RPZ based on destination
Tomas S.
tomas.simonaitis at gmail.com
Thu Sep 15 08:46:49 UTC 2022
Thanks George,
I've successfully compiled it and testing so far I see no issues.
P.S.
for other users,
make sure to take into account comment
"Note: any 'access-control*:' setting overrides all 'interface-*:"
the config:
interface: 192.168.0.1
interface: 192.168.0.2
define-tag: "malware"
interface-tag: 192.168.0.2 "malware"
access-control: 0.0.0.0/0 allow
rpz:
name: "malware.zone"
primary: 192.168.0.100
tags: "malware"
will not work as one might expect - the queries to 192.168.0.2 will not
use rpz.
You need something like this:
interface: 192.168.0.1
interface-action: 192.168.0.1 allow
interface: 192.168.0.2
interface-action: 192.168.0.2 allow
define-tag: "malware"
interface-tag: 192.168.0.2 "malware"
rpz:
name: "malware.zone"
primary: 192.168.0.100
tags: "malware"
On 2022-09-11 22:42, George Thessalonikefs via Unbound-users wrote:
> Hi Tomas,
>
> The PR is now ready (https://github.com/NLnetLabs/unbound/pull/753).
> I had to rebase (and force push) to the acl_interface branch, so if
> you were using that already a simple git pull will probably not work.
>
> Best regards,
> -- George
>
>
More information about the Unbound-users
mailing list