[backfire] merge r21523, r21871 & r22222

[openwrt-10.03/.git] / package / dnsmasq / files / dnsmasq.init

diff --git a/package/dnsmasq/files/dnsmasq.init b/package/dnsmasq/files/dnsmasq.init
index 15f856d4e58d7f80d1d3ac739f0c015381d8fa7a..4e0bbf9218f163af3051ec90556938daccc72d1b 100644 (file)
--- a/package/dnsmasq/files/dnsmasq.init
+++ b/package/dnsmasq/files/dnsmasq.init
@@ -99,6 +99,29 @@ dnsmasq() {
 
        config_get hostsfile "$cfg" dhcphostsfile
        [ -e "$hostsfile" ] && append args "--dhcp-hostsfile=$hostsfile"
+
+       local rebind
+       config_get_bool rebind "$cfg" rebind_protection 1
+       [ $rebind -gt 0 ] && {
+               logger -t dnsmasq \
+                       "DNS rebinding protection is active," \
+                       "will discard upstream RFC1918 responses!"
+               append args "--stop-dns-rebind"
+
+               local rebind_localhost
+               config_get_bool rebind_localhost "$cfg" rebind_localhost 0
+               [ $rebind_localhost -gt 0 ] && {
+                       logger -t dnsmasq "Allowing 127.0.0.0/8 responses"
+                       append args "--rebind-localhost-ok"
+               }
+
+               append_rebind_domain() {
+                       logger -t dnsmasq "Allowing RFC1918 responses for domain $1"
+                       append args "--rebind-domain-ok=$1"
+               }
+
+               config_list_foreach "$cfg" rebind_domain append_rebind_domain
+       }
 }
 
 dhcp_subscrid_add() {