From 54bcf6e8e6da6b38f61e66025761f79425c89b8c Mon Sep 17 00:00:00 2001
From: bbruns <bbruns@e5899ace-8841-11de-95b9-8f387cfb8bc3>
Date: Wed, 25 Aug 2010 17:43:57 +0000
Subject: [PATCH] Some more minor changes

---
 include/functions |  8 ++++++--
 include/static    |  5 ++++-
 options.default   |  3 +++
 rc.firewall       | 19 +++++++++++++++++++
 4 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/include/functions b/include/functions
index 62598c8..109b173 100644
--- a/include/functions
+++ b/include/functions
@@ -132,8 +132,12 @@ function apply_ipv4_hack {
 			# NS-IN-DDOS - Block DNS DDoS using NS/IN spoof, see:
 			# http://www.stupendous.net/archives/2009/01/24/dropping-spurious-nsin-recursive-queries/
 			display_c PURPLE " ./NS/IN-DDOS-FIX"
-			$IPTABLES -A INPUT -j DROP -p udp --dport 53 -m u32 --u32 \
-			"0>>22&0x3C@12>>16=1&&0>>22&0x3C@20>>24=0&&0>>22&0x3C@21=0x00020001"
+			if `$MODPROBE --quiet $MOD_U32 &>/dev/null`; then
+				$IPTABLES -A INPUT -j DROP -p udp --dport 53 -m u32 --u32 \
+				"0>>22&0x3C@12>>16=1&&0>>22&0x3C@20>>24=0&&0>>22&0x3C@21=0x00020001"
+			else
+				display_c RED \nError: could not load $MOD_U32 module into the kernel.  Not using fix."
+			fi
 		;;	
 		esac
 		shift
diff --git a/include/static b/include/static
index 7cf5273..934a130 100644
--- a/include/static
+++ b/include/static
@@ -31,4 +31,7 @@ PURPLE="\E[35m"
 AQUA="\E[36m"
 WHITE="\E[1m"
 GREY="\E[37m"
-DEFAULT_COLOR="\E[39m"
\ No newline at end of file
+DEFAULT_COLOR="\E[39m"
+
+# Module names that we may need to load
+MOD_U32="xt_u32"
\ No newline at end of file
diff --git a/options.default b/options.default
index 7fc6062..6350793 100755
--- a/options.default
+++ b/options.default
@@ -6,6 +6,9 @@ IP6TABLES=/bin/true
 #IPTABLES=/sbin/iptables
 #IP6TABLES=/sbin/ip6tables
 
+#This is important for loading kernel modules
+MODPROBE=/sbin/modprobe
+
 # Don't forget to rename this file to 'options'!
 
 # I'm trying to make this config as simple as possible.  Comment out
diff --git a/rc.firewall b/rc.firewall
index b9cc894..d13f85f 100755
--- a/rc.firewall
+++ b/rc.firewall
@@ -58,6 +58,25 @@ echo "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  redistribute it under certain conditions.
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-="
 
+if [ $UID != "0" ]; then
+	display_c RED "You must be root to run this script."
+	exit 2
+fi
+
+if [ ! -x $IPTABLES ]; then
+	display_c RED "iptables command not found.  Please make sure you have the iptables"
+	display_c RED "installed (package or source) and you have the IPTABLES option properly"
+	display_c RED "defined in the 'options' file."
+	exit 3
+fi
+
+
+if [ ! -x $IP6TABLES ] && [ $IPV6 == "1" ]; then
+	display_c RED "ip6tables command not found.  Please make sure you have the iptables"
+	display_c RED "installed (package or source) and you have the IP6TABLES option properly"
+	display_c RED "defined in the 'options' file."
+	exit 3
+fi
 
 iptables_rules_flush ipv4