diff --git a/src/etc/filter_geoip.conf b/src/etc/filter_geoip.conf new file mode 100644 index 000000000..7bfab416d --- /dev/null +++ b/src/etc/filter_geoip.conf @@ -0,0 +1,2 @@ +[settings] +url=https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country-CSV&license_key=LOsihUK2tzDT6JOg&suffix=zip diff --git a/src/etc/filter_tables.conf b/src/etc/filter_tables.conf new file mode 100644 index 000000000..124616a0a --- /dev/null +++ b/src/etc/filter_tables.conf @@ -0,0 +1,294 @@ + + + 1 + + + CH + CH + geoip +
CH
+ IPv4 + 86400 +
+ + EasyRuleBlockHostsOPT1 + Hosts blocked from Firewall Log view + network +
10.37.129.2/32 +2001:db8::2:1/24
+
+ + ext_test + ext_test + external +
+ + ExternalIPs + ExternalIPs_desc + host +
10.0.0.1 +10.0.0.2
+ 300 +
+ + meuk987 + meuk987 + host +
www.nu.nl +10.11.2.1 +10.11.2.2 +test.meuk
+ 300 +
+ + meuk99999 + meuk99999 + host +
meuk987 +spamhaus
+ 300 +
+ + meuk999991 + meuk999991 + host +
meuk99999
+ 300 +
+ + range_test + test + network +
192.168.1.10-192.168.1.20 +192.168.1.11
+
+ + recursionA + recursionA + host +
10.0.0.1 +recursionC
+ 300 +
+ + recursionB + recursionB + host +
10.0.0.2 +recursionA
+ 300 +
+ + recursionC + test + host +
recursionA +recursionB
+ 300 +
+ + spamhaus + spamhaus + urltable +
+ 3600.0 +
+ + telegram + telegram + host +
149.154.167.91
+ 300 +
+ + test + test + host +
10.211.55.22 +10.211.55.101 +10.211.55.102
+ 300 +
+ + test05465 + jhg + host +
www.ad.nl +1.1.1.1 +www.nu.nl +192.168.1.200
+ 300 +
+ + test999 + gafdshgasfdhgx + url +
+
+ + test_external + test ext + external +
+ + test_geoip + geoip + geoip +
AO +BJ +AL +DE +LU +AX
+ IPv4,IPv6 + 86400 +
+ + TEST_LAN_1 + TEST_LAN_1 + network +
192.168.1.0/24
+
+ + TEST_LAN_2 + TEST_LAN_2 + network +
192.168.2.0/24
+
+ + TEST_LAN_3 + TEST_LAN_3 + network +
192.168.3.0/24
+
+ + TEST_LAN_4 + TEST_LAN_4 + network +
192.168.4.0/24
+
+ + TEST_LAN_5x + TEST_LAN_5 + network +
192.168.0.5/24
+
+ + TEST_LAN_x + TEST_LAN_x + network +
TEST_LAN_2 +TEST_LAN_3 +TEST_LAN_4 +8.8.8.8 +192.168.1.200/32
+
+ + test_range000 + test_range000 + network +
192.168.0.1-192.168.0.100 +EasyRuleBlockHostsOPT1 +10.0.0.0/24 +10.0.0.1
+
+ + test_url + test_url + urltable +
+ 129600.0 +
+ + testimport + testimport_desc + network +
10.0.0.0/24 +10.1.0.0/24 +10.2.0.0/24
+
+ + testURLtable + testURLtable + urltable +
+ 86400.0 +
+ + xxxgeo_ipv4_ipv6 + xxxgeo_ipv4_ipv6 + geoip +
DZ +BW
+ IPv4,IPv6 + 86400 +
+ + xxx + xxx + host +
192.168.1.1
+ 300 +
+ + test_urlX + test_url + urltable +
+ 360.0 +
+ + test_hostnam + test + host +
test-domain
+ 300 +
+ + test_large_url_alias + test_large_url_alias + urltable + https://10.37.132.100/attacks.netset + 86400.0 +
+ + lux + lux + geoip +
LU
+ IPv4,IPv6 + 86400 +
+ + my_very_large_alias + my_very_large_alias + geoip +
+ 86400 +
+ + myalias + myalias + host +
200.200.200.207 +200.200.200.201 +200.200.200.203 +200.200.200.210 +200.200.200.199 +200.200.200.189
+ 300 +
+ + hostonly_net + hostonly_net + network +
10.37.132.0/24
+
+ + YT4services + + host +
1.1.1.1
+ 300 +
