &aghtest.StatFS{
+			OnStat: func(name string) (fs.FileInfo, error) {
+				return nil, errStat
+			},
+		}
+
+		_, err := pathsToPatterns(badFS, []string{""})
+		assert.ErrorIs(t, err, errStat)
+	})
+}
+
+func TestHostsContainer(t *testing.T) {
+	const listID = 1234
+
+	testdata := os.DirFS("./testdata")
+
+	nRewrites := func(t *testing.T, res *urlfilter.DNSResult, n int) (rws []*rules.DNSRewrite) {
+		t.Helper()
+
+		rewrites := res.DNSRewrites()
+		assert.Len(t, rewrites, n)
+
+		for _, rewrite := range rewrites {
+			require.Equal(t, listID, rewrite.FilterListID)
+
+			rw := rewrite.DNSRewrite
+			require.NotNil(t, rw)
+
+			rws = append(rws, rw)
+		}
+
+		return rws
+	}
+
+	testCases := []struct {
+		testTail func(t *testing.T, res *urlfilter.DNSResult)
+		name     string
+		req      urlfilter.DNSRequest
+	}{{
+		name: "simple",
+		req: urlfilter.DNSRequest{
+			Hostname: "simplehost",
+			DNSType:  dns.TypeA,
+		},
+		testTail: func(t *testing.T, res *urlfilter.DNSResult) {
+			rws := nRewrites(t, res, 2)
+
+			v, ok := rws[0].Value.(net.IP)
+			require.True(t, ok)
+
+			assert.True(t, net.IP{1, 0, 0, 1}.Equal(v))
+
+			v, ok = rws[1].Value.(net.IP)
+			require.True(t, ok)
+
+			// It's ::1.
+			assert.True(t, net.IP(append((&[15]byte{})[:], byte(1))).Equal(v))
+		},
+	}, {
+		name: "hello_alias",
+		req: urlfilter.DNSRequest{
+			Hostname: "hello.world",
+			DNSType:  dns.TypeA,
+		},
+		testTail: func(t *testing.T, res *urlfilter.DNSResult) {
+			assert.Equal(t, "hello", nRewrites(t, res, 1)[0].NewCNAME)
+		},
+	}, {
+		name: "lots_of_aliases",
+		req: urlfilter.DNSRequest{
+			Hostname: "for.testing",
+			DNSType:  dns.TypeA,
+		},
+		testTail: func(t *testing.T, res *urlfilter.DNSResult) {
+			assert.Equal(t, "a.whole", nRewrites(t, res, 1)[0].NewCNAME)
+		},
+	}, {
+		name: "reverse",
+		req: urlfilter.DNSRequest{
+			Hostname: "1.0.0.1.in-addr.arpa",
+			DNSType:  dns.TypePTR,
+		},
+		testTail: func(t *testing.T, res *urlfilter.DNSResult) {
+			rws := nRewrites(t, res, 1)
+
+			assert.Equal(t, dns.TypePTR, rws[0].RRType)
+			assert.Equal(t, "simplehost.", rws[0].Value)
+		},
+	}, {
+		name: "non-existing",
+		req: urlfilter.DNSRequest{
+			Hostname: "nonexisting",
+			DNSType:  dns.TypeA,
+		},
+		testTail: func(t *testing.T, res *urlfilter.DNSResult) {
+			require.NotNil(t, res)
+
+			assert.Nil(t, res.DNSRewrites())
+		},
+	}}
+
+	stubWatcher := aghtest.FSWatcher{
+		OnEvents: func() (e <-chan struct{}) { return nil },
+		OnAdd:    func(name string) (err error) { return nil },
+		OnClose:  func() (err error) { panic("not implemented") },
+	}
+
+	hc, err := NewHostsContainer(listID, testdata, &stubWatcher, "etc_hosts")
+	require.NoError(t, err)
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			res, ok := hc.MatchRequest(tc.req)
+			require.False(t, ok)
+			require.NotNil(t, res)
+
+			tc.testTail(t, res)
+		})
+	}
+}
+
+func TestUniqueRules_ParseLine(t *testing.T) {
+	const (
+		hostname = "localhost"
+		alias    = "hocallost"
+	)
+
+	knownIP := net.IP{127, 0, 0, 1}
+
+	testCases := []struct {
+		name      string
+		line      string
+		wantIP    net.IP
+		wantHosts []string
+	}{{
+		name:      "simple",
+		line:      strings.Join([]string{knownIP.String(), hostname}, sp),
+		wantIP:    knownIP,
+		wantHosts: []string{"localhost"},
+	}, {
+		name:      "aliases",
+		line:      strings.Join([]string{knownIP.String(), hostname, alias}, sp),
+		wantIP:    knownIP,
+		wantHosts: []string{"localhost", "hocallost"},
+	}, {
+		name:      "invalid_line",
+		line:      knownIP.String(),
+		wantIP:    nil,
+		wantHosts: nil,
+	}, {
+		name:      "invalid_line_hostname",
+		line:      strings.Join([]string{knownIP.String(), "#" + hostname}, sp),
+		wantIP:    knownIP,
+		wantHosts: nil,
+	}, {
+		name:      "commented_aliases",
+		line:      strings.Join([]string{knownIP.String(), hostname, "#" + alias}, sp),
+		wantIP:    knownIP,
+		wantHosts: []string{"localhost"},
+	}, {
+		name:      "whole_comment",
+		line:      strings.Join([]string{"#", knownIP.String(), hostname}, sp),
+		wantIP:    nil,
+		wantHosts: nil,
+	}, {
+		name:      "partial_comment",
+		line:      strings.Join([]string{knownIP.String(), hostname[:4] + "#" + hostname[4:]}, sp),
+		wantIP:    knownIP,
+		wantHosts: []string{hostname[:4]},
+	}, {
+		name:      "empty",
+		line:      ``,
+		wantIP:    nil,
+		wantHosts: nil,
+	}}
+
+	for _, tc := range testCases {
+		hp := hostsParser{}
+		t.Run(tc.name, func(t *testing.T) {
+			ip, hosts := hp.parseLine(tc.line)
+			assert.True(t, tc.wantIP.Equal(ip))
+			assert.Equal(t, tc.wantHosts, hosts)
+		})
+	}
+}

internal/aghnet/hostscontainer_windows.go

@@ -0,0 +1,33 @@
+//go:build windows
+// +build windows
+
+package aghnet
+
+import (
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+
+	"github.com/AdguardTeam/golibs/log"
+	"golang.org/x/sys/windows"
+)
+
+func defaultHostsPaths() (paths []string) {
+	sysDir, err := windows.GetSystemDirectory()
+	if err != nil {
+		log.Error("getting system directory: %s", err)
+
+		return []string{}
+	}
+
+	// Split all the elements of the path to join them afterwards.  This is
+	// needed to make the Windows-specific path string returned by
+	// windows.GetSystemDirectory to be compatible with fs.FS.
+	pathElems := strings.Split(sysDir, string(os.PathSeparator))
+	if len(pathElems) > 0 && pathElems[0] == filepath.VolumeName(sysDir) {
+		pathElems = pathElems[1:]
+	}
+
+	return []string{path.Join(append(pathElems, "drivers/etc/hosts")...)}
+}

internal/aghnet/interfaces.go

@@ -92,6 +92,8 @@ func IfaceDNSIPAddrs(
 		time.Sleep(backoff)
 	}
 
+	n--
+
 	switch len(addrs) {
 	case 0:
 		// Don't return errors in case the users want to try and enable
@@ -116,3 +118,11 @@ func IfaceDNSIPAddrs(
 
 	return addrs, nil
 }
+
+// interfaceName is a string containing network interface's name.  The name is
+// used in file walking methods.
+type interfaceName string
+
+// Use interfaceName in the OS-independent code since it's actually only used in
+// several OS-dependent implementations which causes linting issues.
+var _ = interfaceName("")

internal/aghnet/ipmut.go

@@ -0,0 +1,43 @@
+package aghnet
+
+import (
+	"net"
+	"sync/atomic"
+)
+
+// IPMutFunc is the signature of a function which modifies the IP address
+// instance.  It should be safe for concurrent use.
+type IPMutFunc func(ip net.IP)
+
+// nopIPMutFunc is the IPMutFunc that does nothing.
+func nopIPMutFunc(net.IP) {}
+
+// IPMut is a type-safe wrapper of atomic.Value to store the IPMutFunc.
+type IPMut struct {
+	f atomic.Value
+}
+
+// NewIPMut returns the new properly initialized *IPMut.  The m is guaranteed to
+// always store non-nil IPMutFunc which is safe to call.
+func NewIPMut(f IPMutFunc) (m *IPMut) {
+	m = &IPMut{
+		f: atomic.Value{},
+	}
+	m.Store(f)
+
+	return m
+}
+
+// Store sets the IPMutFunc to return from Func.  It's safe for concurrent use.
+// If f is nil, the stored function is the no-op one.
+func (m *IPMut) Store(f IPMutFunc) {
+	if f == nil {
+		f = nopIPMutFunc
+	}
+	m.f.Store(f)
+}
+
+// Load returns the previously stored IPMutFunc.
+func (m *IPMut) Load() (f IPMutFunc) {
+	return m.f.Load().(IPMutFunc)
+}

internal/aghnet/net.go

@@ -4,13 +4,11 @@ package aghnet
 import (
 	"encoding/json"
 	"fmt"
+	"io"
 	"net"
-	"os"
 	"os/exec"
-	"runtime"
 	"strings"
 	"syscall"
-	"time"
 
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
@@ -189,57 +187,30 @@ func GetSubnet(ifaceName string) *net.IPNet {
 	return nil
 }
 
-// CheckPortAvailable - check if TCP port is available
-func CheckPortAvailable(host net.IP, port int) error {
-	ln, err := net.Listen("tcp", netutil.JoinHostPort(host.String(), port))
-	if err != nil {
-		return err
+// CheckPort checks if the port is available for binding.
+func CheckPort(network string, ip net.IP, port int) (err error) {
+	var c io.Closer
+	addr := netutil.IPPort{IP: ip, Port: port}.String()
+	switch network {
+	case "tcp":
+		c, err = net.Listen(network, addr)
+	case "udp":
+		c, err = net.ListenPacket(network, addr)
+	default:
+		return nil
 	}
-	_ = ln.Close()
 
-	// It seems that net.Listener.Close() doesn't close file descriptors right away.
-	// We wait for some time and hope that this fd will be closed.
-	time.Sleep(100 * time.Millisecond)
-	return nil
+	return errors.WithDeferred(err, closePortChecker(c))
 }
 
-// CheckPacketPortAvailable - check if UDP port is available
-func CheckPacketPortAvailable(host net.IP, port int) error {
-	ln, err := net.ListenPacket("udp", netutil.JoinHostPort(host.String(), port))
-	if err != nil {
-		return err
-	}
-	_ = ln.Close()
-
-	// It seems that net.Listener.Close() doesn't close file descriptors right away.
-	// We wait for some time and hope that this fd will be closed.
-	time.Sleep(100 * time.Millisecond)
-	return err
-}
-
-// ErrorIsAddrInUse - check if error is "address already in use"
-func ErrorIsAddrInUse(err error) bool {
-	errOpError, ok := err.(*net.OpError)
-	if !ok {
+// IsAddrInUse checks if err is about unsuccessful address binding.
+func IsAddrInUse(err error) (ok bool) {
+	var sysErr syscall.Errno
+	if !errors.As(err, &sysErr) {
 		return false
 	}
 
-	errSyscallError, ok := errOpError.Err.(*os.SyscallError)
-	if !ok {
-		return false
-	}
-
-	errErrno, ok := errSyscallError.Err.(syscall.Errno)
-	if !ok {
-		return false
-	}
-
-	if runtime.GOOS == "windows" {
-		const WSAEADDRINUSE = 10048
-		return errErrno == WSAEADDRINUSE
-	}
-
-	return errErrno == syscall.EADDRINUSE
+	return isAddrInUse(sysErr)
 }
 
