diff options
Diffstat (limited to 'config/unbound')
| -rw-r--r-- | config/unbound/unbound.inc | 121 | ||||
| -rw-r--r-- | config/unbound/unbound.xml | 26 | ||||
| -rw-r--r-- | config/unbound/unbound_acls.php | 366 | ||||
| -rw-r--r-- | config/unbound/unbound_acls.xml | 2 | ||||
| -rw-r--r-- | config/unbound/unbound_advanced.xml | 4 | ||||
| -rwxr-xr-x | config/unbound/unbound_monitor.sh | 66 | ||||
| -rw-r--r-- | config/unbound/unbound_status.php | 2 |
7 files changed, 570 insertions, 17 deletions
diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc index f622bd71..292a2ae6 100644 --- a/config/unbound/unbound.inc +++ b/config/unbound/unbound.inc @@ -72,7 +72,7 @@ function unbound_initial_setup() { * */ if(!isset($unbound_config['active_interface'])) { - if(count($config['interfaces']) > 1) + if (count($config['interfaces']) > 1) $unbound_config['active_interface'] = "lan"; else $unbound_config['active_interface'] = "wan"; @@ -198,6 +198,11 @@ function unbound_control($action) { if($unbound_config['unbound_status'] == "on") { if(!is_service_running("unbound")) unbound_ctl_exec("start"); + /* Link dnsmasq.pid to prevent dhcpleases logging error */ + if (!is_link("/var/run/dnsmasq.pid")) { + @unlink("/var/run/dnsmasq.pid"); + mwexec("/bin/ln -s /var/run/unbound.pid /var/run/dnsmasq.pid"); + } fetch_root_hints(); } break; @@ -298,6 +303,71 @@ function unbound_get_network_interface_addresses() { return $unbound_interfaces; } +function unbound_get_query_interface_addresses() { + global $config; + + $interfaces = $config['interfaces']; + $unbound_config = $config['installedpackages']['unbound']['config'][0]; + /* If no query interface is configured then just return false */ + if (empty($unbound_config['query_interface'])) + return false; + else + $unboundint = explode(",", $unbound_config['query_interface']); + $unbound_interfaces = array(); + $i = 0; + + foreach ($unboundint as $unboundidx => $unboundif) { + /* Configure IPv4 addresses */ + if (is_ipaddr($interfaces[$unboundif]['ipaddr'])) { + $unbound_interfaces[$i]['ipv4']['ipaddr'] = $interfaces[$unboundif]['ipaddr']; + $unbound_interfaces[$i]['ipv4']['subnet'] = $interfaces[$unboundif]['subnet']; + $unbound_interfaces[$i]['ipv4']['network'] = gen_subnet($unbound_interfaces[$i]['ipv4']['ipaddr'],$unbound_interfaces[$i]['ipv4']['subnet']); + + // Check for CARP addresses and also return those - only IPv4 for now + if (isset($config['virtualip'])) { + if(is_array($config['virtualip']['vip'])) { + foreach($config['virtualip']['vip'] as $vip) { + if (($vip['interface'] == $unboundif) && ($vip['mode'] == "carp")) { + $virtual_ip = find_interface_ip(link_ip_to_carp_interface($vip['subnet'])); + if ($virtual_ip == '') { + log_error("Unbound DNS: There was a problem setting up the Virtual IP for the interface ".link_ip_to_carp_interface($vip['subnet'])); + } else { + $unbound_interfaces[$i]['virtual']['ipaddr'] = $virtual_ip; + } + } + } + } + } + } else if(isset($interfaces[$unboundif]['ipaddr'])) { + /* Find the interface IP address for + * XXX - this only works for IPv4 currently - the pfSense module needs IPv6 love + */ + $unboundrealif = convert_friendly_interface_to_real_interface_name($unboundif); + $unbound_interfaces[$i]['ipv4']['ipaddr'] = find_interface_ip($unboundrealif); + $unbound_interfaces[$i]['ipv4']['subnet'] = find_interface_subnet($unboundrealif); + $unbound_interfaces[$i]['ipv4']['network'] = gen_subnet($unbound_interfaces[$i]['ipv4']['ipaddr'],$unbound_interfaces[$i]['ipv4']['subnet']); + } + + /* Configure