move default ACL installation to before config file parsing, so you can override it.

diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc
index 2b885c4efe4cadd322f5f1dcdbf28e3714915087..1fb6b27463706aa2d280d907ac9c6d0d370e7c40 100644 (file)
--- a/pdns/dnsdist-tcp.cc
+++ b/pdns/dnsdist-tcp.cc
@@ -110,8 +110,6 @@ void* tcpClientThread(int pipefd)
     uint16_t qlen, rlen;
     string pool; 
 
-
-
     shared_ptr<DownstreamState> ds;
     try {
       for(;;) {      

diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc
index 28edad3cb7befc8c04fe63c32193c3ff92030443..a2f922cf12acfd3f72edc05a82c2e85ad7827e73 100644 (file)
--- a/pdns/dnsdist.cc
+++ b/pdns/dnsdist.cc
@@ -419,9 +419,7 @@ try
       if(dh->qr)    // don't respond to responses
        continue;
       
-      
       DNSName qname(packet, len, 12, false, &qtype);
-
       g_rings.queryRing.push_back(qname);
             
       if(blockFilter) {
@@ -432,7 +430,6 @@ try
          continue;
        }
       }
-      
 
       DNSAction::Action action=DNSAction::Action::None;
       string ruleresult;
@@ -1021,7 +1018,6 @@ try
     g_cmdLine.remotes.push_back(*p);
   }
 
-
   g_maxOutstanding = 1024;
 
   ServerPolicy leastOutstandingPol{"leastOutstanding", leastOutstanding};
@@ -1033,6 +1029,11 @@ try
     _exit(EXIT_SUCCESS);
   }
 
+  auto acl = g_ACL.getCopy();
+  for(auto& addr : {"127.0.0.0/8", "10.0.0.0/8", "100.64.0.0/10", "169.254.0.0/16", "192.168.0.0/16", "172.16.0.0/12", "::1/128", "fc00::/7", "fe80::/10"})
+    acl.addMask(addr);
+  g_ACL.setState(acl);
+
   auto todo=setupLua(false, g_cmdLine.config);
 
   if(g_cmdLine.locals.size()) {
@@ -1084,10 +1085,6 @@ try
   for(auto& t : todo)
     t();
 
-  auto acl = g_ACL.getCopy();
-  for(auto& addr : {"127.0.0.0/8", "10.0.0.0/8", "100.64.0.0/10", "169.254.0.0/16", "192.168.0.0/16", "172.16.0.0/12", "::1/128", "fc00::/7", "fe80::/10"})
-    acl.addMask(addr);
-  g_ACL.setState(acl);
 
   if(g_cmdLine.remotes.size()) {
     for(const auto& address : g_cmdLine.remotes) {