From: swoga Date: Mon, 24 Feb 2020 14:46:58 +0000 (+0100) Subject: Add docs for rmACL() X-Git-Tag: rec-4.4.0-alpha0~8^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F8856%2Fhead;p=thirdparty%2Fpdns.git Add docs for rmACL() --- diff --git a/pdns/dnsdistdist/docs/advanced/acl.rst b/pdns/dnsdistdist/docs/advanced/acl.rst index 4fd92a755a..9bb82b7f36 100644 --- a/pdns/dnsdistdist/docs/advanced/acl.rst +++ b/pdns/dnsdistdist/docs/advanced/acl.rst @@ -52,6 +52,13 @@ To add a new network range to the existing ACL, use :func:`addACL`: addACL('192.0.2.0/25') addACL('2001:db8::1') -- No netmask specified, only allow this address +To remove a previously added network range from the existing ACL, use :func:`rmACL`: + +.. code-block:: lua + + rmACL('192.0.2.0/25') + rmACL('2001:db8::1') -- No netmask specified, only remove this address + dnsdist also has the :func:`setACL` function that accepts a list of netmasks and resets the ACL to that list: diff --git a/pdns/dnsdistdist/docs/reference/config.rst b/pdns/dnsdistdist/docs/reference/config.rst index 7949cf2d6e..b10253b790 100644 --- a/pdns/dnsdistdist/docs/reference/config.rst +++ b/pdns/dnsdistdist/docs/reference/config.rst @@ -325,6 +325,19 @@ Access Control Lists :param str netmask: A CIDR netmask, e.g. ``"192.0.2.0/24"``. Without a subnetmask, only the specific address is allowed. +.. function:: rmACL(netmask) + + Remove a network from the existing ACL controlling which clients can send UDP, TCP, DNS over TLS and DNS over HTTPS queries. See :ref:`ACL` for more information. + This function only removes previously added entries, it does not remove subnets of entries. + + :param str netmask: A CIDR netmask, e.g. ``"192.0.2.0/24"``. Without a subnetmask, only the specific address is allowed. + + .. code-block:: lua + + addACL("192.0.2.0/24") -- for example add subnet to the ACL + rmACL("192.0.2.10") -- does NOT work, the ACL is unchanged + rmACL("192.0.2.0/24") -- does work, the exact match is removed from the ACL + .. function:: setACL(netmasks) Remove the existing ACL and add the netmasks from the table of those allowed to send UDP, TCP, DNS over TLS and DNS over HTTPS queries. See :ref:`ACL` for more information.