diff options
author | Renato Botelho <renato@netgate.com> | 2017-05-15 10:14:59 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2017-05-15 10:14:59 -0300 |
commit | ad31954e1d8e396983df18728bf4a12f066bf5fc (patch) | |
tree | c3e2e6dd625f81e2c4bc324b4dda398e248c6424 /src | |
parent | 3000b44d3cd5d1ae222e93d85e02c24107c8091a (diff) | |
parent | ed8dbc04c1636c64ed4de1754c841e21e2a617d8 (diff) | |
download | pfsense-ad31954e1d8e396983df18728bf4a12f066bf5fc.zip pfsense-ad31954e1d8e396983df18728bf4a12f066bf5fc.tar.gz |
Merge pull request #3725 from sestary/master
Diffstat (limited to 'src')
-rw-r--r-- | src/etc/inc/system.inc | 9 | ||||
-rw-r--r-- | src/etc/inc/unbound.inc | 17 | ||||
-rw-r--r-- | src/usr/local/www/services_unbound_advanced.php | 17 |
3 files changed, 33 insertions, 10 deletions
diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index a557fa0..1fe07fb 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -489,7 +489,10 @@ function system_hosts_dhcpd_entries() { /* Concatenate local, dnsmasq/unbound and dhcpd/dhcpdv6 hosts entries */ function system_hosts_entries($dnscfg) { - $local = system_hosts_local_entries(); + $local = array(); + if (!isset($dnscfg['disable_auto_added_host_entries'])) { + $local = system_hosts_local_entries(); + } $dns = array(); $dhcpd = array(); @@ -1192,7 +1195,7 @@ EOD; } } } - + $syslogd_sockets = ""; foreach ($log_sockets as $log_socket) { // Ensure that the log directory exists @@ -2155,7 +2158,7 @@ function system_dmesg_save() { fclose($fd); unset($dmesg); - + // vm-bhyve expects dmesg.boot at the standard location @symlink("{$g['varlog_path']}/dmesg.boot", "{$g['varrun_path']}/dmesg.boot"); diff --git a/src/etc/inc/unbound.inc b/src/etc/inc/unbound.inc index 6b998df..428a523 100644 --- a/src/etc/inc/unbound.inc +++ b/src/etc/inc/unbound.inc @@ -539,14 +539,17 @@ function unbound_add_domain_overrides($pvt_rev="", $cfgsubdir = "") { function unbound_add_host_entries($cfgsubdir = "") { global $config, $g; - // Make sure the config setting is a valid unbound local zone type. If not use "transparent". - if (array_key_exists($config['unbound']['system_domain_local_zone_type'], unbound_local_zone_types())) { - $system_domain_local_zone_type = $config['unbound']['system_domain_local_zone_type']; - } else { - $system_domain_local_zone_type = "transparent"; - } + // Check if auto add host entries is not set + if (!isset($config['unbound']['disable_auto_added_host_entries'])) { + // Make sure the config setting is a valid unbound local zone type. If not use "transparent". + if (array_key_exists($config['unbound']['system_domain_local_zone_type'], unbound_local_zone_types())) { + $system_domain_local_zone_type = $config['unbound']['system_domain_local_zone_type']; + } else { + $system_domain_local_zone_type = "transparent"; + } - $unbound_entries = "local-zone: \"{$config['system']['domain']}\" {$system_domain_local_zone_type}\n"; + $unbound_entries = "local-zone: \"{$config['system']['domain']}\" {$system_domain_local_zone_type}\n"; + } $hosts = system_hosts_entries($config['unbound']); $added_ptr = array(); diff --git a/src/usr/local/www/services_unbound_advanced.php b/src/usr/local/www/services_unbound_advanced.php index c50d043..2d1a0dc 100644 --- a/src/usr/local/www/services_unbound_advanced.php +++ b/src/usr/local/www/services_unbound_advanced.php @@ -71,6 +71,10 @@ if (isset($config['unbound']['disable_auto_added_access_control'])) { $pconfig['disable_auto_added_access_control'] = true; } +if (isset($config['unbound']['disable_auto_added_host_entries'])) { + $pconfig['disable_auto_added_host_entries'] = true; +} + if (isset($config['unbound']['use_caps'])) { $pconfig['use_caps'] = true; } @@ -171,6 +175,12 @@ if ($_POST) { unset($config['unbound']['disable_auto_added_access_control']); } + if (isset($_POST['disable_auto_added_host_entries'])) { + $config['unbound']['disable_auto_added_host_entries'] = true; + } else { + unset($config['unbound']['disable_auto_added_host_entries']); + } + if (isset($_POST['use_caps'])) { $config['unbound']['use_caps'] = true; } else { @@ -350,6 +360,13 @@ $section->addInput(new Form_Checkbox( 'Allowed networks must be manually configured on the Access Lists tab if the auto-added entries are disabled.'); $section->addInput(new Form_Checkbox( + 'disable_auto_added_host_entries', + 'Disable Auto-added Host Entries', + 'Disable the automatically-added host entries', + $pconfig['disable_auto_added_host_entries'] +))->setHelp('By default, the primary IPv4 and IPv6 addresses of this firewall are added as records for the system domain of this firewall as configured in %1$sSystem: General Setup%2$s. This disables the auto generation of these entries.', '<a href="system.php">', '</a>'); + +$section->addInput(new Form_Checkbox( 'use_caps', 'Experimental Bit 0x20 Support', 'Use 0x-20 encoded random bits in the DNS query to foil spoofing attempts.', |