IPv6 addresses */ + if(function_exists("is_ipaddrv6")) { + if(is_ipaddrv6($interfaces[$unboundif]['ipaddrv6'])) { + $unbound_interfaces[$i]['ipv6']['ipaddr'] = $interfaces[$unboundif]['ipaddrv6']; + $unbound_interfaces[$i]['ipv6']['subnet'] = $interfaces[$unboundif]['subnetv6']; + $unbound_interfaces[$i]['ipv6']['network'] = gen_subnetv6($unbound_interfaces[$i]['ipv6']['ipaddr'], $unbound_interfaces[$i]['ipv6']['subnet']); + } + } + /* Lastly check for loopback addresses*/ + if($unboundif == "lo0") { + $unbound_interfaces[$i]['loopback']['ipaddr'] = "127.0.0.1"; + if (function_exists("is_ipaddrv6")) + $unbound_interfaces[$i]['loopback6']['ipaddr'] = "::1"; + } + $i++; + } + return $unbound_interfaces; +} + + function unbound_acls_config() { global $config; @@ -308,6 +378,8 @@ function unbound_acls_config() { foreach($unbound_acls as $unbound_acl){ $unboundcfg .= "#{$unbound_acl['aclname']}\n"; foreach($unbound_acl['row'] as $network) { + if ($unbound_acl['aclaction'] == "allow snoop") + $unbound_acl['aclaction'] = "allow_snoop"; $unboundcfg .= "access-control: {$network['acl_network']}/{$network['mask']} {$unbound_acl['aclaction']}\n"; } } @@ -331,11 +403,22 @@ function unbound_resync_config() { $unboundnetcfg = unbound_get_network_interface_addresses(); foreach($unboundnetcfg as $netent) { foreach($netent as $entry) { + # If virtual interface then skip + if (!$entry['network'] && $entry['subnet']) + continue; $unbound_bind_interfaces .="interface: {$entry['ipaddr']}\n"; if($entry['ipaddr'] != "127.0.0.1" && $entry['ipaddr'] != "::1" ) $unbound_allowed_networks .= "access-control: {$entry['network']}/{$entry['subnet']} allow\n"; } } + if($unboundquerycfg = unbound_get_query_interface_addresses()) { + foreach($unboundquerycfg as $qent) { + $unbound_query_interfaces = "# Interfaces to query from\n"; + foreach($qent as $entry) + $unbound_query_interfaces .= "outgoing-interface: {$entry['ipaddr']}\n"; + } + } + /* Configure user configured ACLs */ $unbound_allowed_networks .= unbound_acls_config(); @@ -463,6 +546,8 @@ harden-dnssec-stripped: {$harden_dnssec_stripped} # Interface IP(s) to bind to {$unbound_bind_interfaces} +{$unbound_query_interfaces} + {$anchor_file} #### Access Control #### @@ -523,7 +608,7 @@ function unbound_ctl_exec($cmd) { function unbound_optimization() { global $config; - $unbound_config = $config['installedpackages']['unbound']['config'][0]; + $unbound_config = $config['installedpackages']['unboundadvanced']['config'][0]; $optimization_settings = array(); // Set the number of threads equal to number of CPUs. @@ -769,17 +854,19 @@ function unbound_add_host_entries() { $added_item = array(); foreach ($hosts as $host) { $current_host = $host['host']; + if ($host['host'] != "") + $host['host'] = $host['host']."."; if(!$added_item[$current_host]) { - $host_entries .= "local-data-ptr: \"{$host['ip']} {$host['host']}.{$host['domain']}\"\n"; + $host_entries .= "local-data-ptr: \"{$host['ip']} {$host['host']}{$host['domain']}\"\n"; if(function_exists("is_ipaddrv6")) { if (is_ipaddrv6($host['ip'])) - $host_entries .= "local-data: \"{$host['host']}.{$host['domain']} IN AAAA {$host['ip']}\"\n"; + $host_entries .= "local-data: \"{$host['host']}{$host['domain']} IN AAAA {$host['ip']}\"\n"; else - $host_entries .= "local-data: \"{$host['host']}.{$host['domain']} IN A {$host['ip']}\"\n"; + $host_entries .= "local-data: \"{$host['host']}{$host['domain']} IN A {$host['ip']}\"\n"; } else - $host_entries .= "local-data: \"{$host['host']}.{$host['domain']} IN A {$host['ip']}\"\n"; + $host_entries .= "local-data: \"{$host['host']}{$host['domain']} IN A {$host['ip']}\"\n"; if (!empty($host['descr']) && $unboundcfg['txtsupport'] == 'on') - $host_entries .= "local-data: '{$host['host']}.{$host['domain']} TXT \"".addslashes($host['descr'])."\"'\n"; + $host_entries .= "local-data: '{$host['host']}{$host['domain']} TXT \"".addslashes($host['descr'])."\"'\n"; // Do not add duplicate entries $added_item[$current_host] = true; @@ -856,4 +943,24 @@ function unbound_add_domain_overrides($pvt=false) { } } +function unbound_acl_id_used($id) { + global $config; + + if (is_array($config['installedpackages']['unboundacls']['config'])) + foreach ($config['installedpackages']['unboundacls']['config'] as & $acls) + if ($id == $acls['aclid']) + return true; + + return false; +} + +function unbound_get_next_id() { + + $aclid = 0; + while(unbound_acl_id_used($aclid)) + $aclid++; + + return $aclid; +} + ?>
\ No newline at end of file diff --git a/config/unbound/unbound.xml b/config/unbound/unbound.xml index 04b3f91c..f8c33582 100644 --- a/config/unbound/unbound.xml +++ b/config/unbound/unbound.xml @@ -47,7 +47,7 @@ <name>Unbound DNS</name> <tooltiptext>Setup Unbound specific settings</tooltiptext> <section>Services</section> - <url>pkg_edit.php?xml=unbound.xml&id=0</url> + <url>/pkg_edit.php?xml=unbound.xml&id=0</url> </menu> <service> <name>unbound</name> @@ -66,16 +66,20 @@ <item>http://www.pfsense.org/packages/config/unbound/unbound_status.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> + <prefix>/usr/local/www/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.org/packages/config/unbound/unbound_acls.xml</item> + <item>http://www.pfsense.org/packages/config/unbound/unbound_acls.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> <item>http://www.pfsense.org/packages/config/unbound/unbound_advanced.xml</item> </additional_files_needed> - + <additional_files_needed> + <prefix>/usr/local/etc/rc.d/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.org/packages/config/unbound/unbound_monitor.sh</item> + </additional_files_needed> <tabs> <tab> <text>Unbound DNS Settings</text> @@ -89,7 +93,7 @@ </tab> <tab> <text>Unbound DNS ACLs</text> - <url>/pkg.php?xml=unbound_acls.xml</url> + <url>/unbound_acls.php</url> </tab> <tab> <text>Unbound DNS Status</text> @@ -110,13 +114,23 @@ <field> <fielddescr>Network interface</fielddescr> <fieldname>active_interface</fieldname> - <description>The network interface(s) the Unbound DNS server will query from.</description> + <description>The network interface(s) the Unbound DNS server will listen on.</description> <type>interfaces_selection</type> <required/> <default_value>wan</default_value> <multiple/> </field> <field> + <fielddescr>Query interfaces</fielddescr> + <fieldname>query_interface</fieldname> + <description>Utilize different network interface(s) that Unbound DNS server will use to send queries to authoritative servers and receive their replies. <br/> + <b>Note:</b> If a query interface is not selected then the default of all interfaces will be used. + </description> + <type>interfaces_selection</type> + <default_value>wan</default_value> + <multiple/> + </field> + <field> <fieldname>dnssec_status</fieldname> <fielddescr>Enable