Project

General

Profile

« Previous | Next » 

Revision 720aab15

Added by Viktor Gurov about 5 years ago

OpenVPN/IPsec IPv6 prefix in DNS Resolver access list. Issue #10460

(cherry picked from commit 79eef195a77d7c05628adaa7418d748c05d862a8)

View differences:

src/etc/inc/unbound.inc
889 889 
			}
890 890 
		}
891 891 

  		




  
  892
  
    
		// OpenVPN IPv6 Tunnel Networks


  		




  
  893
  
    
		foreach (array('openvpn-client', 'openvpn-server') as $ovpnentry) {


  		




  
  894
  
    
			if (is_array($config['openvpn'][$ovpnentry])) {


  		




  
  895
  
    
				foreach ($config['openvpn'][$ovpnentry] as $ovpnent) {


  		




  
  896
  
    
					if (!isset($ovpnent['disable']) && !empty($ovpnent['tunnel_networkv6'])) {


  		




  
  897
  
    
						$aclcfg .= "access-control: {$ovpnent['tunnel_networkv6']} allow\n";


  		




  
  898
  
    
					}


  		




  
  899
  
    
				}


  		




  
  900
  
    
			}


  		




  
  901
  
    
		}


  		




  
  902
  
    
		// IPsec Mobile Virtual IPv6 Address Pool


  		




  
  903
  
    
		if ((isset($config['ipsec']['client']['enable'])) &&


  		




  
  904
  
    
		    (!empty($config['ipsec']['client']['pool_address_v6'])) &&


  		




  
  905
  
    
		    (!empty($config['ipsec']['client']['pool_netbits_v6']))) {


  		




  
  906
  
    
			$aclcfg .= "access-control: {$config['ipsec']['client']['pool_address_v6']}/{$config['ipsec']['client']['pool_netbits_v6']} allow\n";


  		




  
  907
  
    
		}


  		




  
  908
  
    

  		




  892
  909
  
    
		// Generate IPv4 access-control entries using the same logic as automatic outbound NAT


  		




  893
  910
  
    
		if (empty($FilterIflist)) {


  		




  894
  911
  
    
			filter_generate_optcfg_array();


  		












Also available in:  Unified diff