This commit is contained in:
bbruns@gmail.com
parent
9062c1a6c7
commit
8e9f9638ad
@ -150,6 +150,7 @@ if [ "${EnableIPv4}" == "yes" ]; then
|
||||
[ "${EnableTrustedv4Hosts}" == "yes" ] && allow_trusted_hosts ipv4
|
||||
[ "${Enablev4MSSClamp}" == "yes" ] && enable_mss_clamp ipv4
|
||||
[ "${DNSClientUsev4ResolvConf}" == "yes" ] && allow_resolvconf_servers ipv4
|
||||
[ "${DNSClientManualv4Servers}" ] && allow_dnsclient_manual ipv4 ${DNSClientManualv4Servers}
|
||||
fi
|
||||
|
||||
# Do IPv6 IPTables Rules
|
||||
@ -158,12 +159,13 @@ if [ "${EnableIPv6}" == "yes" ]; then
|
||||
iptables_rules_flush ipv6
|
||||
|
||||
# Create the chain sets we'll need and the ones that can be
|
||||
# customized by users in their custom rules
|
||||
# customized by users in their custom rules
|
||||
setup_iptables_chains ipv6
|
||||
|
||||
[ "${AllowAllv6Loopback}" == "yes" ] && allow_all_loopback ipv6
|
||||
[ "${EnableTrustedv6Hosts}" == "yes" ] && allow_trusted_hosts ipv6
|
||||
[ "${Enablev6MSSClamp}" == "yes" ] && enable_mss_clamp ipv6
|
||||
[ "${DNSClientUsev6ResolvConf}" == "yes" ] && allow_resolvconf_servers ipv6
|
||||
[ "${DNSClientManualv6Servers}" ] && allow_dnsclient_manual ipv6 ${DNSClientManualv6Servers}
|
||||
fi
|
||||
|
||||
|
||||
@ -33,5 +33,7 @@ Enablev4MSSClamp="yes"
|
||||
DNSClientUsev4ResolvConf="yes"
|
||||
ResolvConfv4File="/etc/resolv.conf"
|
||||
|
||||
# Uncomment below if you set above to no.
|
||||
# Uncomment below if you set above to no. You can still manually define your servers
|
||||
# here if you want. Useful at times.
|
||||
# Values: space separated IP list of DNS servers
|
||||
#DNSClientManualv4Servers=""
|
||||
@ -33,5 +33,7 @@ Enablev6MSSClamp="yes"
|
||||
DNSClientUsev6ResolvConf="yes"
|
||||
ResolvConfv6File="/etc/resolv.conf"
|
||||
|
||||
# Uncomment below if you set above to no.
|
||||
# Uncomment below if you set above to no. You can still manually define your servers
|
||||
# here if you want. Useful at times.
|
||||
# Values: space separated IP list of DNS servers
|
||||
#DNSClientManualv6Servers=""
|
||||
@ -206,4 +206,25 @@ function allow_resolvconf_servers {
|
||||
${VER_IPTABLES} -A ${OutPreRules} -p tcp -s ${server} --sport 1024:65535 --dport 53 -j ACCEPT
|
||||
${VER_IPTABLES} -A ${InPreRules} -p tcp -d ${server} --dport 1024:65535 --sport 53 -j ACCEPT
|
||||
done < "${ResolvConfFile}"
|
||||
${debug} ${DebugColor} "${FUNCNAME}: done"
|
||||
}
|
||||
|
||||
function allow_dnsclient_manual {
|
||||
IP_VERSION=$1
|
||||
case $IP_VERSION in
|
||||
ipv6) VER_IPTABLES=${IP6TABLES};
|
||||
IPVER="6" ;;
|
||||
ipv4|*) VER_IPTABLES=${IPTABLES}
|
||||
IPVER="4" ;;
|
||||
esac
|
||||
DNS_SERVERS="$2-"
|
||||
${debug} ${DebugColor} "${FUNCNAME}: loading"
|
||||
for i in ${DNS_SERVERS}; do
|
||||
${debug} ${DebugColor} "${FUNCNAME}: Added ${i} to DNS client trusted list"
|
||||
${VER_IPTABLES} -A ${OutPreRules} -p udp -s ${i} --sport 1024:65535 --dport 53 -j ACCEPT
|
||||
${VER_IPTABLES} -A ${InPreRules} -p udp -d ${i} --dport 1024:65535 --sport 53 -j ACCEPT
|
||||
${VER_IPTABLES} -A ${OutPreRules} -p tcp -s ${i} --sport 1024:65535 --dport 53 -j ACCEPT
|
||||
${VER_IPTABLES} -A ${InPreRules} -p tcp -d ${i} --dport 1024:65535 --sport 53 -j ACCEPT
|
||||
done
|
||||
${debug} ${DebugColor} "${FUNCNAME}: done"
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user