diff options
| author | Warren Baker <warren@decoy.co.za> | 2014-01-29 21:51:33 +0200 |
|---|---|---|
| committer | Warren Baker <warren@decoy.co.za> | 2014-01-29 21:51:33 +0200 |
| commit | 8fccab671fdade6b67cba2b5523ae2591f1d7425 (patch) | |
| tree | 5b103ee2aac59161b2b82f4f7c2a96114851f7d1 /etc/inc | |
| parent | 519597bcb1c34f44b03726c34bb4337f03e7ddd3 (diff) | |
| download | pfsense-8fccab671fdade6b67cba2b5523ae2591f1d7425.zip pfsense-8fccab671fdade6b67cba2b5523ae2591f1d7425.tar.gz | |
Make sure ACLs are saved correctly
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/unbound.inc | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/etc/inc/unbound.inc b/etc/inc/unbound.inc index 8fcf7b0..008f845 100644 --- a/etc/inc/unbound.inc +++ b/etc/inc/unbound.inc @@ -133,14 +133,17 @@ EOF; } // Configure static Host entries - $host_entries = unbound_add_host_entries(); + unbound_add_host_entries(); // Configure Domain Overrides - $domain_overrides = unbound_add_domain_overrides(); + unbound_add_domain_overrides(); // Configure Unbound statistics $statistics = unbound_statistics(); + // Configure Unbound access-lists + unbound_acls_config(); + // Add custom Unbound options if ($config['unbound']['custom_options']) { $custom_option = "# Unbound custom option"; @@ -322,8 +325,8 @@ function sync_unbound_service() { function unbound_acl_id_used($id) { global $config; - if (is_array($config['installedpackages']['unboundacls']['config'])) - foreach ($config['installedpackages']['unboundacls']['config'] as & $acls) + if (is_array($config['unbound']['acls'])) + foreach($config['unbound']['acls'] as & $acls) if ($id == $acls['aclid']) return true; @@ -585,4 +588,25 @@ EOF; return $stats; } +// Unbound Access lists +function unbound_acls_config() { + global $config; + + // Configure the ACLs + if (is_array($config['unbound']['acls'])) { + $unboundcfg = ""; + foreach($config['unbound']['acls'] as $unbound_acl) { + $unboundcfg .= "#{$unbound_acl['aclname']}\n"; + foreach($unbound_acl['row'] as $network) { + if ($unbound_acl['aclaction'] == "allow snoop") + $unbound_acl['aclaction'] = "allow_snoop"; + $unboundcfg .= "access-control: {$network['acl_network']}/{$network['mask']} {$unbound_acl['aclaction']}\n"; + } + } + // Write out Access list + file_put_contents("{$g['unbound_chroot_path']}/access_lists.conf", $unboundcfg); + } else + return; +} + ?>
\ No newline at end of file |
