opnsense
dns/bind: Allow negation in ACL definitions (#4435)
This adds a BindAddressMatchField and matching validator as a better match to the fairly ubiquitous address match list construct in the bind configuration. It allows ACLs to contain negation (!) and reference built-in ACLs. It does not (yet) support referencing other user defined ACLs, keys, or nested address match lists.
Since introducing negation makes ACL entry order critical, the user interface is updated from the tokenized address list to a textbox with one entry per line, which provides a better experience for controlling the entry order.
Lastly, this now blocks deletion of ACLs that are referenced elsewhere in the configuration, and better handles ACLs that are disabled when generating named.conf. Previously, deleting or disabling ACLs would typically cause an invalid configuration to be generated.
The BindAddressMatchField and validator implementation is based on (read: copied and modified) the core NetworkField type and validator to the extent that leaving the Deciso copyright seems appropriate.
There are no model or stored configuration changes, so no migration is needed.
@mimugmail, @fichtner, seeking some feedback on this, a first plugin contribution. I have an update for DNS64 working well locally but it depends on this, so I want to get this one sorted first before posting a PR for that. Thanks.