From e9a2c56d5643ddf94b457b59ab0073eb87846070 Mon Sep 17 00:00:00 2001
From: Warren Baker <warren@decoy.co.za>
Date: Mon, 14 Nov 2011 15:43:09 +0200
Subject: Dont add CARP Addresses to the allow list - they will be covered by
 the interface network

---
 config/unbound/unbound.inc | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'config/unbound')

diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc
index 9c2b75ee..292a2ae6 100644
--- a/config/unbound/unbound.inc
+++ b/config/unbound/unbound.inc
@@ -403,6 +403,9 @@ function unbound_resync_config() {
 	$unboundnetcfg = unbound_get_network_interface_addresses();
 	foreach($unboundnetcfg as $netent) {
 		foreach($netent as $entry) {
+			# If virtual interface then skip
+			if (!$entry['network'] && $entry['subnet'])
+				continue;
 			$unbound_bind_interfaces .="interface: {$entry['ipaddr']}\n";
 			if($entry['ipaddr'] != "127.0.0.1" && $entry['ipaddr'] != "::1" )
 				$unbound_allowed_networks .= "access-control: {$entry['network']}/{$entry['subnet']} allow\n";
-- 
cgit v1.2.3