Bug #4258
closed
DNS Resolver - auto-added access controls missing IPv6 subnets where "all" interfaces selected
Added by Kill Bill almost 10 years ago.
Updated almost 10 years ago.
Affected Architecture:
All
Description
IPv4 subnets are automagically added to /var/unbound/access_lists.conf; however this is not done with any of the IPv6 subnets defined for internal interfaces.
- Status changed from New to Feedback
- % Done changed from 0 to 100
- Subject changed from DNS Resolver - auto-added access controls missing IPv6 subnets to DNS Resolver - auto-added access controls missing IPv6 subnets where "all" interfaces selected
- Status changed from Feedback to Resolved
- Target version set to 2.2
- % Done changed from 100 to 0
updated subject to specific issue. Fixed
Ok, this works mostly fine, except that it misses OpenVPN's IPv6 (and probably IPsec as well, don't have IPv6 IPsec tunnel configured though.)
It only covers interfaces that are assigned and enabled plus static routes for IPv6. Manual entries will be required for other circumstances.
Kinda confused really what it covers now. It certainly is adding OpenVPN and IPSec IPv4 subnets to the ACL.
for v4, it uses the same source networks as it uses for outbound NAT auto rule generation, which is a diff process.
OK, lets call this fixed then. Thanks. :)
(Kinda inconsistent results, perhaps the VPN stuff would be worth a separate checkbox instead, but it certainly is not good time for similar nontrivial changes now.)
Also available in: Atom
PDF
Updated by 
Updated by Kill Bill