diff options
| author | Warren Baker <warren@decoy.co.za> | 2014-01-29 21:51:33 +0200 |
|---|---|---|
| committer | Warren Baker <warren@decoy.co.za> | 2014-01-29 21:51:33 +0200 |
| commit | 8fccab671fdade6b67cba2b5523ae2591f1d7425 (patch) | |
| tree | 5b103ee2aac59161b2b82f4f7c2a96114851f7d1 | |
| parent | 519597bcb1c34f44b03726c34bb4337f03e7ddd3 (diff) | |
| download | pfsense-8fccab671fdade6b67cba2b5523ae2591f1d7425.zip pfsense-8fccab671fdade6b67cba2b5523ae2591f1d7425.tar.gz | |
Make sure ACLs are saved correctly
| -rw-r--r-- | etc/inc/unbound.inc | 32 | ||||
| -rw-r--r-- | usr/local/www/services_unbound_acls.php | 42 |
2 files changed, 51 insertions, 23 deletions
diff --git a/etc/inc/unbound.inc b/etc/inc/unbound.inc index 8fcf7b0..008f845 100644 --- a/etc/inc/unbound.inc +++ b/etc/inc/unbound.inc @@ -133,14 +133,17 @@ EOF; } // Configure static Host entries - $host_entries = unbound_add_host_entries(); + unbound_add_host_entries(); // Configure Domain Overrides - $domain_overrides = unbound_add_domain_overrides(); + unbound_add_domain_overrides(); // Configure Unbound statistics $statistics = unbound_statistics(); + // Configure Unbound access-lists + unbound_acls_config(); + // Add custom Unbound options if ($config['unbound']['custom_options']) { $custom_option = "# Unbound custom option"; @@ -322,8 +325,8 @@ function sync_unbound_service() { function unbound_acl_id_used($id) { global $config; - if (is_array($config['installedpackages']['unboundacls']['config'])) - foreach ($config['installedpackages']['unboundacls']['config'] as & $acls) + if (is_array($config['unbound']['acls'])) + foreach($config['unbound']['acls'] as & $acls) if ($id == $acls['aclid']) return true; @@ -585,4 +588,25 @@ EOF; return $stats; } +// Unbound Access lists +function unbound_acls_config() { + global $config; + + // Configure the ACLs + if (is_array($config['unbound']['acls'])) { + $unboundcfg = ""; + foreach($config['unbound']['acls'] as $unbound_acl) { + $unboundcfg .= "#{$unbound_acl['aclname']}\n"; + foreach($unbound_acl['row'] as $network) { + if ($unbound_acl['aclaction'] == "allow snoop") + $unbound_acl['aclaction'] = "allow_snoop"; + $unboundcfg .= "access-control: {$network['acl_network']}/{$network['mask']} {$unbound_acl['aclaction']}\n"; + } + } + // Write out Access list + file_put_contents("{$g['unbound_chroot_path']}/access_lists.conf", $unboundcfg); + } else + return; +} + ?>
\ No newline at end of file diff --git a/usr/local/www/services_unbound_acls.php b/usr/local/www/services_unbound_acls.php index 2bf4d53..08393ba 100644 --- a/usr/local/www/services_unbound_acls.php +++ b/usr/local/www/services_unbound_acls.php @@ -97,31 +97,35 @@ if ($_POST) { } if (!$input_errors) { - if ($pconfig['Submit'] == gettext("Save")) { - if (!$a_acls[$id]) - $a_acls[$id]['aclid'] = $id; - - if (isset($id) && $a_acls[$id]) { - $a_acls[$id]['aclid'] = $pconfig['aclid']; - $a_acls[$id]['aclname'] = $pconfig['aclname']; - $a_acls[$id]['aclaction'] = $pconfig['aclaction']; - $a_acls[$id]['description'] = $pconfig['description']; - $a_acls[$id]['row'] = array(); - foreach ($networkacl as $acl) - $a_acls[$id]['row'][] = $acl; - write_config(); - mark_subsystem_dirty("unbound"); - } + $acl_entry = array(); + $acl_entry['aclid'] = $pconfig['aclid']; + $acl_entry['aclname'] = $pconfig['aclname']; + $acl_entry['aclaction'] = $pconfig['aclaction']; + $acl_entry['description'] = $pconfig['description']; + $acl_entry['aclid'] = $pconfig['aclid']; + $acl_entry['row'] = array(); + foreach ($networkacl as $acl) + $acl_entry['row'][] = $acl; + + if (isset($id) && $a_acls[$id]) + $a_acls[$id] = $acl_entry; + else + $a_acls[] = $acl_entry; + + + mark_subsystem_dirty("unbound"); + write_config(); + pfSenseHeader("/services_unbound_acls.php"); exit; } if ($pconfig['apply']) { - clear_subsystem_dirty("unbound"); - $retval = 0; - $retval = services_unbound_configure(); - $savemsg = get_std_save_message($retval); + clear_subsystem_dirty("unbound"); + $retval = 0; + $retval = services_unbound_configure(); + $savemsg = get_std_save_message($retval); } } } |
