end
end
+local __policy_pass = {}
+local __policy_deny = {}
+
+function config.load_rpz_workaround()
+ local names_pass = {}
+ local names_deny = {}
+
+ -- Clear any previous rules
+ if __policy_pass then
+ policy.del(__policy_pass.id)
+ __policy_pass = {}
+ end
+
+ if __policy_deny then
+ policy.del(__policy_deny.id)
+ __policy_deny = {}
+ end
+
+ local f = csv.open("/var/ipfire/dns/custom_domains", { separator = "," })
+ if f then
+ -- Append all entries
+ for fields in f:lines() do
+ local name, status = unpack(fields)
+ local redirect
+
+ if status == "allowed" then
+ table.insert(names_pass, name)
+ elseif status == "blocked" then
+ table.insert(names_deny, name)
+ end
+ end
+
+ -- Add allowed names
+ if names_pass then
+ __policy_pass = policy.add(
+ policy.suffix(
+ policy.PASS,
+ policy.todnames(names_pass)
+ )
+ )
+ end
+
+ -- Add denied names
+ if names_deny then
+ __policy_deny = policy.add(
+ policy.suffix(
+ policy.DENY,
+ policy.todnames(names_deny)
+ )
+ )
+ end
+ end
+end
+
return config
-- Load DHCP Leases Lookup
config.load_leases()
+ -- Load custom RPZ allowlist workaround
+ config.load_rpz_workaround()
+
-- Load Forwarders
config.load_forwarders(settings)
projects / ipfire-2.x.git / commitdiff
