From 328219c4b60b619ac0a08cd286cc19198b5c2253 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Tue, 3 Sep 2019 03:49:24 +0200
Subject: [PATCH] Support multiple networks for access to local resolver.

---
 conf/main_ipv4.conf.sample  | 21 ++++++++++++---------
 conf/main_ipv6.conf.sample  | 22 +++++++++++-----------
 conf/post_decalrations.conf |  8 ++++++++
 3 files changed, 31 insertions(+), 20 deletions(-)

diff --git a/conf/main_ipv4.conf.sample b/conf/main_ipv4.conf.sample
index 777b157..a2f3368 100644
--- a/conf/main_ipv4.conf.sample
+++ b/conf/main_ipv4.conf.sample
@@ -225,19 +225,22 @@ dns_server_ips=""
 forward_dns_server_ips=""
 
 
-# local Resolver
-#
+# - local DNS Resolver
+# -
 local_resolver_service=false
 
-# Resolover Port used by local service
-#
+# - Resolover Port used by local service
+# -
 resolver_port="$standard_dns_port"
 
-# Network allowed for DNS requests
-#
-# Note: if not set no port will be open!
-#
-resolver_allowed_net=""
+# - Network allowed for DNS requests
+# -
+# - Note: if not set no port will be open!
+# -
+# - Example:
+# -    resolver_allowed_networks="192.68.11.64/27 194.150.169.139"
+# -
+resolver_allowed_networks=""
 
 
 # - SSH Server
diff --git a/conf/main_ipv6.conf.sample b/conf/main_ipv6.conf.sample
index c25fd51..261ea32 100644
--- a/conf/main_ipv6.conf.sample
+++ b/conf/main_ipv6.conf.sample
@@ -241,22 +241,22 @@ dns_server_ips=""
 forward_dns_server_ips=""
 
 
-# local DNS Resolver
-#
+# - local DNS Resolver
+# -
 local_resolver_service=false
 
 # Resolover Port used by local service
-#
+# -
 resolver_port="$standard_dns_port"
 
-# Network allowed for DNS requests
-#
-# Note: if not set no port will be open!
-#
-# Example:
-#    resolver_allowed_net="2001:678:a40:3000::/64"
-#
-resolver_allowed_net=""
+# - Network allowed for DNS requests
+# -
+# - Note: if not set no port will be open!
+# -
+# - Example:
+# -    resolver_allowed_net="2001:678:a40:3000::/64 2001:678:a40:4000::/64"
+# -
+resolver_allowed_networks=""
 
 
 # - SSH Server
diff --git a/conf/post_decalrations.conf b/conf/post_decalrations.conf
index 0aa247e..89056af 100644
--- a/conf/post_decalrations.conf
+++ b/conf/post_decalrations.conf
@@ -144,6 +144,14 @@ for _ip in $forward_dns_server_ips ; do
    forward_dns_server_ip_arr+=("$_ip")
 done
 
+# ---
+# - Netwoks allowed access to local DNS Resolver
+# ---
+declare -a resolver_allowed_network_arr
+for _net in $resolver_allowed_networks ; do
+   resolver_allowed_network_arr+=("$_net")
+done
+
 # ---
 # - IP Addresses VPN Server
 # ---