From f6332a43c35387c4a2dea1746be5fd092890ae0e Mon Sep 17 00:00:00 2001 From: davidovski Date: Mon, 27 Jun 2022 23:09:07 +0100 Subject: added lf and iptables --- repo/dnsmasq/dnsmasq.conf.patch | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 repo/dnsmasq/dnsmasq.conf.patch (limited to 'repo/dnsmasq/dnsmasq.conf.patch') diff --git a/repo/dnsmasq/dnsmasq.conf.patch b/repo/dnsmasq/dnsmasq.conf.patch new file mode 100644 index 0000000..e3d7df4 --- /dev/null +++ b/repo/dnsmasq/dnsmasq.conf.patch @@ -0,0 +1,38 @@ +--- a/dnsmasq.conf.example ++++ b/dnsmasq.conf.example +@@ -21,8 +21,8 @@ + #bogus-priv + + # Uncomment these to enable DNSSEC validation and caching: +-# (Requires dnsmasq to be built with DNSSEC option.) +-#conf-file=%%PREFIX%%/share/dnsmasq/trust-anchors.conf ++# (Requires dnsmasq-dnssec package to be installed) ++#conf-file=/usr/share/dnsmasq/trust-anchors.conf + #dnssec + + # Replies which are not DNSSEC signed may be legitimate, because the domain +@@ -96,9 +96,13 @@ + + # If you want dnsmasq to change uid and gid to something other + # than the default, edit the following lines. +-#user= +-#group= ++#user=dnsmasq ++#group=dnsmasq + ++# Serve DNS and DHCP only to networks directly connected to this machine. ++# Any interface= line will override it. ++local-service ++ + # If you want dnsmasq to listen for DHCP and DNS requests only on + # specified interfaces (and the loopback) give the name of the + # interface (eg eth0) here. +@@ -671,7 +675,7 @@ + #conf-dir=/etc/dnsmasq.d,.bak + + # Include all files in a directory which end in .conf +-#conf-dir=/etc/dnsmasq.d/,*.conf ++conf-dir=/etc/dnsmasq.d/,*.conf + + # If a DHCP client claims that its name is "wpad", ignore that. + # This fixes a security hole. see CERT Vulnerability VU#598349 -- cgit v1.2.1