From e9a2c56d5643ddf94b457b59ab0073eb87846070 Mon Sep 17 00:00:00 2001 From: Warren Baker Date: Mon, 14 Nov 2011 15:43:09 +0200 Subject: Dont add CARP Addresses to the allow list - they will be covered by the interface network --- config/unbound/unbound.inc | 3 +++ 1 file changed, 3 insertions(+) (limited to 'config/unbound') diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc index 9c2b75ee..292a2ae6 100644 --- a/config/unbound/unbound.inc +++ b/config/unbound/unbound.inc @@ -403,6 +403,9 @@ function unbound_resync_config() { $unboundnetcfg = unbound_get_network_interface_addresses(); foreach($unboundnetcfg as $netent) { foreach($netent as $entry) { + # If virtual interface then skip + if (!$entry['network'] && $entry['subnet']) + continue; $unbound_bind_interfaces .="interface: {$entry['ipaddr']}\n"; if($entry['ipaddr'] != "127.0.0.1" && $entry['ipaddr'] != "::1" ) $unbound_allowed_networks .= "access-control: {$entry['network']}/{$entry['subnet']} allow\n"; -- cgit v1.2.3