DNSSEC</fielddescr> <description>Enable the use of DNSSEC. <br/> diff --git a/config/unbound/unbound_acls.php b/config/unbound/unbound_acls.php new file mode 100644 index 00000000..7e4e5a71 --- /dev/null +++ b/config/unbound/unbound_acls.php @@ -0,0 +1,366 @@ +<?php +/* $Id$ */ +/* + unbound_acls.php + part of pfSense (http://www.pfsense.com/) + + Copyright (C) 2011 Warren Baker <warren@decoy.co.za> + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); +require("unbound.inc"); + +if (!is_array($config['installedpackages']['unboundacls']['config'])) + $config['installedpackages']['unboundacls']['config'] = array(); + +$a_acls = &$config['installedpackages']['unboundacls']['config']; + +$id = $_GET['id']; +if (isset($_POST['aclid'])) + $id = $_POST['aclid']; + +$act = $_GET['act']; +if (isset($_POST['act'])) + $act = $_POST['act']; + +if ($act == "del") { + if (!$a_acls[$id]) { + pfSenseHeader("unbound_acls.php"); + exit; + } + + unset($a_acls[$id]); + write_config(); + unbound_reconfigure(); + $savemsg = gettext("Access List successfully deleted")."<br/>"; +} + +if ($act == "new") { + $id = unbound_get_next_id(); +} + +if ($act == "edit") { + if (isset($id) && $a_acls[$id]) { + $pconfig = $a_acls[$id]; + $networkacl = $a_acls[$id]['row']; + } +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation - only allow 50 entries in a single ACL*/ + for($x=0; $x<50; $x++) { + if(isset($pconfig["acl_network{$x}"])) { + $networkacl[$x] = array(); + $networkacl[$x]['acl_network'] = $pconfig["acl_network{$x}"]; + $networkacl[$x]['mask'] = $pconfig["mask{$x}"]; + $networkacl[$x]['description'] = $pconfig["description{$x}"]; + if (!is_ipaddr($networkacl[$x]['acl_network'])) + $input_errors[] = gettext("You must enter a valid network IP address for {$networkacl[$x]['acl_network']}."); + + if (is_ipaddr($networkacl[$x]['acl_network'])) { + if (!is_subnet($networkacl[$x]['acl_network']."/".$networkacl[$x]['mask'])) + $input_errors[] = gettext("You must enter a valid IPv4 netmask for {$networkacl[$x]['acl_network']}/{$networkacl[$x]['mask']}."); + } else if (function_exists("is_ipaddrv6")) { + if (!is_ipaddrv6($networkacl[$x]['acl_network'])) + $input_errors[] = gettext("You must enter a valid IPv6 address for {$networkacl[$x]['acl_network']}."); + else if (!is_subnetv6($networkacl[$x]['acl_network']."/".$networkacl[$x]['mask'])) + $input_errors[] = gettext("You must enter a valid IPv6 netmask for {$networkacl[$x]['acl_network']}/{$networkacl[$x]['mask']}."); + } else + $input_errors[] = gettext("You must enter a valid IPv4 address for {$networkacl[$x]['acl_network']}."); + } + } + + if (!$input_errors) { + + if(!$a_acls[$id]) + $a_acls[$id]['aclid'] = $id; + + if (isset($id) && $a_acls[$id]) { + $a_acls[$id]['aclid'] = $pconfig['aclid']; + $a_acls[$id]['aclname'] = $pconfig['aclname']; + $a_acls[$id]['aclaction'] = $pconfig['aclaction']; + $a_acls[$id]['description'] = $pconfig['description']; + $a_acls[$id]['row'] = array(); + foreach ($networkacl as $acl) + $a_acls[$id]['row'][] = $acl; + write_config(); + unbound_reconfigure(); + } + header("Location: unbound_acls.php"); + exit; + } +} + + +$pgtitle = "Services: Unbound DNS Forwarder: Access Lists"; +include("head.inc"); + +?