security/q-feeds-connector: track if qfeeds lists are loaded when deselected and reload unbounds blocklist in that case (via qfeedsctl.py), for https://github.com/opnsense/plugins/issues/5190

2026-04-11 03:58:09 -04:00 · 2026-02-05 21:19:22 +01:00 · 2026-02-05 21:19:22 +01:00 · 8cafe71201
commit 8cafe71201
parent d0374346e2
3 changed files with 12 additions and 3 deletions
--- a/security/q-feeds-connector/src/opnsense/scripts/qfeeds/lib/init.py
+++ b/security/q-feeds-connector/src/opnsense/scripts/qfeeds/lib/init.py
@ -1,5 +1,5 @@
 """
-    Copyright (c) 2025 Deciso B.V.
+    Copyright (c) 2025-2026 Deciso B.V.
    All rights reserved.

    Redistribution and use in source and binary forms, with or without
@ -117,7 +117,14 @@ class QFeedsActions:

    def unbound_load(self):
        bl_conf = '/usr/local/etc/unbound/qfeeds-blocklists.conf'
-        if os.path.exists(bl_conf) and os.path.getsize(bl_conf) > 20:
+        bl_configured = os.path.exists(bl_conf) and os.path.getsize(bl_conf) > 20
+        bl_stat = '/tmp/qfeeds-unbound-bl.stat'
+        if bl_configured or os.path.exists(bl_stat):
+            # when de-configuring domain lists, we need to reconfigure unbound on deselect, track an empty file to
+            # detect that event (written by the unbound helper).
+            if os.path.exists(bl_stat):
+                os.remove(bl_stat)
+
            # when qfeeds-blocklists.conf is ~empty, skip updates
            subprocess.run(['/usr/local/sbin/configctl', 'unbound', 'dnsbl'])
            yield 'update unbound blocklist'
--- a/security/q-feeds-connector/src/opnsense/scripts/qfeeds/qfeedsctl.py
+++ b/security/q-feeds-connector/src/opnsense/scripts/qfeeds/qfeedsctl.py
@ -1,7 +1,7 @@
 #!/usr/local/bin/python3

 """
-    Copyright (c) 2025 Deciso B.V.
+    Copyright (c) 20252-2026 Deciso B.V.
    All rights reserved.

    Redistribution and use in source and binary forms, with or without
--- a/security/q-feeds-connector/src/opnsense/scripts/unbound/blocklists/qfeeds_bl.py
+++ b/security/q-feeds-connector/src/opnsense/scripts/unbound/blocklists/qfeeds_bl.py
@ -44,6 +44,8 @@ class DefaultBlocklistHandler(BaseBlocklistHandler):
        if self.cnf and self.cnf.has_section('settings'):
            if self.cnf.has_option('settings', 'filenames'):
                qfeeds_filenames = self.cnf.get('settings', 'filenames').split(',')
+                # touch a file to help qfeedsctl detect the current instance uses its list
+                open('/tmp/qfeeds-unbound-bl.stat', 'w').write('')

        result = {}
        for filename in qfeeds_filenames: