hi
i test other config rpz
server:
module-config: "respip validator iterator"
define-tag: "ipfire"
define-tag: "allow block"
define-tag: "wiffi"
define-tag: "nas"
# Per client IP ...
access-control-tag: 127.0.0.1/32 "ipfire"
access-control-tag: 192.168.1.2/32 "allow block"
access-control-tag: 192.168.1.5/32 "nas"
access-control-tag: 192.168.2.0/24 "wiffi"
rpz:
# The name of the RPZ authority zone
name: ipfire
# The location of the remote RPZ zonefile.
# url: http://www.example.com/example.org.zone (not a real RPZ file)
#zonefile: zonefiles/ipfire.rpz.zone
zonefile: /etc/unbound/zonefiles/ipfire.rpz.zone
tags: "ipfire"
# Always use this RPZ action for matching triggers from this zone.
# Possible action are: nxdomain, nodata, passthru, drop, disabled,
# and cname.
rpz-action-override: passthru
# Log all applied RPZ actions for this RPZ zone. Default is no.
rpz-log: yes
# Specify a string to be part of the log line.
rpz-log-name: IPFIRE
rpz:
# The name of the RPZ authority zone
name: nas
# The location of the remote RPZ zonefile.
# url: http://www.example.com/example.org.zone (not a real RPZ file)
#zonefile: zonefiles/nas.rpz.zone
zonefile: /etc/unbound/zonefiles/nas.rpz.zone
tags: "nas"
# Always use this RPZ action for matching triggers from this zone.
# Possible action are: nxdomain, nodata, passthru, drop, disabled,
# and cname.
rpz-action-override: passthru
# Log all applied RPZ actions for this RPZ zone. Default is no.
rpz-log: yes
# Specify a string to be part of the log line.
rpz-log-name: NAS
rpz:
# The name of the RPZ authority zone
name: wiffi
# The location of the remote RPZ zonefile.
# url: http://www.example.com/example.org.zone (not a real RPZ file)
#zonefile: zonefiles/wiffi.rpz.zone
zonefile: /etc/unbound/zonefiles/wiffi.rpz.zone
tags: "wiffi"
# Always use this RPZ action for matching triggers from this zone.
# Possible action are: nxdomain, nodata, passthru, drop, disabled,
# and cname.
rpz-action-override: passthru
# Log all applied RPZ actions for this RPZ zone. Default is no.
rpz-log: yes
# Specify a string to be part of the log line.
rpz-log-name: WIFFI
rpz:
# The name of the RPZ authority zone
name: allow
# The location of the remote RPZ zonefile.
# url: http://www.example.com/example.org.zone (not a real RPZ file)
#zonefile: zonefiles/allow.rpz.zone
zonefile: /etc/unbound/zonefiles/allow.rpz.zone
tags: "allow"
# Always use this RPZ action for matching triggers from this zone.
# Possible action are: nxdomain, nodata, passthru, drop, disabled,
# and cname.
rpz-action-override: passthru
# Log all applied RPZ actions for this RPZ zone. Default is no.
rpz-log: yes
# Specify a string to be part of the log line.
rpz-log-name: ALLOW
rpz:
# The name of the RPZ authority zone
name: block
# The location of the remote RPZ zonefile.
# url: http://www.example.com/example.org.zone (not a real RPZ file)
#zonefile: block.rpz.zone
zonefile: /etc/unbound/zonefiles/block.rpz.zone
tags: "block"
# Always use this RPZ action for matching triggers from this zone.
# Possible action are: nxdomain, nodata, passthru, drop, disabled,
# and cname.
rpz-action-override: nxdomain
# Log all applied RPZ actions for this RPZ zone. Default is no.
rpz-log: yes
# Specify a string to be part of the log line.
rpz-log-name: BLOCK
the files in zone directory
allow.rpz.zone block.rpz.zone ipfire.rpz.zone nas.rpz.zone wiffi.rpz.zone
all work fine
ty