> + +<script type="text/javascript" src="/javascript/row_helper.js"> +</script> + +<script type="text/javascript"> + function mask_field(fieldname, fieldsize, n) { + return '<select name="' + fieldname + n + '" class="formselect" id="' + fieldname + n + '"><?php + for ($i = 128; $i >= 0; $i--) { + echo "<option value=\"$i\">$i</option>"; + } + ?></select>'; + } + + rowtype[0] = "textbox"; + rowname[0] = "acl_network"; + rowsize[0] = "30"; + rowname[1] = "mask"; + rowtype[1] = mask_field; + rowtype[2] = "textbox"; + rowname[2] = "description"; + rowsize[2] = "40"; +</script> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php include("fbegin.inc"); ?> +<?php +if (!$savemsg) + $savemsg = ""; + +if ($input_errors) + print_input_errors($input_errors); + +if ($savemsg) + print_info_box($savemsg); +?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="tabnavtbl"> + <ul id="tabnav"> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("Unbound DNS Settings"), false, "/pkg_edit.php?xml=unbound.xml&id=0"); + $tab_array[] = array(gettext("Unbound DNS Advanced Settings"), false, "/pkg_edit.php?xml=unbound_advanced.xml&id=0"); + $tab_array[] = array(gettext("Unbound DNS ACLs"), true, "/unbound_acls.php"); + $tab_array[] = array(gettext("Unbound DNS Status"), false, "/unbound_status.php"); + display_top_tabs($tab_array, true); + ?> + </ul> + </td> + </tr> + <tr> + <td class="tabcont"> + + <?php if($act=="new" || $act=="edit"): ?> + + <form action="unbound_acls.php" method="post" name="iform" id="iform"> + <input name="aclid" type="hidden" value="<?=$id;?>"> + <input name="act" type="hidden" value="<?=$act;?>"> + + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=sprintf(gettext("%s ACL"),$act);?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("ACL name");?></td> + <td width="78%" class="vtable"> + <input name="aclname" type="text" class="formfld" id="aclname" size="30" maxlength="30" value="<?=htmlspecialchars($pconfig['aclname']);?>"> + <br /> + <span class="vexpl"><?=gettext("Provide an ACL name.");?></span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Action");?></td> + <td width="78%" class="vtable"> + <select name="aclaction" class="formselect"> + <?php $types = explode(",", "Allow,Deny,Refuse,Allow Snoop"); foreach ($types as $type): ?> + <option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['aclaction'])) echo "selected"; ?>> + <?=htmlspecialchars($type);?> + </option> + <?php endforeach; ?> + </select> + <br/> + <span class="vexpl"> + <?=gettext("Choose what to do with DNS requests that match the criteria specified below.");?> <br/> + <?=gettext("<b>Deny:</b> This actions stops queries from hosts within the netblock defined below.");?> <br/> + <?=gettext("<b>Refuse:</b> This actions also stops queries from hosts within the netblock defined below, but sends back DNS rcode REFUSED error message back tot eh client.");?> <br/> + <?=gettext("<b>Allow:</b> This actions allows queries from hosts within the netblock defined below.");?> <br/> + <?=gettext("<b>Allow Snoop:</b> This actions allows recursive and nonrecursive access from hosts within the netblock defined below. Used for cache snooping and ideally should only be configured for your administrative host.");?> <br/> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Networks");?></td> + <td width="78%" class="vtable"> + <table id="maintable"> + <tbody> + <tr> + <td><div id="onecolumn"><?=gettext("Network");?></div></td> + <td><div id="twocolumn"><?=gettext("CIDR");?></div></td> + <td><div id="threecolumn"><?