Commit 08a2e230 authored by Ad Schellevis's avatar Ad Schellevis Committed by Franco Fichtner

(unbound) get_interface_subnet(v6) can return null, ignore network in that case.

Eventually we should move this kind of "get all attached networks" to a single and simple function, which uses legacy_get_interface_addresses() underneath. but there's still too much obscure code in this region to remove it easily

(cherry picked from commit 86996d7b)
parent 9dd53b06
...@@ -707,15 +707,19 @@ function unbound_acls_config() { ...@@ -707,15 +707,19 @@ function unbound_acls_config() {
if (!empty($ifip)) { if (!empty($ifip)) {
$subnet_bits = get_interface_subnet($ubif); $subnet_bits = get_interface_subnet($ubif);
$subnet_ip = gen_subnet($ifip, $subnet_bits); $subnet_ip = gen_subnet($ifip, $subnet_bits);
if (!empty($subnet_bits) && !empty($subnet_ip)) {
$aclcfg .= "access-control: {$subnet_ip}/{$subnet_bits} allow\n"; $aclcfg .= "access-control: {$subnet_ip}/{$subnet_bits} allow\n";
} }
}
$ifip = get_interface_ipv6($ubif); $ifip = get_interface_ipv6($ubif);
if (!empty($ifip)) { if (!empty($ifip)) {
$subnet_bits = get_interface_subnetv6($ubif); $subnet_bits = get_interface_subnetv6($ubif);
$subnet_ip = gen_subnetv6($ifip, $subnet_bits); $subnet_ip = gen_subnetv6($ifip, $subnet_bits);
if (!empty($subnet_bits) && !empty($subnet_ip)) {
$aclcfg .= "access-control: {$subnet_ip}/{$subnet_bits} allow\n"; $aclcfg .= "access-control: {$subnet_ip}/{$subnet_bits} allow\n";
} }
} }
}
// Configure the custom ACLs // Configure the custom ACLs
if (isset($config['unbound']['acls'])) { if (isset($config['unbound']['acls'])) {
......
...@@ -348,15 +348,19 @@ include("head.inc"); ...@@ -348,15 +348,19 @@ include("head.inc");
if (!empty($ifip)) { if (!empty($ifip)) {
$subnet_bits = get_interface_subnet($ubif); $subnet_bits = get_interface_subnet($ubif);
$subnet_ip = gen_subnet($ifip, $subnet_bits); $subnet_ip = gen_subnet($ifip, $subnet_bits);
if (!empty($subnet_bits) && !empty($subnet_ip)) {
$automatic_allowed[] = "{$subnet_ip}/{$subnet_bits}"; $automatic_allowed[] = "{$subnet_ip}/{$subnet_bits}";
} }
}
$ifip = get_interface_ipv6($ubif); $ifip = get_interface_ipv6($ubif);
if (!empty($ifip)) { if (!empty($ifip)) {
$subnet_bits = get_interface_subnetv6($ubif); $subnet_bits = get_interface_subnetv6($ubif);
$subnet_ip = gen_subnetv6($ifip, $subnet_bits); $subnet_ip = gen_subnetv6($ifip, $subnet_bits);
if (!empty($subnet_bits) && !empty($subnet_ip)) {
$automatic_allowed[] = "{$subnet_ip}/{$subnet_bits}"; $automatic_allowed[] = "{$subnet_ip}/{$subnet_bits}";
} }
} }
}
foreach ($automatic_allowed as $network):?> foreach ($automatic_allowed as $network):?>
<tr> <tr>
<td><?=gettext("Internal");?></td> <td><?=gettext("Internal");?></td>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment