xref: /freebsd/contrib/unbound/testdata/acl_interface.tdir/acl_interface.conf (revision 4b15965daa99044daf184221b7c283bf7f2d7e66) 
1server:
2	verbosity: 7
3	use-syslog: no
4	directory: ""
5	pidfile: "unbound.pid"
6	chroot: ""
7	username: ""
8	module-config: "respip validator iterator"  # respip for the RPZ part
9	do-not-query-localhost: no
10	use-caps-for-id: no
11	define-tag: "one two refuse rpz-one rpz-two rpz-nx"
12
13# Interface configuration for IPv4
14	interface: @IPV4_ADDR@@@PORT_ALLOW@
15	interface: @IPV4_ADDR@@@PORT_DENY@
16	interface: @IPV4_ADDR@@@PORT_REFUSE@
17	interface: @IPV4_ADDR@@@PORT_TAG_1@
18	interface: @IPV4_ADDR@@@PORT_TAG_2@
19	interface: @IPV4_ADDR@@@PORT_TAG_3@
20	interface: @IPV4_ADDR@@@PORT_RPZ_1@
21	interface: @IPV4_ADDR@@@PORT_RPZ_2@
22	interface: @IPV4_ADDR@@@PORT_RPZ_NX@
23	interface: @IPV4_ADDR@@@PORT_VIEW_INT@
24	interface: @IPV4_ADDR@@@PORT_VIEW_EXT@
25	interface: @IPV4_ADDR@@@PORT_VIEW_INTEXT@
26
27	interface-action: @IPV4_ADDR@@@PORT_ALLOW@ allow
28	interface-action: @IPV4_ADDR@@@PORT_DENY@ deny
29	# interface-action: @IPV4_ADDR@@@PORT_REFUSE@ refuse  # This is the default action
30	interface-action: @IPV4_ADDR@@@PORT_TAG_1@ allow
31	interface-action: @IPV4_ADDR@@@PORT_TAG_2@ allow
32	interface-action: @IPV4_ADDR@@@PORT_TAG_3@ allow
33	interface-action: @IPV4_ADDR@@@PORT_RPZ_1@ allow
34	interface-action: @IPV4_ADDR@@@PORT_RPZ_2@ allow
35	interface-action: @IPV4_ADDR@@@PORT_RPZ_NX@ allow
36	interface-action: @IPV4_ADDR@@@PORT_VIEW_INT@ allow
37	interface-action: @IPV4_ADDR@@@PORT_VIEW_EXT@ allow
38	interface-action: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ allow
39
40	interface-tag: @IPV4_ADDR@@@PORT_TAG_1@ "one"
41	interface-tag: @IPV4_ADDR@@@PORT_TAG_2@ "two"
42	interface-tag: @IPV4_ADDR@@@PORT_TAG_3@ "refuse"
43	interface-tag: @IPV4_ADDR@@@PORT_RPZ_1@ "rpz-one"
44	interface-tag: @IPV4_ADDR@@@PORT_RPZ_2@ "rpz-two"
45	interface-tag: @IPV4_ADDR@@@PORT_RPZ_NX@ "rpz-nx"
46	interface-tag-action: @IPV4_ADDR@@@PORT_TAG_1@ one redirect
47	interface-tag-data: @IPV4_ADDR@@@PORT_TAG_1@ one "A 1.1.1.1"
48	interface-tag-action: @IPV4_ADDR@@@PORT_TAG_2@ two redirect
49	interface-tag-data: @IPV4_ADDR@@@PORT_TAG_2@ two "A 2.2.2.2"
50	interface-tag-action: @IPV4_ADDR@@@PORT_TAG_3@ refuse always_refuse
51
52	interface-view: @IPV4_ADDR@@@PORT_VIEW_INT@ "int"
53	interface-view: @IPV4_ADDR@@@PORT_VIEW_EXT@ "ext"
54	interface-view: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ "intext"
55
56# Mirrored interface configuration for IPv6
57	interface: @IPV6_ADDR@@@PORT_ALLOW@
58	interface: @IPV6_ADDR@@@PORT_DENY@
59	interface: @IPV6_ADDR@@@PORT_REFUSE@
60	interface: @IPV6_ADDR@@@PORT_TAG_1@
61	interface: @IPV6_ADDR@@@PORT_TAG_2@
62	interface: @IPV6_ADDR@@@PORT_TAG_3@
63	interface: @IPV6_ADDR@@@PORT_RPZ_1@
64	interface: @IPV6_ADDR@@@PORT_RPZ_2@
65	interface: @IPV6_ADDR@@@PORT_RPZ_NX@
66	interface: @IPV6_ADDR@@@PORT_VIEW_INT@
67	interface: @IPV6_ADDR@@@PORT_VIEW_EXT@
68	interface: @IPV6_ADDR@@@PORT_VIEW_INTEXT@
69
70	interface-action: @IPV6_ADDR@@@PORT_ALLOW@ allow
71	interface-action: @IPV6_ADDR@@@PORT_DENY@ deny
72	# interface-action: @IPV6_ADDR@@@PORT_REFUSE@ refuse  # This is the default action
73	interface-action: @IPV6_ADDR@@@PORT_TAG_1@ allow
74	interface-action: @IPV6_ADDR@@@PORT_TAG_2@ allow
75	interface-action: @IPV6_ADDR@@@PORT_TAG_3@ allow
76	interface-action: @IPV6_ADDR@@@PORT_RPZ_1@ allow
77	interface-action: @IPV6_ADDR@@@PORT_RPZ_2@ allow
78	interface-action: @IPV6_ADDR@@@PORT_RPZ_NX@ allow
79	interface-action: @IPV6_ADDR@@@PORT_VIEW_INT@ allow
80	interface-action: @IPV6_ADDR@@@PORT_VIEW_EXT@ allow
81	interface-action: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ allow
82
83	interface-tag: @IPV6_ADDR@@@PORT_TAG_1@ "one"
84	interface-tag: @IPV6_ADDR@@@PORT_TAG_2@ "two"
85	interface-tag: @IPV6_ADDR@@@PORT_TAG_3@ "refuse"
86	interface-tag: @IPV6_ADDR@@@PORT_RPZ_1@ "rpz-one"
87	interface-tag: @IPV6_ADDR@@@PORT_RPZ_2@ "rpz-two"
88	interface-tag: @IPV6_ADDR@@@PORT_RPZ_NX@ "rpz-nx"
89	interface-tag-action: @IPV6_ADDR@@@PORT_TAG_1@ one redirect
90	interface-tag-data: @IPV6_ADDR@@@PORT_TAG_1@ one "A 1.1.1.1"
91	interface-tag-action: @IPV6_ADDR@@@PORT_TAG_2@ two redirect
92	interface-tag-data: @IPV6_ADDR@@@PORT_TAG_2@ two "A 2.2.2.2"
93	interface-tag-action: @IPV6_ADDR@@@PORT_TAG_3@ refuse always_refuse
94
95	interface-view: @IPV6_ADDR@@@PORT_VIEW_INT@ "int"
96	interface-view: @IPV6_ADDR@@@PORT_VIEW_EXT@ "ext"
97	interface-view: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ "intext"
98
99# Mirrored interface configuration for interface name
100	interface: @INTERFACE@@@PORT_ALLOW@
101	interface: @INTERFACE@@@PORT_DENY@
102	interface: @INTERFACE@@@PORT_REFUSE@
103	interface: @INTERFACE@@@PORT_TAG_1@
104	interface: @INTERFACE@@@PORT_TAG_2@
105	interface: @INTERFACE@@@PORT_TAG_3@
106	interface: @INTERFACE@@@PORT_RPZ_1@
107	interface: @INTERFACE@@@PORT_RPZ_2@
108	interface: @INTERFACE@@@PORT_RPZ_NX@
109	interface: @INTERFACE@@@PORT_VIEW_INT@
110	interface: @INTERFACE@@@PORT_VIEW_EXT@
111	interface: @INTERFACE@@@PORT_VIEW_INTEXT@
112
113	interface-action: @INTERFACE@@@PORT_ALLOW@ allow
114	interface-action: @INTERFACE@@@PORT_DENY@ deny
115	# interface-action: @INTERFACE@@@PORT_REFUSE@ refuse  # This is the default action
116	interface-action: @INTERFACE@@@PORT_TAG_1@ allow
117	interface-action: @INTERFACE@@@PORT_TAG_2@ allow
