#include "util/module.h"Data Structures | |
| struct | ipset_env |
| struct | ipset_qstate |
Functions | |
| int | ipset_startup (struct module_env *env, int id) |
| Startup the ipset module. | |
| void | ipset_destartup (struct module_env *env, int id) |
| Destartup the ipset module. | |
| int | ipset_init (struct module_env *env, int id) |
| Init the ipset module. | |
| void | ipset_deinit (struct module_env *env, int id) |
| Deinit the ipset module. | |
| void | ipset_operate (struct module_qstate *qstate, enum module_ev event, int id, struct outbound_entry *outbound) |
| Operate on an event on a query (in qstate). | |
| void | ipset_inform_super (struct module_qstate *qstate, int id, struct module_qstate *super) |
| Subordinate query done, inform this super request of its conclusion. | |
| void | ipset_clear (struct module_qstate *qstate, int id) |
| clear the ipset query-specific contents out of qstate | |
| size_t | ipset_get_mem (struct module_env *env, int id) |
| return memory estimate for ipset module | |
| struct module_func_block * | ipset_get_funcblock (void) |
| Get the function block with pointers to the ipset functions. More... | |
Author: Kevin Chou Email: k9982874@gmail.com
This file implements the ipset module. It can handle packets by putting the A and AAAA addresses that are configured in unbound.conf as type ipset (local-zone statements) into a firewall rule IPSet. For firewall blacklist and whitelist usage.
To use the IPset module, install the libmnl-dev (or libmnl-devel) package and configure with –enable-ipset. And compile. Then enable the ipset module in unbound.conf with module-config: "ipset validator iterator" then create it with ipset -N blacklist iphash and then add local-zone: "example.com." ipset statements for the zones where you want the addresses of the names looked up added to the set.
Set the name of the set with ipset: name-v4: "blacklist" name-v6: "blacklist6" in unbound.conf. The set can be used in this way: iptables -A INPUT -m set –set blacklist src -j DROP ip6tables -A INPUT -m set –set blacklist6 src -j DROP
| struct module_func_block* ipset_get_funcblock | ( | void | ) |
Get the function block with pointers to the ipset functions.
References ipset_block.
Referenced by module_funcs_avail().