master
parent
c15e1eb60a
commit
57f8db5aa1
|
@ -207,11 +207,12 @@ function allow_resolvconf_servers {
|
|||
([[ ${IP_VERSION} == "ipv4" ]] && [[ ${Enablev4ConnectionTracking} == "yes" ]]) && use_conntrack="yes"
|
||||
([[ ${IP_VERSION} == "ipv6" ]] && [[ ${Enablev6ConnectionTracking} == "yes" ]]) && use_conntrack="yes"
|
||||
|
||||
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} Added ${server} to DNS client trusted list"
|
||||
if [[ ${use_conntrack} == "yes" ]]; then
|
||||
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} Added ${server} to conntrack list for DNS traffic"
|
||||
${VER_IPTABLES} -A ${OutPreRules} -p udp -d ${server} --dport 53 ${M_STATE} ${C_STATE} NEW,ESTABLISHED -j ACCEPT
|
||||
${VER_IPTABLES} -A ${InPreRules} -p udp -s ${server} --sport 53 ${M_STATE} ${C_STATE} ESTABLISHED,RELATED -j ACCEPT
|
||||
else
|
||||
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} Added ${server} to DNS client trusted list"
|
||||
${VER_IPTABLES} -A ${OutPreRules} -p udp -s ${server} --sport 1024:65535 --dport 53 -j ACCEPT
|
||||
${VER_IPTABLES} -A ${InPreRules} -p udp -d ${server} --dport 1024:65535 --sport 53 -j ACCEPT
|
||||
#${VER_IPTABLES} -A ${OutPreRules} -p tcp -s ${server} --sport 1024:65535 --dport 53 -j ACCEPT
|
||||
|
|
Loading…
Reference in New Issue