diff options
| author | Chris Buechler <cmb@pfsense.org> | 2014-11-28 17:30:16 -0600 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2014-11-28 17:30:16 -0600 |
| commit | 5a663a5d56e019ab09750c1040aec832fdd4e480 (patch) | |
| tree | db6a2a9f67815e6442fe752722105b2a536507c3 /etc/inc/unbound.inc | |
| parent | 80075b9e87239ab3cfd8aa7d903fcc55e404b7f1 (diff) | |
| download | pfsense-5a663a5d56e019ab09750c1040aec832fdd4e480.zip pfsense-5a663a5d56e019ab09750c1040aec832fdd4e480.tar.gz | |
Skip v6 WANs in Unbound access-control. Ticket #4023
Diffstat (limited to 'etc/inc/unbound.inc')
| -rw-r--r-- | etc/inc/unbound.inc | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/etc/inc/unbound.inc b/etc/inc/unbound.inc index 6e19dd2..a2ecde2 100644 --- a/etc/inc/unbound.inc +++ b/etc/inc/unbound.inc @@ -619,7 +619,9 @@ function unbound_acls_config() { if (is_ipaddrv6($ifip)) { $subnet_bits = get_interface_subnetv6($ubif); $subnet_ip = gen_subnetv6($ifip, $subnet_bits); - $aclcfg .= "access-control: {$subnet_ip}/{$subnet_bits} allow\n"; + // only add LAN-type interfaces + if (!interface_has_gateway($ubif)) + $aclcfg .= "access-control: {$subnet_ip}/{$subnet_bits} allow\n"; // add for IPv6 static routes to local networks // for safety, we include only routes reachable on an interface with no // gateway specified - read: not an Internet connection. |
