unbound: Allow recursion from everywhere

Users use the IPFire DNS service from VPNs and other
routed networks.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

config/rootfiles/core/107/update.sh

@@ -138,6 +138,7 @@ esac
 tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
 
 # Remove some old files
+rm -f /etc/unbound/interfaces.conf
 
 # update linker config
 ldconfig

config/unbound/unbound.conf

@@ -62,21 +62,15 @@ server:
 	use-caps-for-id: no
 
 	# Listen on all interfaces
+	interface-automatic: no
 	interface: 0.0.0.0
 
-	# Deny access from everywhere
-	access-control: 0.0.0.0/0 refuse
-
-	# Allow access from localhost
-	access-control: 127.0.0.0/8 allow
+	# Allow access from everywhere
+	access-control: 0.0.0.0/0 allow
 
 	# Bootstrap root servers
 	root-hints: "/etc/unbound/root.hints"
 
-	# IPFire interface configuration
-	include: "/etc/unbound/interfaces.conf"
-	interface-automatic: no
-
 	# Include DHCP leases
 	include: "/etc/unbound/dhcp-leases.conf"
 

src/initscripts/init.d/unbound

@@ -147,23 +147,6 @@ update_hosts() {
 	done < /var/ipfire/main/hosts
 }
 
-write_interfaces_conf() {
-	(
-		config_header
-
-		# 1.1.1.1 is reserved for unused green
-		if [ -n "${GREEN_ADDRESS}" -a "${GREEN_ADDRESS}" != "1.1.1.1" ]; then
-			echo "# allow access from GREEN"
-			echo "access-control: $(cidr ${GREEN_NETADDRESS} ${GREEN_NETMASK}) allow"
-		fi
-
-		if [ -n "${BLUE_ADDRESS}" ]; then
-			echo "# allow access from  BLUE"
-			echo "access-control: $(cidr ${BLUE_NETADDRESS} ${BLUE_NETMASK}) allow"
-		fi
-	) > /etc/unbound/interfaces.conf
-}
-
 write_forward_conf() {
 	(
 		config_header
@@ -351,7 +334,6 @@ case "$1" in
 
 		# Update configuration files
 		write_tuning_conf
-		write_interfaces_conf
 		write_forward_conf
 
 		boot_mesg "Starting Unbound DNS Proxy..."