BIND 10 trac2066, updated. 83e0fb268518baeccd6ece9b1c252c01f6925aae [2066] docs/ACLs: Some examples and how to bindctl it

BIND 10 source code commits bind10-changes at lists.isc.org
Mon Aug 6 10:27:58 UTC 2012 

The branch, trac2066 has been updated
       via  83e0fb268518baeccd6ece9b1c252c01f6925aae (commit)
      from  f9abe2be61d8660f54e9b191940817093f3e902b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 83e0fb268518baeccd6ece9b1c252c01f6925aae
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date:   Mon Aug 6 12:01:11 2012 +0200

    [2066] docs/ACLs: Some examples and how to bindctl it

-----------------------------------------------------------------------

Summary of changes:
 doc/guide/bind10-guide.xml |   63 +++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 62 insertions(+), 1 deletion(-)

-----------------------------------------------------------------------
diff --git a/doc/guide/bind10-guide.xml b/doc/guide/bind10-guide.xml
index 0b97cc8..65606c3 100644
--- a/doc/guide/bind10-guide.xml
+++ b/doc/guide/bind10-guide.xml
@@ -1426,7 +1426,68 @@ TODO
 ]</screen>
         </para>
 
-        <!-- TODO: Two ways to express accept only from private ranges-->
+        <para>
+          Now we show two ways to accept only the queries from private ranges.
+          This is the same as rejecting anything that is outside.
+
+          <screen>[
+  {
+    "from": [
+      "10.0.0.0/8",
+      "172.16.0.0/12",
+      "192.168.0.0/16",
+      "fc00::/7"
+    ],
+    "action": "ACCEPT"
+  },
+  {
+    "action": "REJECT"
+  }
+]</screen>
+
+          <screen>[
+  {
+    "NOT": {
+       "ANY": [
+         {"from": "10.0.0.0/8"},
+         {"from": "172.16.0.0/12"},
+         {"from": "192.168.0.0/16"},
+         {"from": "fc00::/7"}
+       ]
+    },
+    "action": "REJECT"
+  },
+  {
+    "action": "ACCEPT"
+  }
+]</screen>
+        </para>
+      </section>
+
+      <section>
+        <title>Interaction with <command>bindctl</command></title>
+
+        <para>
+          Currently, <command>bindctl</command> has hard time coping with
+          the variable nature of the ACL syntax. This technical limitation
+          makes it impossible to edit parts of the entries. You need to
+          set the whole entry at once, providing the whole JSON value.
+        </para>
+
+        <para>
+          This limitation is planned to be solved soon at least partially.
+        </para>
+
+        <para>
+          You'd do something like this to create the second example.
+          Note that the whole JSON must be on a single line.
+
+          <screen>> <userinput>config add somewhere/acl</userinput>
+> <userinput>config set somewhere/acl[0] { "from": [ "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "fc00::/7" ], "action": "ACCEPT" }</userinput>
+> <userinput>config add somewhere/acl</userinput>
+> <userinput>config set somewhere/acl[1] { "action": "REJECT" }</userinput>
+> <userinput>config commit</userinput></screen>
+        </para>
       </section>
     </section>
   </chapter>

More information about the bind10-changes mailing list