=gettext("Description");?></div></td> + </tr> + <?php $counter = 0; ?> + <?php + if($networkacl) + foreach($networkacl as $item): + ?> + <?php + $network = $item['acl_network']; + $cidr = $item['mask']; + $description = $item['description']; + ?> + <tr> + <td> + <input autocomplete="off" name="acl_network<?=$counter;?>" type="text" class="formfld unknown" id="acl_network<?=$counter;?>" size="40" value="<?=htmlspecialchars($network);?>" /> + </td> + <td> + <select name="mask<?=$counter;?>" class="formselect" id="mask<?=$counter;?>"> + <?php + for ($i = 128; $i > 0; $i--) { + echo "<option value=\"$i\" "; + if ($i == $cidr) echo "selected"; + echo ">" . $i . "</option>"; + } + ?> + </select> + </td> + <td> + <input autocomplete="off" name="description<?=$counter;?>" type="text" class="listbg" id="description<?=$counter;?>" size="40" value="<?=htmlspecialchars($description);?>" /> + </td> + <td> + <a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" /></a> + </td> + </tr> + <?php $counter++; ?> + <?php endforeach; ?> + </tbody> + <tfoot> + </tfoot> + </table> + <a onclick="javascript:addRowTo('maintable', 'formfldalias'); return false;" href="#"> + <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="<?=gettext("add another entry");?>" /> + </a> + <script type="text/javascript"> + field_counter_js = 3; + rows = 1; + totalrows = <?php echo $counter; ?>; + loaded = <?php echo $counter; ?>; + </script> + + </td> + </tr> + + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td> + <td width="78%" class="vtable"> + <input name="description" type="text" class="formfld unknown" id="description" size="52" maxlength="52" value="<?=htmlspecialchars($pconfig['description']);?>"> + <br /> + <span class="vexpl"><?=gettext("You may enter a description here for your reference.");?></span> + </td> + </tr> + <tr> + <td> </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <br> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()"> + </td> + </tr> + </table> + </form> + + <?php else: ?> + + <table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <thead> + <tr> + <td width="25%" class="listhdrr"><?=gettext("Access List Name"); ?></td> + <td width="25%" class="listhdrr"><?=gettext("Action"); ?></td> + <td width="40%" class="listhdrr"><?=gettext("Description"); ?></td> + <td width="10%" class="list"></td> + </tr> + </thead> + <tbody> + <?php + $i = 0; + foreach($a_acls as $acl): + ?> + <tr ondblclick="document.location='unbound_acls.php?act=edit&id=<?=$i;?>'"> + <td class="listlr"> + <?=$acl['aclname'];?> + </td> + <td class="listr"> + <?=htmlspecialchars($acl['aclaction']);?> + </td> + <td class="listbg"> + <?=htmlspecialchars($acl['description']);?> + </td> + <td valign="middle" nowrap class="list"> + <a href="unbound_acls.php?act=edit&id=<?=$i;?>"> + <img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit client"); ?>" width="17" height="17" border="0"> + </a> + + <a href="unbound_acls.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this client?"); ?>')"> + <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete client"); ?>" width="17" height="17" border="0"> + </a> + </td> + </tr> + <?php + $i++; + endforeach; + ?> + </tbody> + <tfoot> + <tr> + <td class="list" colspan="4"></td> + <td class="list"> + <a href="unbound_acls.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("Add new ACL"); ?>" width="17" height="17" border="0"> + </a> + </td> + </tr> + <tr> + <td colspan="4"> + <p> + <?=gettext("Access Lists to control access to Unbound can be defined here.");?> + </p> + </td> + </tr> + </tfoot> + </table> + + <?php endif; ?> + + </td> + </tr> +</table> +</body> +<?php include("fend.inc"); ?> + +?>
