Commit aa78dee2 authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[2066] revised resolver ACL text per my own suggestion

parent a5c9a0e9
......@@ -2499,24 +2499,26 @@ what is XfroutClient xfr_client??
</para>
<para>
To allow queries on the "192.168.1.1" interface, these commands could be
issued. Note that we don't set the value of the third rule -- in the case
of resolver, rejecting all queries is the default value of new rule. And
that last final rule is not needed too, as the default, when a query falls
off the list, is rejection.
The following session is an example of extending the ACL to also
allow queries from 192.0.2.0/24:
<screen>
> <userinput>config show Resolver/query_acl</userinput>
Resolver/query_acl[0] {"action": "ACCEPT", "from": "127.0.0.1"} any (default)
Resolver/query_acl[1] {"action": "ACCEPT", "from": "::1"} any (default)
> <userinput>config add Resolver/query_acl</userinput>
> <userinput>config set Resolver/query_acl[2] {"action": "ACCEPT", "from": "192.168.1.1/24"}</userinput>
> <userinput>config set Resolver/query_acl[2] {"action": "ACCEPT", "from": "192.0.2.0/24"}</userinput>
> <userinput>config add Resolver/query_acl</userinput>
> <userinput>config show Resolver/query_acl</userinput>
Resolver/query_acl[0] {"action": "ACCEPT", "from": "127.0.0.1"} any (modified)
Resolver/query_acl[1] {"action": "ACCEPT", "from": "::1"} any (modified)
Resolver/query_acl[2] {"action": "ACCEPT", "from": "192.168.1.1/24"} any (modified)
Resolver/query_acl[2] {"action": "ACCEPT", "from": "192.0.2.0/24"} any (modified)
Resolver/query_acl[3] {"action": "REJECT"} any (modified)
> <userinput>config commit</userinput></screen>
Note that we didn't set the value of the last final rule
(query_acl[3]) -- in the case of resolver, rejecting all queries is
the default value of a new rule. In fact, this rule can even be
omitted completely, as the default, when a query falls off the list,
is rejection.
</para>
</section>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment