From 04016fa47c18e2cc2f750ee2a90e116504169e92 Mon Sep 17 00:00:00 2001 From: Peter Carlson Date: Sun, 29 Jun 2025 08:16:50 -0700 Subject: [PATCH] Add RPZ local option (3276) --- .../mvc/app/controllers/OPNsense/Bind/forms/dnsbl.xml | 6 ++++++ .../src/opnsense/mvc/app/models/OPNsense/Bind/Dnsbl.xml | 4 ++++ .../src/opnsense/service/templates/OPNsense/Bind/named.conf | 2 +- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dnsbl.xml b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dnsbl.xml index 43785baa6c..53ca102d58 100644 --- a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dnsbl.xml +++ b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dnsbl.xml @@ -19,6 +19,12 @@ true List of domains to whitelist. It will add a entry for the domains itself and all sub domains. + + dnsbl.rpzlocal + + checkbox + This will enable a local RPZ Zone. + dnsbl.forcesafegoogle diff --git a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Dnsbl.xml b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Dnsbl.xml index 103db84e29..b3a501ad7a 100644 --- a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Dnsbl.xml +++ b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Dnsbl.xml @@ -40,6 +40,10 @@ N + + 0 + Y + 0 Y diff --git a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf index 6b833e19a9..7b2f049bd2 100644 --- a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf +++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf @@ -43,7 +43,7 @@ options { {% endif -%} {% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %} - response-policy { {% if helpers.exists('OPNsense.bind.dnsbl.type') and OPNsense.bind.dnsbl.type != '' %}zone "whitelist.localdomain"; zone "blacklist.localdomain";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafegoogle') and OPNsense.bind.dnsbl.forcesafegoogle == '1' %}zone "rpzgoogle";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeduckduckgo') and OPNsense.bind.dnsbl.forcesafeduckduckgo == '1' %}zone "rpzduckduckgo";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeyoutube') and OPNsense.bind.dnsbl.forcesafeyoutube == '1' %}zone "rpzyoutube";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcestrictbing') and OPNsense.bind.dnsbl.forcestrictbing == '1' %}zone "rpzbing";{% endif %} }; + response-policy { {% if helpers.exists('OPNsense.bind.dnsbl.type') and OPNsense.bind.dnsbl.type != '' %}zone "whitelist.localdomain"; zone "blacklist.localdomain";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafegoogle') and OPNsense.bind.dnsbl.forcesafegoogle == '1' %}zone "rpzgoogle";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeduckduckgo') and OPNsense.bind.dnsbl.forcesafeduckduckgo == '1' %}zone "rpzduckduckgo";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeyoutube') and OPNsense.bind.dnsbl.forcesafeyoutube == '1' %}zone "rpzyoutube";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcestrictbing') and OPNsense.bind.dnsbl.forcestrictbing == '1' %}zone "rpzbing";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.rpzlocal') and OPNsense.bind.dnsbl.rpzlocal == '1' %}zone "rpzlocal";{% endif %} }; {% endif %} {% if helpers.exists('OPNsense.bind.general.recursion') and OPNsense.bind.general.recursion != '' %}