 // SplitHost is a wrapper for net.SplitHostPort for the cases when the hostport

internal/aghnet/net_freebsd.go

@@ -18,9 +18,11 @@ func canBindPrivilegedPorts() (can bool, err error) {
 }
 
 func ifaceHasStaticIP(ifaceName string) (ok bool, err error) {
-	const filename = "/etc/rc.conf"
+	const rcConfFilename = "etc/rc.conf"
 
-	return aghos.FileWalker(interfaceName(ifaceName).rcConfStaticConfig).Walk(filename)
+	walker := aghos.FileWalker(interfaceName(ifaceName).rcConfStaticConfig)
+
+	return walker.Walk(aghos.RootDirFS(), rcConfFilename)
 }
 
 // rcConfStaticConfig checks if the interface is configured by /etc/rc.conf to

internal/aghnet/net_linux.go

@@ -85,17 +85,17 @@ func ifaceHasStaticIP(ifaceName string) (has bool, err error) {
 
 	iface := interfaceName(ifaceName)
 
-	for _, pair := range []struct {
+	for _, pair := range [...]struct {
 		aghos.FileWalker
 		filename string
 	}{{
 		FileWalker: iface.dhcpcdStaticConfig,
-		filename:   "/etc/dhcpcd.conf",
+		filename:   "etc/dhcpcd.conf",
 	}, {
 		FileWalker: iface.ifacesStaticConfig,
-		filename:   "/etc/network/interfaces",
+		filename:   "etc/network/interfaces",
 	}} {
-		has, err = pair.Walk(pair.filename)
+		has, err = pair.Walk(aghos.RootDirFS(), pair.filename)
 		if err != nil {
 			return false, err
 		}

internal/aghnet/net_linux_test.go

@@ -12,8 +12,6 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-const nl = "\n"
-
 func TestDHCPCDStaticConfig(t *testing.T) {
 	const iface interfaceName = `wlan0`
 

internal/aghnet/net_openbsd.go

@@ -18,9 +18,9 @@ func canBindPrivilegedPorts() (can bool, err error) {
 }
 
 func ifaceHasStaticIP(ifaceName string) (ok bool, err error) {
-	filename := fmt.Sprintf("/etc/hostname.%s", ifaceName)
+	filename := fmt.Sprintf("etc/hostname.%s", ifaceName)
 
-	return aghos.FileWalker(hostnameIfStaticConfig).Walk(filename)
+	return aghos.FileWalker(hostnameIfStaticConfig).Walk(aghos.RootDirFS(), filename)
 }
 
 // hostnameIfStaticConfig checks if the interface is configured by

internal/aghnet/net_others.go

@@ -1,20 +0,0 @@
-//go:build !(linux || darwin || freebsd || openbsd)
-// +build !linux,!darwin,!freebsd,!openbsd
-
-package aghnet
-
-import (
-	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
-)
-
-func canBindPrivilegedPorts() (can bool, err error) {
-	return aghos.HaveAdminRights()
-}
-
-func ifaceHasStaticIP(string) (ok bool, err error) {
-	return false, aghos.Unsupported("checking static ip")
-}
-
-func ifaceSetStaticIP(string) (err error) {
-	return aghos.Unsupported("setting static ip")
-}

internal/aghnet/net_test.go

@@ -4,10 +4,15 @@ import (
 	"net"
 	"testing"
 
+	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
+func TestMain(m *testing.M) {
+	aghtest.DiscardLogOutput(m)
+}
+
 func TestGetValidNetInterfacesForWeb(t *testing.T) {
 	ifaces, err := GetValidNetInterfacesForWeb()
 	require.NoErrorf(t, err, "cannot get net interfaces: %s", err)

internal/aghnet/net_unix.go

@@ -1,8 +1,19 @@
-//go:build openbsd || freebsd || linux
-// +build openbsd freebsd linux
+//go:build openbsd || freebsd || linux || darwin
+// +build openbsd freebsd linux darwin
 
 package aghnet
 
-// interfaceName is a string containing network interface's name.  The name is
-// used in file walking methods.
-type interfaceName string
+import (
+	"io"
+	"syscall"
+
+	"github.com/AdguardTeam/golibs/errors"
+)
+
+func closePortChecker(c io.Closer) (err error) {
+	return c.Close()
+}
+
+func isAddrInUse(err syscall.Errno) (ok bool) {
+	return errors.Is(err, syscall.EADDRINUSE)
+}

internal/aghnet/net_windows.go

@@ -0,0 +1,45 @@
+//go:build !(linux || darwin || freebsd || openbsd)
+// +build !linux,!darwin,!freebsd,!openbsd
+
+package aghnet
+
+import (
+	"io"
+	"syscall"
+	"time"
+
+	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
+	"github.com/AdguardTeam/golibs/errors"
+	"golang.org/x/sys/windows"
+)
+
+func canBindPrivilegedPorts() (can bool, err error) {
+	return aghos.HaveAdminRights()
+}
+
+func ifaceHasStaticIP(string) (ok bool, err error) {
+	return false, aghos.Unsupported("checking static ip")
+}
+
+func ifaceSetStaticIP(string) (err error) {
+	return aghos.Unsupported("setting static ip")
+}
+
+func closePortChecker(c io.Closer) (err error) {
+	if err = c.Close(); err != nil {
+		return err
+	}
+
+	// It seems that net.Listener.Close() doesn't close file descriptors right
+	// away.  We wait for some time and hope that this fd will be closed.
+	//
+	// TODO(e.burkov):  Investigate the purpose of the line and perhaps use more
+	// reliable approach.
+	time.Sleep(100 * time.Millisecond)
+
+	return nil
+}
+
+func isAddrInUse(err syscall.Errno) (ok bool) {
+	return errors.Is(err, windows.WSAEADDRINUSE)
+}

internal/aghnet/systemresolvers_others_test.go

@@ -79,8 +79,8 @@ func TestSystemResolvers_DialFunc(t *testing.T) {
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			conn, err := imp.dialFunc(context.Background(), "", tc.address)
-
 			require.Nil(t, conn)
+
 			assert.ErrorIs(t, err, tc.want)
 		})
 	}

internal/aghnet/testdata/etc_hosts

@@ -0,0 +1,20 @@
+#
+# Test /etc/hosts file
+#
+
+1.0.0.1 simplehost
+1.0.0.0 hello hello.world
+
+# See https://github.com/AdguardTeam/AdGuardHome/issues/3846.
+1.0.0.2 a.whole lot.of aliases for.testing
+
+# See https://github.com/AdguardTeam/AdGuardHome/issues/3946.
+1.0.0.3 *
+1.0.0.4 *.com
+
+# Same for IPv6.
+::1 simplehost
+::  hello hello.world
+::2 a.whole lot.of aliases for.testing
+::3 *
+::4 *.com

internal/aghos/filewalker.go

@@ -3,10 +3,8 @@ package aghos
 import (
 	"fmt"
 	"io"
-	"os"
-	"path/filepath"
+	"io/fs"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghio"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/stringutil"
 )
@@ -14,27 +12,28 @@ import (
 // FileWalker is the signature of a function called for files in the file tree.
 // As opposed to filepath.Walk it only walk the files (not directories) matching
 // the provided pattern and those returned by function itself.  All patterns
-// should be valid for filepath.Glob.  If cont is false, the walking terminates.
-// Each opened file is also limited for reading to MaxWalkedFileSize.
+// should be valid for fs.Glob.  If FileWalker returns false for cont then
+// walking terminates.  Prefer using bufio.Scanner to read the r since the input
+// is not limited.
 //
-// TODO(e.burkov):  Consider moving to the separate package like pathutil.
+// TODO(e.burkov, a.garipov):  Move into another package like aghfs.
 //
 // TODO(e.burkov):  Think about passing filename or any additional data.
 type FileWalker func(r io.Reader) (patterns []string, cont bool, err error)
 
-// MaxWalkedFileSize is the maximum length of the file that FileWalker can
-// check.
-const MaxWalkedFileSize = 1024 * 1024
-
-// checkFile tries to open and process a single file located on sourcePath.
-func checkFile(c FileWalker, sourcePath string) (patterns []string, cont bool, err error) {
-	var f *os.File
-	f, err = os.Open(sourcePath)
+// checkFile tries to open and process a single file located on sourcePath in
+// the specified fsys.  The path is skipped if it's a directory.
+func checkFile(
+	fsys fs.FS,
+	c FileWalker,
+	sourcePath string,
+) (patterns []string, cont bool, err error) {
+	var f fs.File
+	f, err = fsys.Open(sourcePath)
 	if err != nil {
-		if errors.Is(err, os.ErrNotExist) {
-			// Ignore non-existing files since this may only happen
-			// when the file was removed after filepath.Glob matched
-			// it.
+		if errors.Is(err, fs.ErrNotExist) {
+			// Ignore non-existing files since this may only happen when the
+			// file was removed after filepath.Glob matched it.
 			return nil, true, nil
 		}
 
@@ -42,23 +41,28 @@ func checkFile(c FileWalker, sourcePath string) (patterns []string, cont bool, e
 	}
 	defer func() { err = errors.WithDeferred(err, f.Close()) }()
 
-	var r io.Reader
-	// Ignore the error since LimitReader function returns error only if
-	// passed limit value is less than zero, but the constant used.
-	//
-	// TODO(e.burkov):  Make variable.
-	r, _ = aghio.LimitReader(f, MaxWalkedFileSize)
+	var fi fs.FileInfo
+	if fi, err = f.Stat(); err != nil {
+		return nil, true, err
+	} else if fi.IsDir() {
+		// Skip the directories.
+		return nil, true, nil
+	}
 
-	return c(r)
+	return c(f)
 }
 
-// handlePatterns parses the patterns and ignores duplicates using srcSet.
-// srcSet must be non-nil.
-func handlePatterns(srcSet *stringutil.Set, patterns ...string) (sub []string, err error) {
+// handlePatterns parses the patterns in fsys and ignores duplicates using
+// srcSet.  srcSet must be non-nil.
+func handlePatterns(
+	fsys fs.FS,
+	srcSet *stringutil.Set,
+	patterns ...string,
+) (sub []string, err error) {
 	sub = make([]string, 0, len(patterns))
 	for _, p := range patterns {
 		var matches []string
-		matches, err = filepath.Glob(p)
+		matches, err = fs.Glob(fsys, p)
 		if err != nil {
 			// Enrich error with the pattern because filepath.Glob
 			// doesn't do it.
@@ -78,14 +82,14 @@ func handlePatterns(srcSet *stringutil.Set, patterns ...string) (sub []string, e
 	return sub, nil
 }
 
-// Walk starts walking the files defined by initPattern.  It only returns true
-// if c signed to stop walking.
-func (c FileWalker) Walk(initPattern string) (ok bool, err error) {
-	// The slice of sources keeps the order in which the files are walked
-	// since srcSet.Values() returns strings in undefined order.
+// Walk starts walking the files in fsys defined by patterns from initial.
+// It only returns true if fw signed to stop walking.
+func (fw FileWalker) Walk(fsys fs.FS, initial ...string) (ok bool, err error) {
+	// The slice of sources keeps the order in which the files are walked since
+	// srcSet.Values() returns strings in undefined order.
 	srcSet := stringutil.NewSet()
 	var src []string
-	src, err = handlePatterns(srcSet, initPattern)
+	src, err = handlePatterns(fsys, srcSet, initial...)
 	if err != nil {
 		return false, err
 	}
@@ -97,7 +101,7 @@ func (c FileWalker) Walk(initPattern string) (ok bool, err error) {
 		var patterns []string
 		var cont bool
 		filename = src[i]
-		patterns, cont, err = checkFile(c, src[i])
+		patterns, cont, err = checkFile(fsys, fw, src[i])
 		if err != nil {
 			return false, err
 		}
@@ -107,7 +111,7 @@ func (c FileWalker) Walk(initPattern string) (ok bool, err error) {
 		}
 
 		var subsrc []string
-		subsrc, err = handlePatterns(srcSet, patterns...)
+		subsrc, err = handlePatterns(fsys, srcSet, patterns...)
 		if err != nil {
 			return false, err
 		}

internal/aghos/filewalker_test.go

@@ -4,56 +4,19 @@ import (
 	"bufio"
 	"io"
 	"io/fs"
-	"os"
-	"path/filepath"
+	"path"
 	"testing"
+	"testing/fstest"
 
