From b719e46505c2612e4e04c285d44a10f7f4bdcf33 Mon Sep 17 00:00:00 2001
From: bert hubert <bert.hubert@netherlabs.nl>
Date: Fri, 30 Oct 2015 21:36:29 +0100
Subject: [PATCH] oooops did not check ACL for TCP/IP connections

---
 pdns/dnsdist-tcp.cc | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc
index 1fb6b2746..52538bae7 100644
--- a/pdns/dnsdist-tcp.cc
+++ b/pdns/dnsdist-tcp.cc
@@ -252,12 +252,21 @@ void* tcpAcceptorThread(void* p)
   
   g_tcpclientthreads.addTCPClientThread();
 
+  auto acl = g_ACL.getLocal();
   for(;;) {
     try {
-      ConnectionInfo* ci = new ConnectionInfo;      
+      ConnectionInfo* ci = new ConnectionInfo;
       ci->fd = SAccept(cs->tcpFD, remote);
+      
+      if(!acl->match(remote)) {
+	g_stats.aclDrops++;
+	close(ci->fd);
+	delete ci;
+	vinfolog("Dropped TCP connection from %s because of ACL", remote.toStringWithPort());
+	continue;
+      }
 
-      vinfolog("Got connection from %s", remote.toStringWithPort());
+      vinfolog("Got TCP connection from %s", remote.toStringWithPort());
       
       ci->remote = remote;
       writen2(g_tcpclientthreads.getThread(), &ci, sizeof(ci));
-- 
2.40.0