[Pdns-users] Proxy mapped address used for allow-from
Robby Pedrica
rpedrica at gmail.com
Fri Jan 27 08:30:56 UTC 2023
>
> > 1. accurately enable ACLs via allow-from
>
> As far as I know, the ACL are checked accurately, i.e. as defined in
> the docs.
>
> > 2. use proxy-mapped public address from addProxyMapping for ecs/edns
> queries
> >
> > Currently, the proxy mapped address is being used to match against
> > allow-from rather than the source/original address.
>
> I have the feeling there is some form of miscommunication going on.
>
> As documented, see:
>
> "M is used for incoming ACL checking (allow-from) and to determine the
> ECS processing (ecs-add-for)."
>
> where M is "the source address mapped by Table Based Proxy Mapping" in
>
>
> https://docs.powerdns.com/recursor/lua-config/proxymapping.html#table-based-proxy-mapping
>
> The first section of the page tries to explain what address is used in
> what circumstances.
>
> The point of proxyMapping is to use the mapped address as ECS and for
> ACL checking.
>
> If that is not what you want, maybe proxyMapping is not the answer to
> your question?
>
> -Otto
>
Hi Otto,
This is a perfect explanation and understood now.
Thanks for your assistance
Regards, Robby
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20230127/9ee119a9/attachment.htm>
More information about the Pdns-users
mailing list