diff options
author | Chris Buechler <cmb@pfsense.org> | 2014-12-03 23:07:18 -0600 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2014-12-03 23:07:18 -0600 |
commit | 679c54fcee48cd3f054da4ebf0aabf2809571ce8 (patch) | |
tree | 690c8a8b023e8291a99aff754da008314af26911 /etc | |
parent | effb3a3cfe4e57b781f35ba8a145eb627014d8ce (diff) | |
parent | f302a333afbd3fee4d24aaa0a07c7d86a2b1b1ce (diff) | |
download | pfsense-679c54fcee48cd3f054da4ebf0aabf2809571ce8.zip pfsense-679c54fcee48cd3f054da4ebf0aabf2809571ce8.tar.gz |
Merge pull request #1360 from jean-m-cyr/master
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/unbound.inc | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/etc/inc/unbound.inc b/etc/inc/unbound.inc index 7f34df6..3f79b62 100644 --- a/etc/inc/unbound.inc +++ b/etc/inc/unbound.inc @@ -622,11 +622,13 @@ function unbound_acls_config() { } $ifip = get_interface_ipv6($ubif); if (is_ipaddrv6($ifip)) { - $subnet_bits = get_interface_subnetv6($ubif); - $subnet_ip = gen_subnetv6($ifip, $subnet_bits); - // only add LAN-type interfaces - if (!interface_has_gateway($ubif)) - $aclcfg .= "access-control: {$subnet_ip}/{$subnet_bits} allow\n"; + if (!is_linklocal($ifip)) { + $subnet_bits = get_interface_subnetv6($ubif); + $subnet_ip = gen_subnetv6($ifip, $subnet_bits); + // only add LAN-type interfaces + if (!interface_has_gateway($ubif)) + $aclcfg .= "access-control: {$subnet_ip}/{$subnet_bits} allow\n"; + } // add for IPv6 static routes to local networks // for safety, we include only routes reachable on an interface with no // gateway specified - read: not an Internet connection. |