118	interface-action: @INTERFACE@@@PORT_TAG_3@ allow
119	interface-action: @INTERFACE@@@PORT_RPZ_1@ allow
120	interface-action: @INTERFACE@@@PORT_RPZ_2@ allow
121	interface-action: @INTERFACE@@@PORT_RPZ_NX@ allow
122	interface-action: @INTERFACE@@@PORT_VIEW_INT@ allow
123	interface-action: @INTERFACE@@@PORT_VIEW_EXT@ allow
124	interface-action: @INTERFACE@@@PORT_VIEW_INTEXT@ allow
125
126	interface-tag: @INTERFACE@@@PORT_TAG_1@ "one"
127	interface-tag: @INTERFACE@@@PORT_TAG_2@ "two"
128	interface-tag: @INTERFACE@@@PORT_TAG_3@ "refuse"
129	interface-tag: @INTERFACE@@@PORT_RPZ_1@ "rpz-one"
130	interface-tag: @INTERFACE@@@PORT_RPZ_2@ "rpz-two"
131	interface-tag: @INTERFACE@@@PORT_RPZ_NX@ "rpz-nx"
132	interface-tag-action: @INTERFACE@@@PORT_TAG_1@ one redirect
133	interface-tag-data: @INTERFACE@@@PORT_TAG_1@ one "A 1.1.1.1"
134	interface-tag-action: @INTERFACE@@@PORT_TAG_2@ two redirect
135	interface-tag-data: @INTERFACE@@@PORT_TAG_2@ two "A 2.2.2.2"
136	interface-tag-action: @INTERFACE@@@PORT_TAG_3@ refuse always_refuse
137
138	interface-view: @INTERFACE@@@PORT_VIEW_INT@ "int"
139	interface-view: @INTERFACE@@@PORT_VIEW_EXT@ "ext"
140	interface-view: @INTERFACE@@@PORT_VIEW_INTEXT@ "intext"
141
142# Interface with scope_id
143	interface: @INTERFACE@vlan50@@PORT_ALLOW@
144	interface: @INTERFACE@vlan51@@PORT_ALLOW@
145	interface-tag: @INTERFACE@vlan50@@PORT_ALLOW@ "one"
146	interface-tag: @INTERFACE@vlan51@@PORT_ALLOW@ "two"
147	interface-action: @INTERFACE@vlan50@@PORT_ALLOW@ allow
148	interface-action: @INTERFACE@vlan51@@PORT_ALLOW@ allow
149	local-zone: one.vtest. static
150	local-data: "one.vtest. A 1.1.1.1"
151	local-zone-tag: one.vtest. "one"
152	local-zone: two.vtest. static
153	local-data: "two.vtest. A 2.2.2.2"
154	local-zone-tag: two.vtest. "two"
155
156# Local zones configuration
157	local-zone: local. transparent
158	local-data: "local. A 0.0.0.0"
159	local-zone-tag: local. "one two refuse"
160
161# Views configuration
162view:
163	name: "int"
164	view-first: yes
165	local-zone: "." refuse
166	local-zone: "internal" transparent
167view:
168	name: "ext"
169	view-first: yes
170	local-zone: "internal" refuse
171view:
172	name: "intext"
173	view-first: yes
174
175# RPZ configuration
176rpz:
177	name: "rpz-one"
178	zonefile: "rpz-one.zone"
179	tags: "rpz-one"
180
181rpz:
182	name: "rpz-two"
183	zonefile: "rpz-two.zone"
184	tags: "rpz-two"
185
186rpz:
187	name: "rpz-nx"
188	zonefile: "rpz-nx.zone"
189	tags: "rpz-nx"
190
191# Stubs configuration
192forward-zone:
193	name: "."
194	forward-addr: @IPV4_ADDR@@@FORWARD_PORT@
195
196stub-zone:
197	name: "internal"
198	stub-addr: @IPV4_ADDR@@@STUB_PORT@
199