diff options
| author | Jean Cyr <jcyr@dillobits.com> | 2014-12-03 22:23:34 -0500 |
|---|---|---|
| committer | Jean Cyr <jcyr@dillobits.com> | 2014-12-03 22:23:34 -0500 |
| commit | f302a333afbd3fee4d24aaa0a07c7d86a2b1b1ce (patch) | |
| tree | 01d7769e69179846d8d270f3f35f1b754588c7dc /etc/inc/unbound.inc | |
| parent | e78509cc09e897ae6c56ee9a9f6cea93b0bdfdd6 (diff) | |
| download | pfsense-f302a333afbd3fee4d24aaa0a07c7d86a2b1b1ce.zip pfsense-f302a333afbd3fee4d24aaa0a07c7d86a2b1b1ce.tar.gz | |
Link local interfaces don't have subnet.. don't create access-control statement
Selecting link local interface for unbound causes invalid access-control
statement in unbound config since link local address doesn't have
subnet.
Diffstat (limited to 'etc/inc/unbound.inc')
| -rw-r--r-- | etc/inc/unbound.inc | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/etc/inc/unbound.inc b/etc/inc/unbound.inc index 7f34df6..3f79b62 100644 --- a/etc/inc/unbound.inc +++ b/etc/inc/unbound.inc @@ -622,11 +622,13 @@ function unbound_acls_config() { } $ifip = get_interface_ipv6($ubif); if (is_ipaddrv6($ifip)) { - $subnet_bits = get_interface_subnetv6($ubif); - $subnet_ip = gen_subnetv6($ifip, $subnet_bits); - // only add LAN-type interfaces - if (!interface_has_gateway($ubif)) - $aclcfg .= "access-control: {$subnet_ip}/{$subnet_bits} allow\n"; + if (!is_linklocal($ifip)) { + $subnet_bits = get_interface_subnetv6($ubif); + $subnet_ip = gen_subnetv6($ifip, $subnet_bits); + // only add LAN-type interfaces + if (!interface_has_gateway($ubif)) + $aclcfg .= "access-control: {$subnet_ip}/{$subnet_bits} allow\n"; + } // add for IPv6 static routes to local networks // for safety, we include only routes reachable on an interface with no // gateway specified - read: not an Internet connection. |