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
-// testFSDir maps entries' names to entries which should either be a testFSDir
-// or byte slice.
-type testFSDir map[string]interface{}
-
-// testFSGen is used to generate a temporary filesystem consisting of
-// directories and plain text files from itself.
-type testFSGen testFSDir
-
-// gen returns the name of top directory of the generated filesystem.
-func (g testFSGen) gen(t *testing.T) (dirName string) {
-	t.Helper()
-
-	dirName = t.TempDir()
-	g.rangeThrough(t, dirName)
-
-	return dirName
-}
-
-func (g testFSGen) rangeThrough(t *testing.T, dirName string) {
-	const perm fs.FileMode = 0o777
-
-	for k, e := range g {
-		switch e := e.(type) {
-		case []byte:
-			require.NoError(t, os.WriteFile(filepath.Join(dirName, k), e, perm))
-
-		case testFSDir:
-			newDir := filepath.Join(dirName, k)
-			require.NoError(t, os.Mkdir(newDir, perm))
-
-			testFSGen(e).rangeThrough(t, newDir)
-		default:
-			t.Fatalf("unexpected entry type %T", e)
-		}
-	}
-}
-
 func TestFileWalker_Walk(t *testing.T) {
 	const attribute = `000`
 
-	makeFileWalker := func(dirName string) (fw FileWalker) {
+	makeFileWalker := func(_ string) (fw FileWalker) {
 		return func(r io.Reader) (patterns []string, cont bool, err error) {
 			s := bufio.NewScanner(r)
 			for s.Scan() {
@@ -63,7 +26,7 @@ func TestFileWalker_Walk(t *testing.T) {
 				}
 
 				if len(line) != 0 {
-					patterns = append(patterns, filepath.Join(dirName, line))
+					patterns = append(patterns, path.Join(".", line))
 				}
 			}
 
@@ -74,136 +37,150 @@ func TestFileWalker_Walk(t *testing.T) {
 	const nl = "\n"
 
 	testCases := []struct {
-		name        string
-		testFS      testFSGen
+		testFS      fstest.MapFS
+		want        assert.BoolAssertionFunc
 		initPattern string
-		want        bool
+		name        string
 	}{{
 		name: "simple",
-		testFS: testFSGen{
-			"simple_0001.txt": []byte(attribute + nl),
+		testFS: fstest.MapFS{
+			"simple_0001.txt": &fstest.MapFile{Data: []byte(attribute + nl)},
 		},
 		initPattern: "simple_0001.txt",
-		want:        true,
+		want:        assert.True,
 	}, {
 		name: "chain",
-		testFS: testFSGen{
-			"chain_0001.txt": []byte(`chain_0002.txt` + nl),
-			"chain_0002.txt": []byte(`chain_0003.txt` + nl),
-			"chain_0003.txt": []byte(attribute + nl),
+		testFS: fstest.MapFS{
+			"chain_0001.txt": &fstest.MapFile{Data: []byte(`chain_0002.txt` + nl)},
+			"chain_0002.txt": &fstest.MapFile{Data: []byte(`chain_0003.txt` + nl)},
+			"chain_0003.txt": &fstest.MapFile{Data: []byte(attribute + nl)},
 		},
 		initPattern: "chain_0001.txt",
-		want:        true,
+		want:        assert.True,
 	}, {
 		name: "several",
-		testFS: testFSGen{
-			"several_0001.txt": []byte(`several_*` + nl),
-			"several_0002.txt": []byte(`several_0001.txt` + nl),
-			"several_0003.txt": []byte(attribute + nl),
+		testFS: fstest.MapFS{
+			"several_0001.txt": &fstest.MapFile{Data: []byte(`several_*` + nl)},
+			"several_0002.txt": &fstest.MapFile{Data: []byte(`several_0001.txt` + nl)},
+			"several_0003.txt": &fstest.MapFile{Data: []byte(attribute + nl)},
 		},
 		initPattern: "several_0001.txt",
-		want:        true,
+		want:        assert.True,
 	}, {
 		name: "no",
-		testFS: testFSGen{
-			"no_0001.txt": []byte(nl),
-			"no_0002.txt": []byte(nl),
-			"no_0003.txt": []byte(nl),
+		testFS: fstest.MapFS{
+			"no_0001.txt": &fstest.MapFile{Data: []byte(nl)},
+			"no_0002.txt": &fstest.MapFile{Data: []byte(nl)},
+			"no_0003.txt": &fstest.MapFile{Data: []byte(nl)},
 		},
 		initPattern: "no_*",
-		want:        false,
+		want:        assert.False,
 	}, {
 		name: "subdirectory",
-		testFS: testFSGen{
-			"dir": testFSDir{
-				"subdir_0002.txt": []byte(attribute + nl),
+		testFS: fstest.MapFS{
+			path.Join("dir", "subdir_0002.txt"): &fstest.MapFile{
+				Data: []byte(attribute + nl),
 			},
-			"subdir_0001.txt": []byte(`dir/*`),
+			"subdir_0001.txt": &fstest.MapFile{Data: []byte(`dir/*`)},
 		},
 		initPattern: "subdir_0001.txt",
-		want:        true,
+		want:        assert.True,
 	}}
 
 	for _, tc := range testCases {
-		testDir := tc.testFS.gen(t)
-		fw := makeFileWalker(testDir)
+		fw := makeFileWalker("")
 
 		t.Run(tc.name, func(t *testing.T) {
-			ok, err := fw.Walk(filepath.Join(testDir, tc.initPattern))
+			ok, err := fw.Walk(tc.testFS, tc.initPattern)
 			require.NoError(t, err)
 
-			assert.Equal(t, tc.want, ok)
+			tc.want(t, ok)
 		})
 	}
 
 	t.Run("pattern_malformed", func(t *testing.T) {
-		ok, err := makeFileWalker("").Walk("[]")
+		f := fstest.MapFS{}
+		ok, err := makeFileWalker("").Walk(f, "[]")
 		require.Error(t, err)
 
 		assert.False(t, ok)
-		assert.ErrorIs(t, err, filepath.ErrBadPattern)
+		assert.ErrorIs(t, err, path.ErrBadPattern)
 	})
 
 	t.Run("bad_filename", func(t *testing.T) {
-		dir := testFSGen{
-			"bad_filename.txt": []byte("[]"),
-		}.gen(t)
-		fw := FileWalker(func(r io.Reader) (patterns []string, cont bool, err error) {
+		const filename = "bad_filename.txt"
+
+		f := fstest.MapFS{
+			filename: &fstest.MapFile{Data: []byte("[]")},
+		}
+		ok, err := FileWalker(func(r io.Reader) (patterns []string, cont bool, err error) {
 			s := bufio.NewScanner(r)
 			for s.Scan() {
 				patterns = append(patterns, s.Text())
 			}
 
 			return patterns, true, s.Err()
-		})
-
-		ok, err := fw.Walk(filepath.Join(dir, "bad_filename.txt"))
+		}).Walk(f, filename)
 		require.Error(t, err)
 
 		assert.False(t, ok)
-		assert.ErrorIs(t, err, filepath.ErrBadPattern)
+		assert.ErrorIs(t, err, path.ErrBadPattern)
 	})
 
 	t.Run("itself_error", func(t *testing.T) {
 		const rerr errors.Error = "returned error"
 
-		dir := testFSGen{
-			"mockfile.txt": []byte(`mockdata`),
-		}.gen(t)
+		f := fstest.MapFS{
+			"mockfile.txt": &fstest.MapFile{Data: []byte(`mockdata`)},
+		}
 
 		ok, err := FileWalker(func(r io.Reader) (patterns []string, ok bool, err error) {
 			return nil, true, rerr
-		}).Walk(filepath.Join(dir, "*"))
-		require.Error(t, err)
-		require.False(t, ok)
+		}).Walk(f, "*")
+		require.ErrorIs(t, err, rerr)
 
-		assert.ErrorIs(t, err, rerr)
+		assert.False(t, ok)
 	})
 }
 
+type errFS struct {
+	fs.GlobFS
+}
+
+const errErrFSOpen errors.Error = "this error is always returned"
+
+func (efs *errFS) Open(name string) (fs.File, error) {
+	return nil, errErrFSOpen
+}
+
 func TestWalkerFunc_CheckFile(t *testing.T) {
+	emptyFS := fstest.MapFS{}
+
 	t.Run("non-existing", func(t *testing.T) {
-		_, ok, err := checkFile(nil, "lol")
+		_, ok, err := checkFile(emptyFS, nil, "lol")
 		require.NoError(t, err)
 
 		assert.True(t, ok)
 	})
 
 	t.Run("invalid_argument", func(t *testing.T) {
-		const badPath = "\x00"
-
-		_, ok, err := checkFile(nil, badPath)
-		require.Error(t, err)
+		_, ok, err := checkFile(&errFS{}, nil, "")
+		require.ErrorIs(t, err, errErrFSOpen)
 
 		assert.False(t, ok)
-		// TODO(e.burkov):  Use assert.ErrorsIs within the error from
-		// less platform-dependent package instead of syscall.EINVAL.
-		//
-		// See https://github.com/golang/go/issues/46849 and
-		// https://github.com/golang/go/issues/30322.
-		pathErr := &os.PathError{}
-		require.ErrorAs(t, err, &pathErr)
-		assert.Equal(t, "open", pathErr.Op)
-		assert.Equal(t, badPath, pathErr.Path)
+	})
+
+	t.Run("ignore_dirs", func(t *testing.T) {
+		const dirName = "dir"
+
+		testFS := fstest.MapFS{
+			path.Join(dirName, "file"): &fstest.MapFile{Data: []byte{}},
+		}
+
+		patterns, ok, err := checkFile(testFS, nil, dirName)
+		require.NoError(t, err)
+
+		assert.Empty(t, patterns)
+		assert.True(t, ok)
 	})
 }

