summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
Diffstat (limited to 'data')
-rw-r--r--data/templates/dns-forwarding/override.conf.j28
-rw-r--r--data/templates/dns-forwarding/recursor.conf.j24
-rw-r--r--data/templates/dns-forwarding/recursor.conf.lua.j22
-rw-r--r--data/templates/firewall/nftables-defines.j221
4 files changed, 32 insertions, 3 deletions
diff --git a/data/templates/dns-forwarding/override.conf.j2 b/data/templates/dns-forwarding/override.conf.j2
new file mode 100644
index 000000000..9d81a2977
--- /dev/null
+++ b/data/templates/dns-forwarding/override.conf.j2
@@ -0,0 +1,8 @@
+[Unit]
+ConditionPathExists={{ config_file }}
+After=vyos-router.service
+
+[Service]
+RuntimeDirectoryPreserve=yes
+ExecStart=
+ExecStart=/usr/sbin/pdns_recursor --daemon=no --write-pid=no --disable-syslog --log-timestamp=no --config-dir={{ config_dir }}
diff --git a/data/templates/dns-forwarding/recursor.conf.j2 b/data/templates/dns-forwarding/recursor.conf.j2
index 55b37732b..e4e8e7044 100644
--- a/data/templates/dns-forwarding/recursor.conf.j2
+++ b/data/templates/dns-forwarding/recursor.conf.j2
@@ -12,7 +12,7 @@ allow-from={{ allow_from | join(',') }}
log-common-errors=yes
non-local-bind=yes
query-local-address={{ source_address | join(',') }}
-lua-config-file=recursor.conf.lua
+lua-config-file={{ config_dir }}/recursor.conf.lua
# cache-size
max-cache-entries={{ cache_size }}
@@ -56,4 +56,4 @@ serve-rfc1918={{ 'no' if no_serve_rfc1918 is vyos_defined else 'yes' }}
# zones
auth-zones={% for z in authoritative_zones %}{{ z.name }}={{ z.file }}{{- "," if not loop.last -}}{% endfor %}
-forward-zones-file=recursor.forward-zones.conf
+forward-zones-file={{ config_dir }}/recursor.forward-zones.conf
diff --git a/data/templates/dns-forwarding/recursor.conf.lua.j2 b/data/templates/dns-forwarding/recursor.conf.lua.j2
index 816f69160..8026442c7 100644
--- a/data/templates/dns-forwarding/recursor.conf.lua.j2
+++ b/data/templates/dns-forwarding/recursor.conf.lua.j2
@@ -5,4 +5,4 @@
dofile("/usr/share/pdns-recursor/lua-config/rootkeys.lua")
-- Load lua from vyos-hostsd --
-dofile("recursor.vyos-hostsd.conf.lua")
+dofile("{{ config_dir }}/recursor.vyos-hostsd.conf.lua")
diff --git a/data/templates/firewall/nftables-defines.j2 b/data/templates/firewall/nftables-defines.j2
index a20c399ae..8a75ab2d6 100644
--- a/data/templates/firewall/nftables-defines.j2
+++ b/data/templates/firewall/nftables-defines.j2
@@ -98,5 +98,26 @@
}
{% endfor %}
{% endif %}
+
+{% if group.dynamic_group is vyos_defined %}
+{% if group.dynamic_group.address_group is vyos_defined and not is_ipv6 and is_l3 %}
+{% for group_name, group_conf in group.dynamic_group.address_group.items() %}
+ set DA_{{ group_name }} {
+ type {{ ip_type }}
+ flags dynamic, timeout
+ }
+{% endfor %}
+{% endif %}
+
+{% if group.dynamic_group.ipv6_address_group is vyos_defined and is_ipv6 and is_l3 %}
+{% for group_name, group_conf in group.dynamic_group.ipv6_address_group.items() %}
+ set DA6_{{ group_name }} {
+ type {{ ip_type }}
+ flags dynamic, timeout
+ }
+{% endfor %}
+{% endif %}
+{% endif %}
+
{% endif %}
{% endmacro %}