+ diff --git a/src/etc/inc/plugins.inc.d/dnsmasq.inc b/src/etc/inc/plugins.inc.d/dnsmasq.inc index 82e490dde..5cd87a52d 100644 --- a/src/etc/inc/plugins.inc.d/dnsmasq.inc +++ b/src/etc/inc/plugins.inc.d/dnsmasq.inc @@ -263,26 +263,19 @@ function _dnsmasq_add_host_entries() if (!$host['ipaddrv6'] || !$host['hostname']) { continue; } - $domain = $config['system']['domain']; - // set domain to first entry of host's domain search list - if ($host['domainsearchlist']) { - $domain_array=preg_split("/[ ;]+/",$host['domainsearchlist']); - $domain = $domain_array[0]; - // backward compatibilty: 'domain' was replaced by 'domainsearchlist' - // in dhcpv6 static mappings, but may still exist in older configs - } elseif ($host['domain']) { + // XXX: dhcpdv6 domain entries have been superseded by domainsearchlist, + // for backward compatibilty support both here. + if (!empty($host['domainsearchlist'])) { + $domain = $host['domainsearchlist']; + } elseif (!empty($host['domain'])) { $domain = $host['domain']; - // set domain to first entry of interface's domain search list - } elseif ($dhcpifconf['domainsearchlist']) { - $domain_array=preg_split("/[ ;]+/",$dhcpifconf['domainsearchlist']); - $domain = $domain_array[0]; - // backward compatibilty: 'domain' was removed from dhcpv6 - // interface settings, but may still exist in older configs - } elseif ($dhcpifconf['domain']) { + } elseif (!empty($dhcpifconf['domainsearchlist'])) { + $domain = $dhcpifconf['domainsearchlist']; + } elseif (!empty($dhcpifconf['domain'])) { $domain = $dhcpifconf['domain']; } - + $domain = explode(";", $domain)[0]; // XXX: first entry of domainsearchlist $dhosts .= "{$host['ipaddrv6']}\t{$host['hostname']}.{$domain} {$host['hostname']}\n"; } } diff --git a/src/etc/inc/plugins.inc.d/unbound.inc b/src/etc/inc/plugins.inc.d/unbound.inc index 88ba55c3d..324a985f7 100644 --- a/src/etc/inc/plugins.inc.d/unbound.inc +++ b/src/etc/inc/plugins.inc.d/unbound.inc @@ -680,24 +680,18 @@ function unbound_add_host_entries() } $domain = $config['system']['domain']; - // set domain to first entry of host's domain search list - if ($host['domainsearchlist']) { - $domain_array=preg_split("/[ ;]+/",$host['domainsearchlist']); - $domain = $domain_array[0]; - // backward compatibilty: 'domain' was replaced by 'domainsearchlist' - // in dhcpv6 static mappings, but may still exist in older configs - } elseif ($host['domain']) { + // XXX: dhcpdv6 domain entries have been superseded by domainsearchlist, + // for backward compatibilty support both here. + if (!empty($host['domainsearchlist'])) { + $domain = $host['domainsearchlist']; + } elseif (!empty($host['domain'])) { $domain = $host['domain']; - // set domain to first entry of interface's domain search list - } elseif ($dhcpifconf['domainsearchlist']) { - $domain_array=preg_split("/[ ;]+/",$dhcpifconf['domainsearchlist']); - $domain = $domain_array[0]; - // backward compatibilty: 'domain' was removed from dhcpv6 - // interface settings, but may still exist in older configs - } elseif ($dhcpifconf['domain']) { + } elseif (!empty($dhcpifconf['domainsearchlist'])) { + $domain = $dhcpifconf['domainsearchlist']; + } elseif (!empty($dhcpifconf['domain'])) { $domain = $dhcpifconf['domain']; } - + $domain = explode(";", $domain)[0]; // XXX: first entry of domainsearchlist $unbound_entries .= "local-data-ptr: \"{$host['ipaddrv6']} {$host['hostname']}.{$domain}\"\n"; $unbound_entries .= "local-data: \"{$host['hostname']}.{$domain} IN AAAA {$host['ipaddrv6']}\"\n"; if (!empty($host['descr']) && $unboundcfg['txtsupport'] == 'on') {