internal/aghos/fswatcher.go

@@ -0,0 +1,133 @@
+package aghos
+
+import (
+	"fmt"
+	"io"
+	"io/fs"
+	"path/filepath"
+
+	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/log"
+	"github.com/fsnotify/fsnotify"
+)
+
+// event is a convenient alias for an empty struct to signal that watching
+// event happened.
+type event = struct{}
+
+// FSWatcher tracks all the fyle system events and notifies about those.
+//
+// TODO(e.burkov, a.garipov): Move into another package like aghfs.
+type FSWatcher interface {
+	io.Closer
+
+	// Events should return a read-only channel which notifies about events.
+	Events() (e <-chan event)
+
+	// Add should check if the file named name is accessible and starts tracking
+	// it.
+	Add(name string) (err error)
+}
+
+// osWatcher tracks the file system provided by the OS.
+type osWatcher struct {
+	// w is the actual notifier that is handled by osWatcher.
+	w *fsnotify.Watcher
+
+	// events is the channel to notify.
+	events chan event
+}
+
+const (
+	// osWatcherPref is a prefix for logging and wrapping errors in osWathcer's
+	// methods.
+	osWatcherPref = "os watcher"
+)
+
+// NewOSWritesWatcher creates FSWatcher that tracks the real file system of the
+// OS and notifies only about writing events.
+func NewOSWritesWatcher() (w FSWatcher, err error) {
+	defer func() { err = errors.Annotate(err, "%s: %w", osWatcherPref) }()
+
+	var watcher *fsnotify.Watcher
+	watcher, err = fsnotify.NewWatcher()
+	if err != nil {
+		return nil, fmt.Errorf("creating watcher: %w", err)
+	}
+
+	fsw := &osWatcher{
+		w:      watcher,
+		events: make(chan event, 1),
+	}
+
+	go fsw.handleErrors()
+	go fsw.handleEvents()
+
+	return fsw, nil
+}
+
+// handleErrors handles accompanying errors.  It used to be called in a separate
+// goroutine.
+func (w *osWatcher) handleErrors() {
+	defer log.OnPanic(fmt.Sprintf("%s: handling errors", osWatcherPref))
+
+	for err := range w.w.Errors {
+		log.Error("%s: %s", osWatcherPref, err)
+	}
+}
+
+// Events implements the FSWatcher interface for *osWatcher.
+func (w *osWatcher) Events() (e <-chan event) {
+	return w.events
+}
+
+// Add implements the FSWatcher interface for *osWatcher.
+//
+// TODO(e.burkov):  Make it accept non-existing files to detect it's creating.
+func (w *osWatcher) Add(name string) (err error) {
+	defer func() { err = errors.Annotate(err, "%s: %w", osWatcherPref) }()
+
+	if _, err = fs.Stat(RootDirFS(), name); err != nil {
+		return fmt.Errorf("checking file %q: %w", name, err)
+	}
+
+	return w.w.Add(filepath.Join("/", name))
+}
+
+// Close implements the FSWatcher interface for *osWatcher.
+func (w *osWatcher) Close() (err error) {
+	return w.w.Close()
+}
+
+// handleEvents notifies about the received file system's event if needed.  It
+// used to be called in a separate goroutine.
+func (w *osWatcher) handleEvents() {
+	defer log.OnPanic(fmt.Sprintf("%s: handling events", osWatcherPref))
+
+	defer close(w.events)
+
+	ch := w.w.Events
+	for e := range ch {
+		if e.Op&fsnotify.Write == 0 {
+			continue
+		}
+
+		// Skip the following events assuming that sometimes the same event
+		// occurrs several times.
+		for ok := true; ok; {
+			select {
+			case _, ok = <-ch:
+				// Go on.
+			default:
+				ok = false
+			}
+		}
+
+		select {
+		case w.events <- event{}:
+			// Go on.
+		default:
+			log.Debug("%s: events buffer is full", osWatcherPref)
+		}
+	}
+}

internal/aghos/os.go

@@ -7,6 +7,8 @@ import (
 	"bufio"
 	"fmt"
 	"io"
+	"io/fs"
+	"os"
 	"os/exec"
 	"path"
 	"runtime"
@@ -89,7 +91,7 @@ func PIDByCommand(command string, except ...int) (pid int, err error) {
 	}
 
 	var instNum int
-	pid, instNum, err = parsePSOutput(stdout, command, except...)
+	pid, instNum, err = parsePSOutput(stdout, command, except)
 	if err != nil {
 		return 0, err
 	}
@@ -116,16 +118,15 @@ func PIDByCommand(command string, except ...int) (pid int, err error) {
 }
 
 // parsePSOutput scans the output of ps searching the largest PID of the process
-// associated with cmdName ignoring PIDs from ignore.  Valid r's line shoud be
-// like:
+// associated with cmdName ignoring PIDs from ignore.  A valid line from
+// r should look like these:
 //
 //    123 ./example-cmd
 //   1230 some/base/path/example-cmd
 //   3210 example-cmd
 //
-func parsePSOutput(r io.Reader, cmdName string, ignore ...int) (largest, instNum int, err error) {
+func parsePSOutput(r io.Reader, cmdName string, ignore []int) (largest, instNum int, err error) {
 	s := bufio.NewScanner(r)
-ScanLoop:
 	for s.Scan() {
 		fields := strings.Fields(s.Text())
 		if len(fields) != 2 || path.Base(fields[1]) != cmdName {
@@ -133,16 +134,10 @@ ScanLoop:
 		}
 
 		cur, aerr := strconv.Atoi(fields[0])
-		if aerr != nil || cur < 0 {
+		if aerr != nil || cur < 0 || intIn(cur, ignore) {
 			continue
 		}
 
-		for _, pid := range ignore {
-			if cur == pid {
-				continue ScanLoop
-			}
-		}
-
 		instNum++
 		if cur > largest {
 			largest = cur
@@ -155,7 +150,25 @@ ScanLoop:
 	return largest, instNum, nil
 }
 
+// intIn returns true if nums contains n.
+func intIn(n int, nums []int) (ok bool) {
+	for _, nn := range nums {
+		if n == nn {
+			return true
+		}
+	}
+
+	return false
+}
+
 // IsOpenWrt returns true if host OS is OpenWrt.
 func IsOpenWrt() (ok bool) {
 	return isOpenWrt()
 }
+
+// RootDirFS returns the fs.FS rooted at the operating system's root.
+func RootDirFS() (fsys fs.FS) {
+	// Use empty string since os.DirFS implicitly prepends a slash to it.  This
+	// behavior is undocumented but it currently works.
+	return os.DirFS("")
+}

internal/aghos/os_linux.go

@@ -26,6 +26,8 @@ func haveAdminRights() (bool, error) {
 }
 
 func isOpenWrt() (ok bool) {
+	const etcReleasePattern = "etc/*release*"
+
 	var err error
 	ok, err = FileWalker(func(r io.Reader) (_ []string, cont bool, err error) {
 		const osNameData = "openwrt"
@@ -39,7 +41,7 @@ func isOpenWrt() (ok bool) {
 		}
 
 		return nil, !stringutil.ContainsFold(string(data), osNameData), nil
-	}).Walk("/etc/*release*")
+	}).Walk(RootDirFS(), etcReleasePattern)
 
 	return err == nil && ok
 }

internal/aghos/os_test.go

@@ -63,7 +63,7 @@ func TestLargestLabeled(t *testing.T) {
 		r := bytes.NewReader(tc.data)
 
 		t.Run(tc.name, func(t *testing.T) {
-			pid, instNum, err := parsePSOutput(r, comm)
+			pid, instNum, err := parsePSOutput(r, comm, nil)
 			require.NoError(t, err)
 
 			assert.Equal(t, tc.wantPID, pid)
@@ -76,7 +76,7 @@ func TestLargestLabeled(t *testing.T) {
 		require.NoError(t, err)
 
 		target := &aghio.LimitReachedError{}
-		_, _, err = parsePSOutput(lr, "")
+		_, _, err = parsePSOutput(lr, "", nil)
 		require.ErrorAs(t, err, &target)
 
 		assert.EqualValues(t, 0, target.Limit)
@@ -89,7 +89,7 @@ func TestLargestLabeled(t *testing.T) {
 			`3` + comm + nl,
 		))
 
-		pid, instances, err := parsePSOutput(r, comm, 1, 3)
+		pid, instances, err := parsePSOutput(r, comm, []int{1, 3})
 		require.NoError(t, err)
 
 		assert.Equal(t, 2, pid)

internal/aghtest/fswatcher.go

@@ -0,0 +1,23 @@
+package aghtest
+
+// FSWatcher is a mock aghos.FSWatcher implementation to use in tests.
+type FSWatcher struct {
+	OnEvents func() (e <-chan struct{})
+	OnAdd    func(name string) (err error)
+	OnClose  func() (err error)
+}
+
+// Events implements the aghos.FSWatcher interface for *FSWatcher.
+func (w *FSWatcher) Events() (e <-chan struct{}) {
+	return w.OnEvents()
+}
+
+// Add implements the aghos.FSWatcher interface for *FSWatcher.
+func (w *FSWatcher) Add(name string) (err error) {
+	return w.OnAdd(name)
+}
+
+// Close implements the aghos.FSWatcher interface for *FSWatcher.
+func (w *FSWatcher) Close() (err error) {
+	return w.OnClose()
+}

internal/aghtest/testfs.go

@@ -0,0 +1,46 @@
+package aghtest
+
+import "io/fs"
+
+// type check
+var _ fs.FS = &FS{}
+
+// FS is a mock fs.FS implementation to use in tests.
+type FS struct {
+	OnOpen func(name string) (fs.File, error)
+}
+
+// Open implements the fs.FS interface for *FS.
+func (fsys *FS) Open(name string) (fs.File, error) {
+	return fsys.OnOpen(name)
+}
+
+// type check
+var _ fs.StatFS = &StatFS{}
+
+// StatFS is a mock fs.StatFS implementation to use in tests.
+type StatFS struct {
+	// FS is embedded here to avoid implementing all it's methods.
+	FS
+	OnStat func(name string) (fs.FileInfo, error)
+}
+
+// Stat implements the fs.StatFS interface for *StatFS.
+func (fsys *StatFS) Stat(name string) (fs.FileInfo, error) {
+	return fsys.OnStat(name)
+}
+
+// type check
+var _ fs.GlobFS = &GlobFS{}
+
+// GlobFS is a mock fs.GlobFS implementation to use in tests.
+type GlobFS struct {
+	// FS is embedded here to avoid implementing all it's methods.
+	FS
+	OnGlob func(pattern string) ([]string, error)
+}
+
+// Glob implements the fs.GlobFS interface for *GlobFS.
+func (fsys *GlobFS) Glob(pattern string) ([]string, error) {
+	return fsys.OnGlob(pattern)
+}

internal/aghtime/duration.go

@@ -1,68 +0,0 @@
-// Package aghtime defines some types for convenient work with time values.
-package aghtime
-
-import (
-	"time"
-
-	"github.com/AdguardTeam/golibs/errors"
-)
-
-// Duration is a wrapper for time.Duration providing functionality for encoding.
-type Duration struct {
-	// time.Duration is embedded here to avoid implementing all the methods.
-	time.Duration
-}
-
-// String implements the fmt.Stringer interface for Duration.  It wraps
-// time.Duration.String method and additionally cuts off non-leading zero values
-// of minutes and seconds.  Some values which are differ between the
-// implementations:
-//
-//   Duration:   "1m", time.Duration:   "1m0s"
-//   Duration:   "1h", time.Duration: "1h0m0s"
-//   Duration: "1h1m", time.Duration: "1h1m0s"
-//
-func (d Duration) String() (str string) {
-	str = d.Duration.String()
-
-	const (
-		tailMin    = len(`0s`)
-		tailMinSec = len(`0m0s`)
-
-		secsInHour = time.Hour / time.Second
-		minsInHour = time.Hour / time.Minute
-	)
-
-	switch rounded := d.Duration / time.Second; {
-	case
-		rounded == 0,
-		rounded*time.Second != d.Duration,
-		rounded%60 != 0:
-		// Return the uncut value if it's either equal to zero or has
-		// fractions of a second or even whole seconds in it.
-		return str
-
-	case (rounded%secsInHour)/minsInHour != 0:
-		return str[:len(str)-tailMin]
-
-	default:
-		return str[:len(str)-tailMinSec]
-	}
-}
-
-// MarshalText implements the encoding.TextMarshaler interface for Duration.
-func (d Duration) MarshalText() (text []byte, err error) {
-	return []byte(d.String()), nil
-}
-
-// UnmarshalText implements the encoding.TextUnmarshaler interface for
-// *Duration.
-//
-// TODO(e.burkov): Make it able to parse larger units like days.
-func (d *Duration) UnmarshalText(b []byte) (err error) {
-	defer func() { err = errors.Annotate(err, "unmarshaling duration: %w") }()
-
-	d.Duration, err = time.ParseDuration(string(b))
-
-	return err
-}

