diff options
author | Chris Buechler <cmb@pfsense.org> | 2014-11-25 22:39:51 -0600 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2014-11-25 22:39:51 -0600 |
commit | 3bdf2a70153efe76b1924139fb862c5e00a2acd4 (patch) | |
tree | a0c18ed9edc0379fc61a1d0d62d8007c9128a391 | |
parent | f1a6f696b437935c8b77608e18690359435ca46a (diff) | |
download | pfsense-3bdf2a70153efe76b1924139fb862c5e00a2acd4.zip pfsense-3bdf2a70153efe76b1924139fb862c5e00a2acd4.tar.gz |
Use the subnets automatic outbound NAT uses for tonatsubnets for Unbound's access-control config, as this is a good source of what networks are internal. Ticket #4023
-rw-r--r-- | etc/inc/unbound.inc | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/etc/inc/unbound.inc b/etc/inc/unbound.inc index c7b0ce7..332f71c 100644 --- a/etc/inc/unbound.inc +++ b/etc/inc/unbound.inc @@ -34,6 +34,8 @@ /* include all configuration functions */ require_once("config.inc"); require_once("functions.inc"); +require_once("filter.inc"); +require_once("shaper.inc"); /* Optimize Unbound for environment */ function unbound_optimization() { @@ -601,6 +603,15 @@ function unbound_acls_config() { $aclcfg .= "access-control: {$subnet_ip}/{$subnet_bits} allow\n"; } } + + if (empty($FilterIflist)) { + filter_generate_optcfg_array(); + } + $natnetworks_array = array(); + $natnetworks_array = filter_nat_rules_automatic_tonathosts(); + foreach ($natnetworks_array as $allowednet) { + $aclcfg .= "access-control: $allowednet allow \n"; + } // Configure the custom ACLs if (is_array($config['unbound']['acls'])) { |