diff options
Diffstat (limited to 'src/option.c')
-rw-r--r-- | src/option.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/option.c b/src/option.c index b898231..e8ef5fa 100644 --- a/src/option.c +++ b/src/option.c @@ -144,6 +144,7 @@ struct myoption { #define LOPT_REV_SERV 332 #define LOPT_SERVERS_FILE 333 #define LOPT_DNSSEC_CHECK 334 +#define LOPT_LOCAL_SERVICE 335 #ifdef HAVE_GETOPT_LONG static const struct option opts[] = @@ -175,6 +176,7 @@ static const struct myoption opts[] = { "domain-suffix", 1, 0, 's' }, { "interface", 1, 0, 'i' }, { "listen-address", 1, 0, 'a' }, + { "local-service", 0, 0, LOPT_LOCAL_SERVICE }, { "bogus-priv", 0, 0, 'b' }, { "bogus-nxdomain", 1, 0, 'B' }, { "selfmx", 0, 0, 'e' }, @@ -448,6 +450,7 @@ static struct { { LOPT_QUIET_DHCP, OPT_QUIET_DHCP, NULL, gettext_noop("Do not log routine DHCP."), NULL }, { LOPT_QUIET_DHCP6, OPT_QUIET_DHCP6, NULL, gettext_noop("Do not log routine DHCPv6."), NULL }, { LOPT_QUIET_RA, OPT_QUIET_RA, NULL, gettext_noop("Do not log RA."), NULL }, + { LOPT_LOCAL_SERVICE, OPT_LOCAL_SERVICE, NULL, gettext_noop("Accept queries only from directly-connected networks"), NULL }, { 0, 0, NULL, NULL, NULL } }; @@ -4457,6 +4460,11 @@ void read_opts(int argc, char **argv, char *compile_opts) else if (option_bool(OPT_DHCP_FQDN)) die(_("there must be a default domain when --dhcp-fqdn is set"), NULL, EC_BADCONF); + /* If there's access-control config, then ignore --local-service, it's intended + as a system default to keep otherwise unconfigured installations safe. */ + if (daemon->if_names || daemon->if_except || daemon->if_addrs || daemon->authserver) + reset_option_bool(OPT_LOCAL_SERVICE); + if (testmode) { fprintf(stderr, "dnsmasq: %s.\n", _("syntax check OK")); |