internal/aghtime/duration_test.go

@@ -1,240 +0,0 @@
-package aghtime
-
-import (
-	"bytes"
-	"encoding/json"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	yaml "gopkg.in/yaml.v2"
-)
-
-func TestDuration_String(t *testing.T) {
-	testCases := []struct {
-		name string
-		val  time.Duration
-	}{{
-		name: "1s",
-		val:  time.Second,
-	}, {
-		name: "1m",
-		val:  time.Minute,
-	}, {
-		name: "1h",
-		val:  time.Hour,
-	}, {
-		name: "1m1s",
-		val:  time.Minute + time.Second,
-	}, {
-		name: "1h1m",
-		val:  time.Hour + time.Minute,
-	}, {
-		name: "1h0m1s",
-		val:  time.Hour + time.Second,
-	}, {
-		name: "1ms",
-		val:  time.Millisecond,
-	}, {
-		name: "1h0m0.001s",
-		val:  time.Hour + time.Millisecond,
-	}, {
-		name: "1.001s",
-		val:  time.Second + time.Millisecond,
-	}, {
-		name: "1m1.001s",
-		val:  time.Minute + time.Second + time.Millisecond,
-	}, {
-		name: "0s",
-		val:  0,
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			d := Duration{Duration: tc.val}
-			assert.Equal(t, tc.name, d.String())
-		})
-	}
-}
-
-// durationEncodingTester is a helper struct to simplify testing different
-// Duration marshalling and unmarshaling cases.
-type durationEncodingTester struct {
-	PtrMap   map[string]*Duration `json:"ptr_map"   yaml:"ptr_map"`
-	PtrSlice []*Duration          `json:"ptr_slice" yaml:"ptr_slice"`
-	PtrValue *Duration            `json:"ptr_value" yaml:"ptr_value"`
-	PtrArray [1]*Duration         `json:"ptr_array" yaml:"ptr_array"`
-	Map      map[string]Duration  `json:"map"       yaml:"map"`
-	Slice    []Duration           `json:"slice"     yaml:"slice"`
-	Value    Duration             `json:"value"     yaml:"value"`
-	Array    [1]Duration          `json:"array"     yaml:"array"`
-}
-
-const nl = "\n"
-const (
-	jsonStr = `{` +
-		`"ptr_map":{"dur":"1ms"},` +
-		`"ptr_slice":["1ms"],` +
-		`"ptr_value":"1ms",` +
-		`"ptr_array":["1ms"],` +
-		`"map":{"dur":"1ms"},` +
-		`"slice":["1ms"],` +
-		`"value":"1ms",` +
-		`"array":["1ms"]` +
-		`}`
-	yamlStr = `ptr_map:` + nl +
-		`  dur: 1ms` + nl +
-		`ptr_slice:` + nl +
-		`- 1ms` + nl +
-		`ptr_value: 1ms` + nl +
-		`ptr_array:` + nl +
-		`- 1ms` + nl +
-		`map:` + nl +
-		`  dur: 1ms` + nl +
-		`slice:` + nl +
-		`- 1ms` + nl +
-		`value: 1ms` + nl +
-		`array:` + nl +
-		`- 1ms`
-)
-
-// defaultTestDur is the default time.Duration value to be used throughout the tests of
-// Duration.
-const defaultTestDur = time.Millisecond
-
-// checkFields verifies m's fields.  It expects the m to be unmarshaled from
-// one of the constant strings above.
-func (m *durationEncodingTester) checkFields(t *testing.T, d Duration) {
-	t.Run("pointers_map", func(t *testing.T) {
-		require.NotNil(t, m.PtrMap)
-
-		fromPtrMap, ok := m.PtrMap["dur"]
-		require.True(t, ok)
-		require.NotNil(t, fromPtrMap)
-
-		assert.Equal(t, d, *fromPtrMap)
-	})
-
-	t.Run("pointers_slice", func(t *testing.T) {
-		require.Len(t, m.PtrSlice, 1)
-
-		fromPtrSlice := m.PtrSlice[0]
-		require.NotNil(t, fromPtrSlice)
-
-		assert.Equal(t, d, *fromPtrSlice)
-	})
-
-	t.Run("pointers_array", func(t *testing.T) {
-		fromPtrArray := m.PtrArray[0]
-		require.NotNil(t, fromPtrArray)
-
-		assert.Equal(t, d, *fromPtrArray)
-	})
-
-	t.Run("pointer_value", func(t *testing.T) {
-		require.NotNil(t, m.PtrValue)
-
-		assert.Equal(t, d, *m.PtrValue)
-	})
-
-	t.Run("map", func(t *testing.T) {
-		fromMap, ok := m.Map["dur"]
-		require.True(t, ok)
-
-		assert.Equal(t, d, fromMap)
-	})
-
-	t.Run("slice", func(t *testing.T) {
-		require.Len(t, m.Slice, 1)
-
-		assert.Equal(t, d, m.Slice[0])
-	})
-
-	t.Run("array", func(t *testing.T) {
-		assert.Equal(t, d, m.Array[0])
-	})
-
-	t.Run("value", func(t *testing.T) {
-		assert.Equal(t, d, m.Value)
-	})
-}
-
-func TestDuration_MarshalText(t *testing.T) {
-	d := Duration{defaultTestDur}
-	dPtr := &d
-
-	v := durationEncodingTester{
-		PtrMap:   map[string]*Duration{"dur": dPtr},
-		PtrSlice: []*Duration{dPtr},
-		PtrValue: dPtr,
-		PtrArray: [1]*Duration{dPtr},
-		Map:      map[string]Duration{"dur": d},
-		Slice:    []Duration{d},
-		Value:    d,
-		Array:    [1]Duration{d},
-	}
-
-	b := &bytes.Buffer{}
-	t.Run("json", func(t *testing.T) {
-		t.Cleanup(b.Reset)
-		err := json.NewEncoder(b).Encode(v)
-		require.NoError(t, err)
-
-		assert.JSONEq(t, jsonStr, b.String())
-	})
-
-	t.Run("yaml", func(t *testing.T) {
-		t.Cleanup(b.Reset)
-		err := yaml.NewEncoder(b).Encode(v)
-		require.NoError(t, err)
-
-		assert.YAMLEq(t, yamlStr, b.String(), b.String())
-	})
-
-	t.Run("direct", func(t *testing.T) {
-		data, err := d.MarshalText()
-		require.NoError(t, err)
-
-		assert.EqualValues(t, []byte(defaultTestDur.String()), data)
-	})
-}
-
-func TestDuration_UnmarshalText(t *testing.T) {
-	d := Duration{defaultTestDur}
-	var v *durationEncodingTester
-
-	t.Run("json", func(t *testing.T) {
-		v = &durationEncodingTester{}
-
-		r := strings.NewReader(jsonStr)
-		err := json.NewDecoder(r).Decode(v)
-		require.NoError(t, err)
-
-		v.checkFields(t, d)
-	})
-
-	t.Run("yaml", func(t *testing.T) {
-		v = &durationEncodingTester{}
-
-		r := strings.NewReader(yamlStr)
-		err := yaml.NewDecoder(r).Decode(v)
-		require.NoError(t, err)
-
-		v.checkFields(t, d)
-	})
-
-	t.Run("direct", func(t *testing.T) {
-		dd := &Duration{}
-
-		err := dd.UnmarshalText([]byte(d.String()))
-		require.NoError(t, err)
-
-		assert.Equal(t, d, *dd)
-	})
-
-	t.Run("bad_data", func(t *testing.T) {
-		assert.Error(t, (&Duration{}).UnmarshalText([]byte(`abc`)))
-	})
-}

internal/dhcpd/broadcast_bsd.go

@@ -5,33 +5,17 @@ package dhcpd
 
 import (
 	"net"
-
-	"github.com/AdguardTeam/golibs/log"
-	"github.com/insomniacslk/dhcp/dhcpv4"
 )
 
 // broadcast sends resp to the broadcast address specific for network interface.
-func (s *v4Server) broadcast(peer net.Addr, conn net.PacketConn, resp *dhcpv4.DHCPv4) {
-	// peer is expected to be of type *net.UDPConn as the server4.NewServer
-	// initializes it.
-	udpPeer, ok := peer.(*net.UDPAddr)
-	if !ok {
-		log.Error("dhcpv4: peer is of unexpected type %T", peer)
-
-		return
-	}
-
+func (c *dhcpConn) broadcast(respData []byte, peer *net.UDPAddr) (n int, err error) {
 	// Despite the fact that server4.NewIPv4UDPConn explicitly sets socket
 	// options to allow broadcasting, it also binds the connection to a
-	// specific interface.  On FreeBSD and OpenBSD conn.WriteTo causes
-	// errors while writing to the addresses that belong to another
-	// interface.  So, use the broadcast address specific for the binded
-	// interface.
-	udpPeer.IP = s.conf.broadcastIP
+	// specific interface.  On FreeBSD and OpenBSD net.UDPConn.WriteTo
+	// causes errors while writing to the addresses that belong to another
+	// interface.  So, use the broadcast address specific for the interface
+	// bound.
+	peer.IP = c.bcastIP
 
-	log.Debug("dhcpv4: sending to %s: %s", peer, resp.Summary())
-
-	if _, err := conn.WriteTo(resp.ToBytes(), peer); err != nil {
-		log.Error("dhcpv4: conn.Write to %s failed: %s", peer, err)
-	}
+	return c.udpConn.WriteTo(respData, peer)
 }

internal/dhcpd/broadcast_bsd_test.go

@@ -8,17 +8,16 @@ import (
 	"net"
 	"testing"
 
-	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/insomniacslk/dhcp/dhcpv4"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
-func TestV4Server_Send_broadcast(t *testing.T) {
+func TestDHCPConn_Broadcast(t *testing.T) {
 	b := &bytes.Buffer{}
 	var peer *net.UDPAddr
 
-	conn := &fakePacketConn{
+	udpConn := &fakePacketConn{
 		writeTo: func(p []byte, addr net.Addr) (n int, err error) {
 			udpPeer, ok := addr.(*net.UDPAddr)
 			require.True(t, ok)
@@ -31,57 +30,22 @@ func TestV4Server_Send_broadcast(t *testing.T) {
 			return n, nil
 		},
 	}
-
+	conn := &dhcpConn{
+		udpConn: udpConn,
+		bcastIP: net.IP{1, 2, 3, 255},
+	}
 	defaultPeer := &net.UDPAddr{
 		IP: net.IP{1, 2, 3, 4},
 		// Use neither client nor server port.
 		Port: 1234,
 	}
-	s := &v4Server{
-		conf: V4ServerConf{
-			broadcastIP: net.IP{1, 2, 3, 255},
-		},
-	}
+	respData := (&dhcpv4.DHCPv4{}).ToBytes()
 
-	testCases := []struct {
-		name string
-		req  *dhcpv4.DHCPv4
-		resp *dhcpv4.DHCPv4
-	}{{
-		name: "nak",
-		req: &dhcpv4.DHCPv4{
-			GatewayIPAddr: netutil.IPv4Zero(),
-		},
-		resp: &dhcpv4.DHCPv4{
-			Options: dhcpv4.OptionsFromList(
-				dhcpv4.OptMessageType(dhcpv4.MessageTypeNak),
-			),
-		},
-	}, {
-		name: "fully_unspecified",
-		req: &dhcpv4.DHCPv4{
-			GatewayIPAddr: netutil.IPv4Zero(),
-			ClientIPAddr:  netutil.IPv4Zero(),
-		},
-		resp: &dhcpv4.DHCPv4{
-			Options: dhcpv4.OptionsFromList(
-				dhcpv4.OptMessageType(dhcpv4.MessageTypeOffer),
-			),
-		},
-	}}
+	_, _ = conn.broadcast(respData, cloneUDPAddr(defaultPeer))
 
