add unbound hookv1.3

1 files changed, 64 insertions, 0 deletions

diff --git a/unbound.sh b/unbound.sh
new file mode 100644
index 0000000..e5cd0a4
--- /dev/null
+++ b/unbound.sh
@@ -0,0 +1,64 @@
+# This source code is released into the public domain.
+#
+# The Unbound allow_ldap.conf is a list of "access-control: <prefix> allow".
+# We also generate private_ldap.conf, which is a list of
+# "private-address: <prefix>".  Usually these are used together to ensure that
+# public zones don't contain internal IP addresses.
+
+UNBOUND_ALLOW_FILE="/usr/local/etc/unbound/allow_ldap.conf"
+UNBOUND_ALLOW_TEMP="${UNBOUND_ALLOW_FILE}.ldaptmp"
+UNBOUND_PRIVATE_FILE="/usr/local/etc/unbound/private_ldap.conf"
+UNBOUND_PRIVATE_TEMP="${UNBOUND_PRIVATE_FILE}.ldaptmp"
+
+reload=no
+
+update_allow()
+{
+	if [ ! -f "$UNBOUND_ALLOW_FILE" ]; then
+		return 0
+	fi
+
+	awk <"$NETWORKS_FILE" >"$UNBOUND_ALLOW_TEMP" \
+		'{ print "access-control: " $1 " allow" }'
+
+	if cmp -s "$UNBOUND_ALLOW_TEMP" "$UNBOUND_ALLOW_FILE"; then
+		rm "$UNBOUND_ALLOW_TEMP"
+		return 0
+	fi
+
+	printf '%s updated:\n\n' "$UNBOUND_ALLOW_FILE"
+	diff "$UNBOUND_ALLOW_FILE" "$UNBOUND_ALLOW_TEMP"
+	printf '\n'
+
+	mv "$UNBOUND_ALLOW_TEMP" "$UNBOUND_ALLOW_FILE" 
+	reload=yes
+}
+
+update_private()
+{
+	if [ ! -f "$UNBOUND_PRIVATE_FILE" ]; then
+		return 0
+	fi
+
+	awk <"$NETWORKS_FILE" >"$UNBOUND_PRIVATE_TEMP" \
+		'{ print "private-address: " $1 }'
+
+	if cmp -s "$UNBOUND_PRIVATE_TEMP" "$UNBOUND_PRIVATE_FILE"; then
+		rm "$UNBOUND_PRIVATE_TEMP"
+		return 0
+	fi
+
+	printf '%s updated:\n\n' "$UNBOUND_PRIVATE_FILE"
+	diff "$UNBOUND_PRIVATE_FILE" "$UNBOUND_PRIVATE_TEMP"
+	printf '\n'
+
+	mv "$UNBOUND_PRIVATE_TEMP" "$UNBOUND_PRIVATE_FILE" 
+	reload=yes
+}
+
+update_allow
+update_private
+
+if [ $reload = yes ]; then
+	/usr/local/etc/rc.d/unbound reload
+fi