\ No newline at end of file diff --git a/config/unbound/unbound_acls.xml b/config/unbound/unbound_acls.xml index 992a9c63..7c6840ce 100644 --- a/config/unbound/unbound_acls.xml +++ b/config/unbound/unbound_acls.xml @@ -47,7 +47,7 @@ <name>Unbound DNS</name> <tooltiptext>Setup Unbound specific settings</tooltiptext> <section>Services</section> - <url>pkg_edit.php?xml=unbound.xml&id=0</url> + <url>/pkg_edit.php?xml=unbound.xml&id=0</url> </menu> <tabs> <tab> diff --git a/config/unbound/unbound_advanced.xml b/config/unbound/unbound_advanced.xml index 03ba8157..239c39ee 100644 --- a/config/unbound/unbound_advanced.xml +++ b/config/unbound/unbound_advanced.xml @@ -47,7 +47,7 @@ <name>Unbound DNS</name> <tooltiptext>Setup Unbound specific settings</tooltiptext> <section>Services</section> - <url>pkg_edit.php?xml=unbound.xml&id=0</url> + <url>/pkg_edit.php?xml=unbound.xml&id=0</url> </menu> <service> <name>unbound</name> @@ -68,7 +68,7 @@ </tab> <tab> <text>Unbound DNS ACLs</text> - <url>/pkg.php?xml=unbound_acls.xml</url> + <url>/unbound_acls.php</url> </tab> <tab> <text>Unbound DNS Status</text> diff --git a/config/unbound/unbound_monitor.sh b/config/unbound/unbound_monitor.sh new file mode 100755 index 00000000..152a308e --- /dev/null +++ b/config/unbound/unbound_monitor.sh @@ -0,0 +1,66 @@ +#!/bin/sh +# $Id$ */ +# +# unbound.sh +# Copyright (C) 2011 Warren Baker +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +set -e + +LOOP_SLEEP=5 + +if [ -f /var/run/unbound_alarm ]; then + rm /var/run/unbound_alarm +fi + +# Sleep 5 seconds on startup not to mangle with existing boot scripts. +sleep 5 + +while [ /bin/true ]; do + if [ ! -f /var/run/unbound_alarm ]; then + NUM_PROCS=`/bin/pgrep unbound | wc -l | awk '{print $1}'` + if [ $NUM_PROCS -lt 1 ]; then + # Unbound is not running + echo "Unbound has exited." | logger -p daemon.info -i -t Unbound_Alarm + echo "Attempting restart..." | logger -p daemon.info -i -t Unbound_Alarm + /usr/local/etc/rc.d/unbound.sh start + sleep 3 + touch /var/run/unbound_alarm + fi + fi + NUM_PROCS=`/bin/pgrep unbound | wc -l | awk '{print $1}'` + if [ $NUM_PROCS -gt 0 ]; then + if [ -f /var/run/unbound_alarm ]; then + echo "Unbound has resumed." | logger -p daemon.info -i -t Unbound_Alarm + rm /var/run/unbound_alarm + fi + fi + sleep $LOOP_SLEEP +done + +if [ -f /var/run/unbound_alarm ]; then + rm /var/run/unbound_alarm +fi + diff --git a/config/unbound/unbound_status.php b/config/unbound/unbound_status.php index 405b24d4..d011b109 100644 --- a/config/unbound/unbound_status.php +++ b/config/unbound/unbound_status.php @@ -127,7 +127,7 @@ function execCmds() { $tab_array = array(); $tab_array[] = array(gettext("Unbound DNS Settings"), false, "/pkg_edit.php?xml=unbound.xml&id=0"); $tab_array[] = array(gettext("Unbound DNS Advanced Settings"), false, "/pkg_edit.php?xml=unbound_advanced.xml&id=0"); - $tab_array[] = array(gettext("Unbound DNS ACLs"), false, "/pkg.php?xml=unbound_acls.xml"); + $tab_array[] = array(gettext("Unbound DNS ACLs"), false, "/unbound_acls.php"); $tab_array[] = array(gettext("Unbound DNS Status"), true, "/unbound_status.php"); display_top_tabs($tab_array, true); ?> |