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			s.send(cloneUDPAddr(defaultPeer), conn, tc.req, tc.resp)
-			assert.EqualValues(t, tc.resp.ToBytes(), b.Bytes())
-			assert.Equal(t, &net.UDPAddr{
-				IP:   s.conf.broadcastIP,
-				Port: defaultPeer.Port,
-				Zone: defaultPeer.Zone,
-			}, peer)
-		})
-
-		b.Reset()
-		peer = nil
-	}
+	assert.EqualValues(t, respData, b.Bytes())
+	assert.Equal(t, &net.UDPAddr{
+		IP:   conn.bcastIP,
+		Port: defaultPeer.Port,
+	}, peer)
 }

internal/dhcpd/broadcast_others.go

@@ -5,17 +5,10 @@ package dhcpd
 
 import (
 	"net"
-
-	"github.com/AdguardTeam/golibs/log"
-	"github.com/insomniacslk/dhcp/dhcpv4"
 )
 
 // broadcast sends resp to the broadcast address specific for network interface.
-func (s *v4Server) broadcast(peer net.Addr, conn net.PacketConn, resp *dhcpv4.DHCPv4) {
-	respData := resp.ToBytes()
-
-	log.Debug("dhcpv4: sending to %s: %s", peer, resp.Summary())
-
+func (c *dhcpConn) broadcast(respData []byte, peer *net.UDPAddr) (n int, err error) {
 	// This write to 0xffffffff reverts some behavior changes made in
 	// https://github.com/AdguardTeam/AdGuardHome/issues/3289.  The DHCP
 	// server should broadcast the message to 0xffffffff but it's
@@ -26,26 +19,13 @@ func (s *v4Server) broadcast(peer net.Addr, conn net.PacketConn, resp *dhcpv4.DH
 	// https://github.com/AdguardTeam/AdGuardHome/issues/3366.
 	//
 	// See also https://github.com/AdguardTeam/AdGuardHome/issues/3539.
-	if _, err := conn.WriteTo(respData, peer); err != nil {
-		log.Error("dhcpv4: conn.Write to %s failed: %s", peer, err)
-	}
-
-	// peer is expected to be of type *net.UDPConn as the server4.NewServer
-	// initializes it.
-	udpPeer, ok := peer.(*net.UDPAddr)
-	if !ok {
-		log.Error("dhcpv4: peer is of unexpected type %T", peer)
-
-		return
+	if n, err = c.udpConn.WriteTo(respData, peer); err != nil {
+		return n, err
 	}
 
 	// Broadcast the message one more time using the interface-specific
 	// broadcast address.
-	udpPeer.IP = s.conf.broadcastIP
+	peer.IP = c.bcastIP
 
-	log.Debug("dhcpv4: sending to %s: %s", peer, resp.Summary())
-
-	if _, err := conn.WriteTo(respData, peer); err != nil {
-		log.Error("dhcpv4: conn.Write to %s failed: %s", peer, err)
-	}
+	return c.udpConn.WriteTo(respData, peer)
 }

internal/dhcpd/broadcast_others_test.go

@@ -8,17 +8,16 @@ import (
 	"net"
 	"testing"
 
-	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/insomniacslk/dhcp/dhcpv4"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
-func TestV4Server_Send_broadcast(t *testing.T) {
+func TestDHCPConn_Broadcast(t *testing.T) {
 	b := &bytes.Buffer{}
 	var peers []*net.UDPAddr
 
-	conn := &fakePacketConn{
+	udpConn := &fakePacketConn{
 		writeTo: func(p []byte, addr net.Addr) (n int, err error) {
 			udpPeer, ok := addr.(*net.UDPAddr)
 			require.True(t, ok)
@@ -31,66 +30,27 @@ func TestV4Server_Send_broadcast(t *testing.T) {
 			return n, nil
 		},
 	}
-
+	conn := &dhcpConn{
+		udpConn: udpConn,
+		bcastIP: net.IP{1, 2, 3, 255},
+	}
 	defaultPeer := &net.UDPAddr{
 		IP: net.IP{1, 2, 3, 4},
 		// Use neither client nor server port.
 		Port: 1234,
 	}
-	s := &v4Server{
-		conf: V4ServerConf{
-			broadcastIP: net.IP{1, 2, 3, 255},
-		},
-	}
+	respData := (&dhcpv4.DHCPv4{}).ToBytes()
 
-	testCases := []struct {
-		name string
-		req  *dhcpv4.DHCPv4
-		resp *dhcpv4.DHCPv4
-	}{{
-		name: "nak",
-		req: &dhcpv4.DHCPv4{
-			GatewayIPAddr: netutil.IPv4Zero(),
-		},
-		resp: &dhcpv4.DHCPv4{
-			Options: dhcpv4.OptionsFromList(
-				dhcpv4.OptMessageType(dhcpv4.MessageTypeNak),
-			),
-		},
-	}, {
-		name: "fully_unspecified",
-		req: &dhcpv4.DHCPv4{
-			GatewayIPAddr: netutil.IPv4Zero(),
-			ClientIPAddr:  netutil.IPv4Zero(),
-		},
-		resp: &dhcpv4.DHCPv4{
-			Options: dhcpv4.OptionsFromList(
-				dhcpv4.OptMessageType(dhcpv4.MessageTypeOffer),
-			),
-		},
-	}}
+	_, _ = conn.broadcast(respData, cloneUDPAddr(defaultPeer))
 
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			s.send(cloneUDPAddr(defaultPeer), conn, tc.req, tc.resp)
+	// The same response is written twice but for different peers.
+	assert.EqualValues(t, append(respData, respData...), b.Bytes())
 
-			// The same response is written twice.
-			respData := tc.resp.ToBytes()
-			assert.EqualValues(t, append(respData, respData...), b.Bytes())
+	require.Len(t, peers, 2)
 
-			require.Len(t, peers, 2)
-
-			assert.Equal(t, &net.UDPAddr{
-				IP:   defaultPeer.IP,
-				Port: defaultPeer.Port,
-			}, peers[0])
-			assert.Equal(t, &net.UDPAddr{
-				IP:   s.conf.broadcastIP,
-				Port: defaultPeer.Port,
-			}, peers[1])
-		})
-
-		b.Reset()
-		peers = nil
-	}
+	assert.Equal(t, cloneUDPAddr(defaultPeer), peers[0])
+	assert.Equal(t, &net.UDPAddr{
+		IP:   conn.bcastIP,
+		Port: defaultPeer.Port,
+	}, peers[1])
 }

internal/dhcpd/conn_unix.go

@@ -0,0 +1,244 @@
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+package dhcpd
+
+import (
+	"fmt"
+	"net"
+	"os"
+	"time"
+
+	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/netutil"
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+	"github.com/insomniacslk/dhcp/dhcpv4"
+	"github.com/insomniacslk/dhcp/dhcpv4/server4"
+	"github.com/mdlayher/ethernet"
+	"github.com/mdlayher/raw"
+)
+
+// dhcpUnicastAddr is the combination of MAC and IP addresses for responding to
+// the unconfigured host.
+type dhcpUnicastAddr struct {
+	// raw.Addr is embedded here to make *dhcpUcastAddr a net.Addr without
+	// actually implementing all methods.  It also contains the client's
+	// hardware address.
+	raw.Addr
+
+	// yiaddr is an IP address just allocated by server for the host.
+	yiaddr net.IP
+}
+
+// dhcpConn is the net.PacketConn capable of handling both net.UDPAddr and
+// net.HardwareAddr.
+type dhcpConn struct {
+	// udpConn is the connection for UDP addresses.
+	udpConn net.PacketConn
+	// bcastIP is the broadcast address specific for the configured
+	// interface's subnet.
+	bcastIP net.IP
+
+	// rawConn is the connection for MAC addresses.
+	rawConn net.PacketConn
+	// srcMAC is the hardware address of the configured network interface.
+	srcMAC net.HardwareAddr
+	// srcIP is the IP address  of the configured network interface.
+	srcIP net.IP
+}
+
+// newDHCPConn creates the special connection for DHCP server.
+func (s *v4Server) newDHCPConn(ifi *net.Interface) (c net.PacketConn, err error) {
+	// Create the raw connection.
+	var ucast net.PacketConn
+	if ucast, err = raw.ListenPacket(ifi, uint16(ethernet.EtherTypeIPv4), nil); err != nil {
+		return nil, fmt.Errorf("creating raw udp connection: %w", err)
+	}
+
+	// Create the UDP connection.
+	var bcast net.PacketConn
+	bcast, err = server4.NewIPv4UDPConn(ifi.Name, &net.UDPAddr{
+		// TODO(e.burkov):  Listening on zeroes makes the server handle
+		// requests from all the interfaces.  Inspect the ways to
+		// specify the interface-specific listening addresses.
+		//
+		// See https://github.com/AdguardTeam/AdGuardHome/issues/3539.
+		IP:   net.IP{0, 0, 0, 0},
+		Port: dhcpv4.ServerPort,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("creating ipv4 udp connection: %w", err)
+	}
+
+	return &dhcpConn{
+		udpConn: bcast,
+		bcastIP: s.conf.broadcastIP,
+		rawConn: ucast,
+		srcMAC:  ifi.HardwareAddr,
+		srcIP:   s.conf.dnsIPAddrs[0],
+	}, nil
+}
+
+// wrapErrs is a helper to wrap the errors from two independent underlying
+// connections.
+func (c *dhcpConn) wrapErrs(action string, udpConnErr, rawConnErr error) (err error) {
+	switch {
+	case udpConnErr != nil && rawConnErr != nil:
+		return errors.List(fmt.Sprintf("%s both connections", action), udpConnErr, rawConnErr)
+	case udpConnErr != nil:
+		return fmt.Errorf("%s udp connection: %w", action, udpConnErr)
+	case rawConnErr != nil:
+		return fmt.Errorf("%s raw connection: %w", action, rawConnErr)
+	default:
+		return nil
+	}
+}
+
+// WriteTo implements net.PacketConn for *dhcpConn.  It selects the underlying
+// connection to write to based on the type of addr.
+func (c *dhcpConn) WriteTo(p []byte, addr net.Addr) (n int, err error) {
+	switch addr := addr.(type) {
+	case *dhcpUnicastAddr:
+		// Unicast the message to the client's MAC address.  Use the raw
+		// connection.
+		//
+		// Note: unicasting is performed on the only network interface
+		// that is configured.  For now it may be not what users expect
+		// so additionally broadcast the message via UDP connection.
+		//
+		// See https://github.com/AdguardTeam/AdGuardHome/issues/3539.
+		var rerr error
+		n, rerr = c.unicast(p, addr)
+
+		_, uerr := c.broadcast(p, &net.UDPAddr{
+			IP:   netutil.IPv4bcast(),
+			Port: dhcpv4.ClientPort,
+		})
+
+		return n, c.wrapErrs("writing to", uerr, rerr)
+	case *net.UDPAddr:
+		if addr.IP.Equal(net.IPv4bcast) {
+			// Broadcast the message for the client which supports
+			// it.  Use the UDP connection.
+			return c.broadcast(p, addr)
+		}
+
+		// Unicast the message to the client's IP address.  Use the UDP
+		// connection.
+		return c.udpConn.WriteTo(p, addr)
+	default:
+		return 0, fmt.Errorf("peer is of unexpected type %T", addr)
+	}
+}
+
+// ReadFrom implements net.PacketConn for *dhcpConn.
+func (c *dhcpConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) {
+	return c.udpConn.ReadFrom(p)
+}
+
+// unicast wraps respData with required frames and writes it to the peer.
+func (c *dhcpConn) unicast(respData []byte, peer *dhcpUnicastAddr) (n int, err error) {
+	var data []byte
+	data, err = c.buildEtherPkt(respData, peer)
+	if err != nil {
+		return 0, err
+	}
+
+	return c.rawConn.WriteTo(data, &peer.Addr)
+}
+
+// Close implements net.PacketConn for *dhcpConn.
+func (c *dhcpConn) Close() (err error) {
+	rerr := c.rawConn.Close()
+	if errors.Is(rerr, os.ErrClosed) {
+		// Ignore the error since the actual file is closed already.
+		rerr = nil
+	}
+
+	return c.wrapErrs("closing", c.udpConn.Close(), rerr)
+}
+
+// LocalAddr implements net.PacketConn for *dhcpConn.
+func (c *dhcpConn) LocalAddr() (a net.Addr) {
+	return c.udpConn.LocalAddr()
+}
+
+// SetDeadline implements net.PacketConn for *dhcpConn.
+func (c *dhcpConn) SetDeadline(t time.Time) (err error) {
+	return c.wrapErrs("setting deadline on", c.udpConn.SetDeadline(t), c.rawConn.SetDeadline(t))
+}
+
+// SetReadDeadline implements net.PacketConn for *dhcpConn.
+func (c *dhcpConn) SetReadDeadline(t time.Time) error {
+	return c.wrapErrs(
+		"setting reading deadline on",
+		c.udpConn.SetReadDeadline(t),
+		c.rawConn.SetReadDeadline(t),
+	)
+}
+
+// SetWriteDeadline implements net.PacketConn for *dhcpConn.
+func (c *dhcpConn) SetWriteDeadline(t time.Time) error {
+	return c.wrapErrs(
+		"setting writing deadline on",
+		c.udpConn.SetWriteDeadline(t),
+		c.rawConn.SetWriteDeadline(t),
+	)
+}
+
+// ipv4DefaultTTL is the default Time to Live value as recommended by
+// RFC-1700 (https://datatracker.ietf.org/doc/html/rfc1700) in seconds.
+const ipv4DefaultTTL = 64
+
+// errInvalidPktDHCP is returned when the provided payload is not a valid DHCP
+// packet.
+const errInvalidPktDHCP errors.Error = "packet is not a valid dhcp packet"
+
+// buildEtherPkt wraps the payload with IPv4, UDP and Ethernet frames.  The
+// payload is expected to be an encoded DHCP packet.
+func (c *dhcpConn) buildEtherPkt(payload []byte, peer *dhcpUnicastAddr) (pkt []byte, err error) {
+	dhcpLayer := gopacket.NewPacket(payload, layers.LayerTypeDHCPv4, gopacket.DecodeOptions{
+		NoCopy: true,
+	}).Layer(layers.LayerTypeDHCPv4)
+
+	// Check if the decoding succeeded and the resulting layer doesn't
+	// contain any errors.  It should guarantee panic-safe converting of the
+	// layer into gopacket.SerializableLayer.
+	if dhcpLayer == nil || dhcpLayer.LayerType() != layers.LayerTypeDHCPv4 {
+		return nil, errInvalidPktDHCP
+	}
+
+	udpLayer := &layers.UDP{
+		SrcPort: dhcpv4.ServerPort,
+		DstPort: dhcpv4.ClientPort,
+	}
+	ipv4Layer := &layers.IPv4{
+		Version:  uint8(layers.IPProtocolIPv4),
+		Flags:    layers.IPv4DontFragment,
+		TTL:      ipv4DefaultTTL,
+		Protocol: layers.IPProtocolUDP,
+		SrcIP:    c.srcIP,
+		DstIP:    peer.yiaddr,
+	}
+
+	// Ignore the error since it's only returned for invalid network layer's
+	// type.
+	_ = udpLayer.SetNetworkLayerForChecksum(ipv4Layer)
+	ethLayer := &layers.Ethernet{
+		SrcMAC:       c.srcMAC,
+		DstMAC:       peer.HardwareAddr,
+		EthernetType: layers.EthernetTypeIPv4,
+	}
+
+	buf := gopacket.NewSerializeBuffer()
+	err = gopacket.SerializeLayers(buf, gopacket.SerializeOptions{
+		FixLengths:       true,
+		ComputeChecksums: true,
+	}, ethLayer, ipv4Layer, udpLayer, dhcpLayer.(gopacket.SerializableLayer))
+	if err != nil {
+		return nil, fmt.Errorf("serializing layers: %w", err)
+	}
+
+	return buf.Bytes(), nil
+}

