diff options
Diffstat (limited to 'etc/inc/unbound.inc')
-rw-r--r-- | etc/inc/unbound.inc | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/etc/inc/unbound.inc b/etc/inc/unbound.inc index 7f34df6..3f79b62 100644 --- a/etc/inc/unbound.inc +++ b/etc/inc/unbound.inc @@ -622,11 +622,13 @@ function unbound_acls_config() { } $ifip = get_interface_ipv6($ubif); if (is_ipaddrv6($ifip)) { - $subnet_bits = get_interface_subnetv6($ubif); - $subnet_ip = gen_subnetv6($ifip, $subnet_bits); - // only add LAN-type interfaces - if (!interface_has_gateway($ubif)) - $aclcfg .= "access-control: {$subnet_ip}/{$subnet_bits} allow\n"; + if (!is_linklocal($ifip)) { + $subnet_bits = get_interface_subnetv6($ubif); + $subnet_ip = gen_subnetv6($ifip, $subnet_bits); + // only add LAN-type interfaces + if (!interface_has_gateway($ubif)) + $aclcfg .= "access-control: {$subnet_ip}/{$subnet_bits} allow\n"; + } // add for IPv6 static routes to local networks // for safety, we include only routes reachable on an interface with no // gateway specified - read: not an Internet connection. |