oooops did not check ACL for TCP/IP connections

diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc
index 1fb6b27463706aa2d280d907ac9c6d0d370e7c40..52538bae79b82e6ee33fea44324a2cdfae3b31b2 100644 (file)
--- a/pdns/dnsdist-tcp.cc
+++ b/pdns/dnsdist-tcp.cc
@@ -252,12 +252,21 @@ void* tcpAcceptorThread(void* p)
   
   g_tcpclientthreads.addTCPClientThread();
 
+  auto acl = g_ACL.getLocal();
   for(;;) {
     try {
-      ConnectionInfo* ci = new ConnectionInfo;      
+      ConnectionInfo* ci = new ConnectionInfo;
       ci->fd = SAccept(cs->tcpFD, remote);
+      
+      if(!acl->match(remote)) {
+       g_stats.aclDrops++;
+       close(ci->fd);
+       delete ci;
+       vinfolog("Dropped TCP connection from %s because of ACL", remote.toStringWithPort());
+       continue;
+      }
 
-      vinfolog("Got connection from %s", remote.toStringWithPort());
+      vinfolog("Got TCP connection from %s", remote.toStringWithPort());
       
       ci->remote = remote;
       writen2(g_tcpclientthreads.getThread(), &ci, sizeof(ci));