internal/dhcpd/conn_unix_test.go

@@ -0,0 +1,114 @@
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+package dhcpd
+
+import (
+	"net"
+	"testing"
+
+	"github.com/AdguardTeam/golibs/testutil"
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+	"github.com/insomniacslk/dhcp/dhcpv4"
+	"github.com/mdlayher/raw"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestDHCPConn_WriteTo_common(t *testing.T) {
+	respData := (&dhcpv4.DHCPv4{}).ToBytes()
+	udpAddr := &net.UDPAddr{
+		IP:   net.IP{1, 2, 3, 4},
+		Port: dhcpv4.ClientPort,
+	}
+
+	t.Run("unicast_ip", func(t *testing.T) {
+		writeTo := func(_ []byte, addr net.Addr) (_ int, _ error) {
+			assert.Equal(t, udpAddr, addr)
+
+			return 0, nil
+		}
+
+		conn := &dhcpConn{udpConn: &fakePacketConn{writeTo: writeTo}}
+
+		_, err := conn.WriteTo(respData, udpAddr)
+		assert.NoError(t, err)
+	})
+
+	t.Run("unexpected_addr_type", func(t *testing.T) {
+		type unexpectedAddrType struct {
+			net.Addr
+		}
+
+		conn := &dhcpConn{}
+		n, err := conn.WriteTo(nil, &unexpectedAddrType{})
+		require.Error(t, err)
+
+		testutil.AssertErrorMsg(t, "peer is of unexpected type *dhcpd.unexpectedAddrType", err)
+		assert.Zero(t, n)
+	})
+}
+
+func TestBuildEtherPkt(t *testing.T) {
+	conn := &dhcpConn{
+		srcMAC: net.HardwareAddr{1, 2, 3, 4, 5, 6},
+		srcIP:  net.IP{1, 2, 3, 4},
+	}
+	peer := &dhcpUnicastAddr{
+		Addr:   raw.Addr{HardwareAddr: net.HardwareAddr{6, 5, 4, 3, 2, 1}},
+		yiaddr: net.IP{4, 3, 2, 1},
+	}
+	payload := (&dhcpv4.DHCPv4{}).ToBytes()
+
+	t.Run("success", func(t *testing.T) {
+		pkt, err := conn.buildEtherPkt(payload, peer)
+		require.NoError(t, err)
+
+		assert.NotEmpty(t, pkt)
+
+		actualPkt := gopacket.NewPacket(pkt, layers.LayerTypeEthernet, gopacket.DecodeOptions{
+			NoCopy: true,
+		})
+		require.NotNil(t, actualPkt)
+
+		wantTypes := []gopacket.LayerType{
+			layers.LayerTypeEthernet,
+			layers.LayerTypeIPv4,
+			layers.LayerTypeUDP,
+			layers.LayerTypeDHCPv4,
+		}
+		actualLayers := actualPkt.Layers()
+		require.Len(t, actualLayers, len(wantTypes))
+
+		for i, wantType := range wantTypes {
+			layer := actualLayers[i]
+			require.NotNil(t, layer)
+
+			assert.Equal(t, wantType, layer.LayerType())
+		}
+	})
+
+	t.Run("non-serializable", func(t *testing.T) {
+		// Create an invalid DHCP packet.
+		invalidPayload := []byte{1, 2, 3, 4}
+		pkt, err := conn.buildEtherPkt(invalidPayload, nil)
+		require.Error(t, err)
+
+		assert.ErrorIs(t, err, errInvalidPktDHCP)
+		assert.Empty(t, pkt)
+	})
+
+	t.Run("serializing_error", func(t *testing.T) {
+		// Create a peer with invalid MAC.
+		badPeer := &dhcpUnicastAddr{
+			Addr:   raw.Addr{HardwareAddr: net.HardwareAddr{5, 4, 3, 2, 1}},
+			yiaddr: net.IP{4, 3, 2, 1},
+		}
+
+		pkt, err := conn.buildEtherPkt(payload, badPeer)
+		require.Error(t, err)
+
+		assert.Empty(t, pkt)
+	})
+}

internal/dhcpd/dhcpd_test.go

@@ -11,6 +11,7 @@ import (
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
 	"github.com/AdguardTeam/golibs/netutil"
+	"github.com/AdguardTeam/golibs/testutil"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -67,9 +68,7 @@ func TestDB(t *testing.T) {
 	err = s.dbStore()
 	require.NoError(t, err)
 
-	t.Cleanup(func() {
-		assert.NoError(t, os.Remove(dbFilename))
-	})
+	testutil.CleanupAndRequireSuccess(t, func() (err error) { return os.Remove(dbFilename) })
 
 	err = s.srv4.ResetLeases(nil)
 	require.NoError(t, err)
@@ -138,8 +137,51 @@ func TestNormalizeLeases(t *testing.T) {
 	assert.Equal(t, leases[2].HWAddr, dynLeases[1].HWAddr)
 }
 
+func TestV4Server_badRange(t *testing.T) {
+	testCases := []struct {
+		name       string
+		gatewayIP  net.IP
+		subnetMask net.IP
+		wantErrMsg string
+	}{{
+		name:       "gateway_in_range",
+		gatewayIP:  net.IP{192, 168, 10, 120},
+		subnetMask: net.IP{255, 255, 255, 0},
+		wantErrMsg: "dhcpv4: gateway ip 192.168.10.120 in the ip range: " +
+			"192.168.10.20-192.168.10.200",
+	}, {
+		name:       "outside_range_start",
+		gatewayIP:  net.IP{192, 168, 10, 1},
+		subnetMask: net.IP{255, 255, 255, 240},
+		wantErrMsg: "dhcpv4: range start 192.168.10.20 is outside network " +
+			"192.168.10.1/28",
+	}, {
+		name:       "outside_range_end",
+		gatewayIP:  net.IP{192, 168, 10, 1},
+		subnetMask: net.IP{255, 255, 255, 224},
+		wantErrMsg: "dhcpv4: range end 192.168.10.200 is outside network " +
+			"192.168.10.1/27",
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			conf := V4ServerConf{
+				Enabled:    true,
+				RangeStart: net.IP{192, 168, 10, 20},
+				RangeEnd:   net.IP{192, 168, 10, 200},
+				GatewayIP:  tc.gatewayIP,
+				SubnetMask: tc.subnetMask,
+				notify:     testNotify,
+			}
+
+			_, err := v4Create(conf)
+			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
+		})
+	}
+}
+
 // cloneUDPAddr returns a deep copy of a.
-func cloneUDPAddr(a *net.UDPAddr) (copy *net.UDPAddr) {
+func cloneUDPAddr(a *net.UDPAddr) (clone *net.UDPAddr) {
 	return &net.UDPAddr{
 		IP:   netutil.CloneIP(a.IP),
 		Port: a.Port,

internal/dhcpd/http.go

@@ -8,18 +8,15 @@ import (
 	"net/http"
 	"os"
 	"strings"
+	"time"
 
+	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/timeutil"
 )
 
-func httpError(r *http.Request, w http.ResponseWriter, code int, format string, args ...interface{}) {
-	text := fmt.Sprintf(format, args...)
-	log.Info("DHCP: %s %s: %s", r.Method, r.URL, text)
-	http.Error(w, text, code)
-}
-
 type v4ServerConfJSON struct {
 	GatewayIP     net.IP `json:"gateway_ip"`
 	SubnetMask    net.IP `json:"subnet_mask"`
@@ -85,8 +82,13 @@ func (s *Server) handleDHCPStatus(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	err := json.NewEncoder(w).Encode(status)
 	if err != nil {
-		httpError(r, w, http.StatusInternalServerError, "Unable to marshal DHCP status json: %s", err)
-		return
+		aghhttp.Error(
+			r,
+			w,
+			http.StatusInternalServerError,
+			"Unable to marshal DHCP status json: %s",
+			err,
+		)
 	}
 }
 
