Maintained by: NLnet Labs

[Unbound-users] access-control

Andreas Schulze
Tue Jan 29 14:56:17 CET 2013


Hello again,

while reading the manpage not all questions are answer to me...

# man unbound.conf
access-control:
 ...
 By default only localhost is allowed ...

I read it like "if you do not configure any access-control at all, then localhost is allowed,
all other addresses are refused"

Imagin this line:

	access-control: 192.0.2.0/24

Is access still allowed from localhost while not explicit declared?
Yes, I tried and it looks so.

 - This should be added to the documentation.
 - in this example 193.0.2.0/24 *is* refused
   but I have to write an explizit rule to *disallow* localhost

The manpage could be more precise here ...
Andreas


-- 
Andreas Schulze
Internetdienste | P252

DATEV eG
90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196
E-Mail info @datev.de | Internet www.datev.de
Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70
Vorstand
Prof. Dieter Kempf (Vorsitzender)
Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender)
Dipl.-Kfm. Michael Leistenschneider
Dipl.-Kfm. Dr. Robert Mayr
Jörg Rabe v. Pappenheim
Dipl.-Vw. Eckhard Schwarzer
Vorsitzender des Aufsichtsrates: Reinhard Verholen