aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWarren Baker <warren@decoy.co.za>2013-06-13 16:21:44 +0200
committerWarren Baker <warren@decoy.co.za>2013-06-13 16:21:44 +0200
commit6751b1db500c831eac7968a4cdd748b9cbc07949 (patch)
tree338ef3c4e1c241489b9c2533e31e08f430c0daba
parentd875d5fc73d74403488288e65cdd7a0befac6939 (diff)
downloadpfsense-packages-6751b1db500c831eac7968a4cdd748b9cbc07949.tar.gz
pfsense-packages-6751b1db500c831eac7968a4cdd748b9cbc07949.tar.bz2
pfsense-packages-6751b1db500c831eac7968a4cdd748b9cbc07949.zip
Make sure virtual IPs are skipped as they would be covered in the interfaces access list
-rw-r--r--config/unbound/unbound.inc10
1 files changed, 6 insertions, 4 deletions
diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc
index 2dd33bcd..156b14fc 100644
--- a/config/unbound/unbound.inc
+++ b/config/unbound/unbound.inc
@@ -275,12 +275,14 @@ function unbound_get_network_interface_addresses() {
log_error("Unbound DNS: There was a problem setting up the Virtual IP for the interface ".link_ip_to_carp_interface($vip['subnet']));
} else {
$unbound_interfaces[$i]['virtual']['ipaddr'] = $virtual_ip;
+ $unbound_interfaces[$i]['virtual']['subnet'] = $vip['subnet_bits'];
+ $unbound_interfaces[$i]['virtual']['network'] = $virtual_ip;
}
}
}
}
}
- } else if(isset($interfaces[$unboundif]['ipaddr'])) {
+ } else if (isset($interfaces[$unboundif]['ipaddr'])) {
/* Find the interface IP address for
* XXX - this only works for IPv4 currently - the pfSense module needs IPv6 love
*/
@@ -378,7 +380,7 @@ function unbound_acls_config() {
global $config;
/* Configure the ACLs */
- if(is_array($config['installedpackages']['unboundacls']['config'])) {
+ if (is_array($config['installedpackages']['unboundacls']['config'])) {
$unbound_acls = $config['installedpackages']['unboundacls']['config'];
$unboundcfg = "";
foreach($unbound_acls as $unbound_acl){
@@ -409,9 +411,9 @@ function unbound_resync_config() {
$unbound_allowed_networks = "";
$unboundnetcfg = unbound_get_network_interface_addresses();
foreach($unboundnetcfg as $netent) {
- foreach($netent as $entry) {
+ foreach($netent as $nettype => $entry) {
$unbound_bind_interfaces .="interface: {$entry['ipaddr']}\n";
- if($entry['ipaddr'] != "127.0.0.1" && $entry['ipaddr'] != "::1")
+ if($entry['ipaddr'] != "127.0.0.1" && $entry['ipaddr'] != "::1" && $nettype != "virtual")
$unbound_allowed_networks .= "access-control: {$entry['network']}/{$entry['subnet']} allow\n";
}
}