@@ -209,36 +211,34 @@ func (s *Server) handleDHCPSetConfig(w http.ResponseWriter, r *http.Request) {
 
 	err := json.NewDecoder(r.Body).Decode(conf)
 	if err != nil {
-		httpError(r, w, http.StatusBadRequest,
-			"failed to parse new dhcp config json: %s", err)
+		aghhttp.Error(r, w, http.StatusBadRequest, "failed to parse new dhcp config json: %s", err)
 
 		return
 	}
 
 	srv4, v4Enabled, err := s.handleDHCPSetConfigV4(conf)
 	if err != nil {
-		httpError(r, w, http.StatusBadRequest, "bad dhcpv4 configuration: %s", err)
+		aghhttp.Error(r, w, http.StatusBadRequest, "bad dhcpv4 configuration: %s", err)
 
 		return
 	}
 
 	srv6, v6Enabled, err := s.handleDHCPSetConfigV6(conf)
 	if err != nil {
-		httpError(r, w, http.StatusBadRequest, "bad dhcpv6 configuration: %s", err)
+		aghhttp.Error(r, w, http.StatusBadRequest, "bad dhcpv6 configuration: %s", err)
 
 		return
 	}
 
 	if conf.Enabled == nbTrue && !v4Enabled && !v6Enabled {
-		httpError(r, w, http.StatusBadRequest,
-			"dhcpv4 or dhcpv6 configuration must be complete")
+		aghhttp.Error(r, w, http.StatusBadRequest, "dhcpv4 or dhcpv6 configuration must be complete")
 
 		return
 	}
 
 	err = s.Stop()
 	if err != nil {
-		httpError(r, w, http.StatusInternalServerError, "stopping dhcp: %s", err)
+		aghhttp.Error(r, w, http.StatusInternalServerError, "stopping dhcp: %s", err)
 
 		return
 	}
@@ -263,7 +263,7 @@ func (s *Server) handleDHCPSetConfig(w http.ResponseWriter, r *http.Request) {
 
 	err = s.dbLoad()
 	if err != nil {
-		httpError(r, w, http.StatusInternalServerError, "loading leases db: %s", err)
+		aghhttp.Error(r, w, http.StatusInternalServerError, "loading leases db: %s", err)
 
 		return
 	}
@@ -272,9 +272,7 @@ func (s *Server) handleDHCPSetConfig(w http.ResponseWriter, r *http.Request) {
 		var code int
 		code, err = s.enableDHCP(conf.InterfaceName)
 		if err != nil {
-			httpError(r, w, code, "enabling dhcp: %s", err)
-
-			return
+			aghhttp.Error(r, w, code, "enabling dhcp: %s", err)
 		}
 	}
 }
@@ -293,7 +291,8 @@ func (s *Server) handleDHCPInterfaces(w http.ResponseWriter, r *http.Request) {
 
 	ifaces, err := net.Interfaces()
 	if err != nil {
-		httpError(r, w, http.StatusInternalServerError, "Couldn't get interfaces: %s", err)
+		aghhttp.Error(r, w, http.StatusInternalServerError, "Couldn't get interfaces: %s", err)
+
 		return
 	}
 
@@ -310,7 +309,15 @@ func (s *Server) handleDHCPInterfaces(w http.ResponseWriter, r *http.Request) {
 		var addrs []net.Addr
 		addrs, err = iface.Addrs()
 		if err != nil {
-			httpError(r, w, http.StatusInternalServerError, "Failed to get addresses for interface %s: %s", iface.Name, err)
+			aghhttp.Error(
+				r,
+				w,
+				http.StatusInternalServerError,
+				"Failed to get addresses for interface %s: %s",
+				iface.Name,
+				err,
+			)
+
 			return
 		}
 
@@ -327,7 +334,13 @@ func (s *Server) handleDHCPInterfaces(w http.ResponseWriter, r *http.Request) {
 			ipnet, ok := addr.(*net.IPNet)
 			if !ok {
 				// not an IPNet, should not happen
-				httpError(r, w, http.StatusInternalServerError, "SHOULD NOT HAPPEN: got iface.Addrs() element %s that is not net.IPNet, it is %T", addr, addr)
+				aghhttp.Error(
+					r,
+					w,
+					http.StatusInternalServerError,
+					"got iface.Addrs() element %[1]s that is not net.IPNet, it is %[1]T",
+					addr)
+
 				return
 			}
 			// ignore link-local
@@ -348,8 +361,13 @@ func (s *Server) handleDHCPInterfaces(w http.ResponseWriter, r *http.Request) {
 
 	err = json.NewEncoder(w).Encode(response)
 	if err != nil {
-		httpError(r, w, http.StatusInternalServerError, "Failed to marshal json with available interfaces: %s", err)
-		return
+		aghhttp.Error(
+			r,
+			w,
+			http.StatusInternalServerError,
+			"Failed to marshal json with available interfaces: %s",
+			err,
+		)
 	}
 }
 
@@ -453,9 +471,13 @@ func (s *Server) handleDHCPFindActiveServer(w http.ResponseWriter, r *http.Reque
 	w.Header().Set("Content-Type", "application/json")
 	err = json.NewEncoder(w).Encode(result)
 	if err != nil {
-		httpError(r, w, http.StatusInternalServerError, "Failed to marshal DHCP found json: %s", err)
-
-		return
+		aghhttp.Error(
+			r,
+			w,
+			http.StatusInternalServerError,
+			"Failed to marshal DHCP found json: %s",
+			err,
+		)
 	}
 }
 
@@ -463,13 +485,13 @@ func (s *Server) handleDHCPAddStaticLease(w http.ResponseWriter, r *http.Request
 	l := &Lease{}
 	err := json.NewDecoder(r.Body).Decode(l)
 	if err != nil {
-		httpError(r, w, http.StatusBadRequest, "json.Decode: %s", err)
+		aghhttp.Error(r, w, http.StatusBadRequest, "json.Decode: %s", err)
 
 		return
 	}
 
 	if l.IP == nil {
-		httpError(r, w, http.StatusBadRequest, "invalid IP")
+		aghhttp.Error(r, w, http.StatusBadRequest, "invalid IP")
 
 		return
 	}
@@ -481,7 +503,7 @@ func (s *Server) handleDHCPAddStaticLease(w http.ResponseWriter, r *http.Request
 
 		err = s.srv6.AddStaticLease(l)
 		if err != nil {
-			httpError(r, w, http.StatusBadRequest, "%s", err)
+			aghhttp.Error(r, w, http.StatusBadRequest, "%s", err)
 		}
 
 		return
@@ -490,7 +512,7 @@ func (s *Server) handleDHCPAddStaticLease(w http.ResponseWriter, r *http.Request
 	l.IP = ip4
 	err = s.srv4.AddStaticLease(l)
 	if err != nil {
-		httpError(r, w, http.StatusBadRequest, "%s", err)
+		aghhttp.Error(r, w, http.StatusBadRequest, "%s", err)
 
 		return
 	}
@@ -500,13 +522,13 @@ func (s *Server) handleDHCPRemoveStaticLease(w http.ResponseWriter, r *http.Requ
 	l := &Lease{}
 	err := json.NewDecoder(r.Body).Decode(l)
 	if err != nil {
-		httpError(r, w, http.StatusBadRequest, "json.Decode: %s", err)
+		aghhttp.Error(r, w, http.StatusBadRequest, "json.Decode: %s", err)
 
 		return
 	}
 
 	if l.IP == nil {
-		httpError(r, w, http.StatusBadRequest, "invalid IP")
+		aghhttp.Error(r, w, http.StatusBadRequest, "invalid IP")
 
 		return
 	}
@@ -518,7 +540,7 @@ func (s *Server) handleDHCPRemoveStaticLease(w http.ResponseWriter, r *http.Requ
 
 		err = s.srv6.RemoveStaticLease(l)
 		if err != nil {
-			httpError(r, w, http.StatusBadRequest, "%s", err)
+			aghhttp.Error(r, w, http.StatusBadRequest, "%s", err)
 		}
 
 		return
@@ -527,16 +549,23 @@ func (s *Server) handleDHCPRemoveStaticLease(w http.ResponseWriter, r *http.Requ
 	l.IP = ip4
 	err = s.srv4.RemoveStaticLease(l)
 	if err != nil {
-		httpError(r, w, http.StatusBadRequest, "%s", err)
+		aghhttp.Error(r, w, http.StatusBadRequest, "%s", err)
 
 		return
 	}
 }
 
+const (
+	// DefaultDHCPLeaseTTL is the default time-to-live for leases.
+	DefaultDHCPLeaseTTL = uint32(timeutil.Day / time.Second)
+	// DefaultDHCPTimeoutICMP is the default timeout for waiting ICMP responses.
+	DefaultDHCPTimeoutICMP = 1000
+)
+
 func (s *Server) handleReset(w http.ResponseWriter, r *http.Request) {
 	err := s.Stop()
 	if err != nil {
-		httpError(r, w, http.StatusInternalServerError, "stopping dhcp: %s", err)
+		aghhttp.Error(r, w, http.StatusInternalServerError, "stopping dhcp: %s", err)
 
 		return
 	}
@@ -547,19 +576,24 @@ func (s *Server) handleReset(w http.ResponseWriter, r *http.Request) {
 	}
 
 	oldconf := s.conf
-	s.conf = ServerConfig{}
-	s.conf.WorkDir = oldconf.WorkDir
-	s.conf.HTTPRegister = oldconf.HTTPRegister
-	s.conf.ConfigModified = oldconf.ConfigModified
-	s.conf.DBFilePath = oldconf.DBFilePath
+	s.conf = ServerConfig{
+		WorkDir:        oldconf.WorkDir,
+		HTTPRegister:   oldconf.HTTPRegister,
+		ConfigModified: oldconf.ConfigModified,
+		DBFilePath:     oldconf.DBFilePath,
+	}
 
-	v4conf := V4ServerConf{}
-	v4conf.ICMPTimeout = 1000
-	v4conf.notify = s.onNotify
+	v4conf := V4ServerConf{
+		LeaseDuration: DefaultDHCPLeaseTTL,
+		ICMPTimeout:   DefaultDHCPTimeoutICMP,
+		notify:        s.onNotify,
+	}
 	s.srv4, _ = v4Create(v4conf)
 
-	v6conf := V6ServerConf{}
-	v6conf.notify = s.onNotify
+	v6conf := V6ServerConf{
+		LeaseDuration: DefaultDHCPLeaseTTL,
+		notify:        s.onNotify,
+	}
 	s.srv6, _ = v6Create(v6conf)
 
 	s.conf.ConfigModified()
@@ -569,7 +603,7 @@ func (s *Server) handleResetLeases(w http.ResponseWriter, r *http.Request) {
 	err := s.resetLeases()
 	if err != nil {
 		msg := "resetting leases: %s"
-		httpError(r, w, http.StatusInternalServerError, msg, err)
+		aghhttp.Error(r, w, http.StatusInternalServerError, msg, err)
 
 		return
 	}

internal/dhcpd/http_test.go

@@ -15,7 +15,7 @@ func TestServer_notImplemented(t *testing.T) {
 
 	w := httptest.NewRecorder()
 	r, err := http.NewRequest(http.MethodGet, "/unsupported", nil)
-	require.Nil(t, err)
+	require.NoError(t, err)
 
 	h(w, r)
 	assert.Equal(t, http.StatusNotImplemented, w.Code)