diff options
author | Stuart Cardall <developer@it-offshore.co.uk> | 2016-10-01 19:59:43 +0000 |
---|---|---|
committer | Jakub Jirutka <jakub@jirutka.cz> | 2016-10-01 23:52:40 +0200 |
commit | 5ce0ba3d31b7caf4baf92973cb199acc08ee9512 (patch) | |
tree | 4ae11a3bdf86893473e39f2147bde32720433036 /main | |
parent | 76d2855e5af26bbd3a43ded9702c7cad5a526c66 (diff) | |
download | aports-5ce0ba3d31b7caf4baf92973cb199acc08ee9512.tar.bz2 aports-5ce0ba3d31b7caf4baf92973cb199acc08ee9512.tar.xz |
main/unbound: improve update-unbound-root-hints notes
iptables conntrack helpers are disabled by default:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=a9006892643a8f4e885b692de0708bcb35a7d530
Notes updated for making passive ftp work in update-unbound-root-hints.
Diffstat (limited to 'main')
-rw-r--r-- | main/unbound/APKBUILD | 8 | ||||
-rw-r--r-- | main/unbound/update-unbound-root-hints | 4 |
2 files changed, 8 insertions, 4 deletions
diff --git a/main/unbound/APKBUILD b/main/unbound/APKBUILD index d064ed8f69..1a7931f371 100644 --- a/main/unbound/APKBUILD +++ b/main/unbound/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=unbound pkgver=1.5.10 -pkgrel=0 +pkgrel=1 pkgdesc="Unbound is a validating, recursive, and caching DNS resolver" pkgusers="unbound" pkggroups="unbound" @@ -97,19 +97,19 @@ migrate() { md5sums="0a3a236811f1ab5c1dc31974fa74e047 unbound-1.5.10.tar.gz 0b8eea5cab939465cfde0ed0ebeed9a9 conf.patch -af62d1646f55dffadfb7fb530f73f261 update-unbound-root-hints +11b4fc8b45e5c6da5d41419da189b7f2 update-unbound-root-hints 5340681e5ec1a1fd47a0de27f5c03c21 migrate-dnscache-to-unbound bd84dce11de35801683aaedc339c43ed root.hints b98eded68339fc605ec7e6cbb50e5aa3 unbound.initd" sha256sums="a39b8b4fcca2a2b35a2daa53fe35150cc3f09038dc9acede09c912fc248a9486 unbound-1.5.10.tar.gz 7399f4efd0ad3866065ef7003d4be891c80a00584f67dc10da9773bed194c63f conf.patch -e8b9db1f72351f246504067400a4b5723910191acd7f8f4971d7590fb3a183c3 update-unbound-root-hints +b5c90970f7642c3261483f6ffae42f8a76cefa9c5eb3f97e87e3be33b4d0def9 update-unbound-root-hints 582851b4017044d8642c42c5df09b27494c963e1eebb8be3373b2dbd168d0ac0 migrate-dnscache-to-unbound 8ae9842bf3376e1c18bee48d2b51ba57a97c442223660f34747d130c1aa44556 root.hints d9997000449179dc16f5084bf061453faf09094f843acb1d163757f8000c0cd7 unbound.initd" sha512sums="1c413886a12d4b626e03e076da6b9ccbcc8fd4769649fef8895eca74199bc22aec33c026e777524e8fe0327045a194f79b52282fe40674a9fb15cac58c4493f6 unbound-1.5.10.tar.gz 90faa8bf352132b63f6b33cd7d7cac164df331272568e7a442d92e021fcf727334f6e28c11ed211bcd3eb62aa606c110e4931b514fecf388d0fbea3810b7530a conf.patch -56768138200dc62901142956953f0b46e8951c7ed97a3678ec604bb424bef07e35a3a0cc937d1880188ac76151e5a020ce4b802126c516b192843ed9b39d15c8 update-unbound-root-hints +b16b7b15392c0d560718ee543f1eebc5617085fb30d61cddc20dd948bd8b1634ee5b2de1c9cb172a6c0d1c5bbaf98b6fd39816d39c72a43ff619455449e668ac update-unbound-root-hints b26a13c1c88da9611a65705dc59f7233c5e0f6aced0d7d66c18536a969a2de627ca5d4bb55eedd81f2f040fa11bde48eaaeca2850f376e72e7a531678a259131 migrate-dnscache-to-unbound 0dca3470ed4ca9b76d6f47f5d20e92924e6648f0870d8594fe6735d8f1cdfeeee7296301066c2a8b2b94f7daed86c15efe00c301ca27e435e5dd2c85508dc9c8 root.hints 540e7a11fa5421e2d103c42d69faf1ba005adcadfac2f65091795a2f00e5b5acd1436b4d2adfe2bb0fdfcbfb44d0967d6bce87620c618549fcd7e32019040f29 unbound.initd" diff --git a/main/unbound/update-unbound-root-hints b/main/unbound/update-unbound-root-hints index 69c5e537da..ec7bb86079 100644 --- a/main/unbound/update-unbound-root-hints +++ b/main/unbound/update-unbound-root-hints @@ -3,6 +3,10 @@ # to allow passive ftp through a default deny iptables firewall: # modprobe nf_conntrack_ftp # echo nf_conntrack_ftp >> /etc/modules +# enable helpers automatically via sysctl: +# net.netfilter.nf_conntrack_helper = 1 +# OR enable manually for ftp only: +# iptables -t raw -A PREROUTING -p tcp --dport 21 -j CT --helper ftp check_format() { # check that we have some ipv4 addresses and some '.' hints |