aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
authorStuart Cardall <developer@it-offshore.co.uk>2016-10-01 19:59:43 +0000
committerJakub Jirutka <jakub@jirutka.cz>2016-10-01 23:52:40 +0200
commit5ce0ba3d31b7caf4baf92973cb199acc08ee9512 (patch)
tree4ae11a3bdf86893473e39f2147bde32720433036 /main
parent76d2855e5af26bbd3a43ded9702c7cad5a526c66 (diff)
downloadaports-5ce0ba3d31b7caf4baf92973cb199acc08ee9512.tar.bz2
aports-5ce0ba3d31b7caf4baf92973cb199acc08ee9512.tar.xz
main/unbound: improve update-unbound-root-hints notes
iptables conntrack helpers are disabled by default: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=a9006892643a8f4e885b692de0708bcb35a7d530 Notes updated for making passive ftp work in update-unbound-root-hints.
Diffstat (limited to 'main')
-rw-r--r--main/unbound/APKBUILD8
-rw-r--r--main/unbound/update-unbound-root-hints4
2 files changed, 8 insertions, 4 deletions
diff --git a/main/unbound/APKBUILD b/main/unbound/APKBUILD
index d064ed8f69..1a7931f371 100644
--- a/main/unbound/APKBUILD
+++ b/main/unbound/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=unbound
pkgver=1.5.10
-pkgrel=0
+pkgrel=1
pkgdesc="Unbound is a validating, recursive, and caching DNS resolver"
pkgusers="unbound"
pkggroups="unbound"
@@ -97,19 +97,19 @@ migrate() {
md5sums="0a3a236811f1ab5c1dc31974fa74e047 unbound-1.5.10.tar.gz
0b8eea5cab939465cfde0ed0ebeed9a9 conf.patch
-af62d1646f55dffadfb7fb530f73f261 update-unbound-root-hints
+11b4fc8b45e5c6da5d41419da189b7f2 update-unbound-root-hints
5340681e5ec1a1fd47a0de27f5c03c21 migrate-dnscache-to-unbound
bd84dce11de35801683aaedc339c43ed root.hints
b98eded68339fc605ec7e6cbb50e5aa3 unbound.initd"
sha256sums="a39b8b4fcca2a2b35a2daa53fe35150cc3f09038dc9acede09c912fc248a9486 unbound-1.5.10.tar.gz
7399f4efd0ad3866065ef7003d4be891c80a00584f67dc10da9773bed194c63f conf.patch
-e8b9db1f72351f246504067400a4b5723910191acd7f8f4971d7590fb3a183c3 update-unbound-root-hints
+b5c90970f7642c3261483f6ffae42f8a76cefa9c5eb3f97e87e3be33b4d0def9 update-unbound-root-hints
582851b4017044d8642c42c5df09b27494c963e1eebb8be3373b2dbd168d0ac0 migrate-dnscache-to-unbound
8ae9842bf3376e1c18bee48d2b51ba57a97c442223660f34747d130c1aa44556 root.hints
d9997000449179dc16f5084bf061453faf09094f843acb1d163757f8000c0cd7 unbound.initd"
sha512sums="1c413886a12d4b626e03e076da6b9ccbcc8fd4769649fef8895eca74199bc22aec33c026e777524e8fe0327045a194f79b52282fe40674a9fb15cac58c4493f6 unbound-1.5.10.tar.gz
90faa8bf352132b63f6b33cd7d7cac164df331272568e7a442d92e021fcf727334f6e28c11ed211bcd3eb62aa606c110e4931b514fecf388d0fbea3810b7530a conf.patch
-56768138200dc62901142956953f0b46e8951c7ed97a3678ec604bb424bef07e35a3a0cc937d1880188ac76151e5a020ce4b802126c516b192843ed9b39d15c8 update-unbound-root-hints
+b16b7b15392c0d560718ee543f1eebc5617085fb30d61cddc20dd948bd8b1634ee5b2de1c9cb172a6c0d1c5bbaf98b6fd39816d39c72a43ff619455449e668ac update-unbound-root-hints
b26a13c1c88da9611a65705dc59f7233c5e0f6aced0d7d66c18536a969a2de627ca5d4bb55eedd81f2f040fa11bde48eaaeca2850f376e72e7a531678a259131 migrate-dnscache-to-unbound
0dca3470ed4ca9b76d6f47f5d20e92924e6648f0870d8594fe6735d8f1cdfeeee7296301066c2a8b2b94f7daed86c15efe00c301ca27e435e5dd2c85508dc9c8 root.hints
540e7a11fa5421e2d103c42d69faf1ba005adcadfac2f65091795a2f00e5b5acd1436b4d2adfe2bb0fdfcbfb44d0967d6bce87620c618549fcd7e32019040f29 unbound.initd"
diff --git a/main/unbound/update-unbound-root-hints b/main/unbound/update-unbound-root-hints
index 69c5e537da..ec7bb86079 100644
--- a/main/unbound/update-unbound-root-hints
+++ b/main/unbound/update-unbound-root-hints
@@ -3,6 +3,10 @@
# to allow passive ftp through a default deny iptables firewall:
# modprobe nf_conntrack_ftp
# echo nf_conntrack_ftp >> /etc/modules
+# enable helpers automatically via sysctl:
+# net.netfilter.nf_conntrack_helper = 1
+# OR enable manually for ftp only:
+# iptables -t raw -A PREROUTING -p tcp --dport 21 -j CT --helper ftp
check_format() {
# check that we have some ipv4 addresses and some '.' hints