bin/srfirewall

@@ -150,6 +150,7 @@ if [ "${EnableIPv4}" == "yes" ]; then
 	[ "${EnableTrustedv4Hosts}" == "yes" ] && allow_trusted_hosts ipv4
 	[ "${Enablev4MSSClamp}" == "yes" ] && enable_mss_clamp ipv4
 	[ "${DNSClientUsev4ResolvConf}" == "yes" ] && allow_resolvconf_servers ipv4
+	[ "${DNSClientManualv4Servers}" ] && allow_dnsclient_manual ipv4 ${DNSClientManualv4Servers}
 fi
 
 # Do IPv6 IPTables Rules
@@ -158,12 +159,13 @@ if [ "${EnableIPv6}" == "yes" ]; then
 	iptables_rules_flush ipv6
 	
 	# Create the chain sets we'll need and the ones that can be
-	# customized by users in their custom rules 
+	# customized by users in their custom rules
 	setup_iptables_chains ipv6
 	
 	[ "${AllowAllv6Loopback}" == "yes" ] && allow_all_loopback ipv6
 	[ "${EnableTrustedv6Hosts}" == "yes" ] && allow_trusted_hosts ipv6
 	[ "${Enablev6MSSClamp}" == "yes" ] && enable_mss_clamp ipv6
 	[ "${DNSClientUsev6ResolvConf}" == "yes" ] && allow_resolvconf_servers ipv6
+	[ "${DNSClientManualv6Servers}" ] && allow_dnsclient_manual ipv6 ${DNSClientManualv6Servers}
 fi
 

etc/ipv4.conf

@@ -33,5 +33,7 @@ Enablev4MSSClamp="yes"
 DNSClientUsev4ResolvConf="yes"
 ResolvConfv4File="/etc/resolv.conf"
 
-# Uncomment below if you set above to no.
+# Uncomment below if you set above to no.  You can still manually define your servers
+# here if you want.  Useful at times.
+# Values: space separated IP list of DNS servers
 #DNSClientManualv4Servers=""

etc/ipv6.conf

@@ -33,5 +33,7 @@ Enablev6MSSClamp="yes"
 DNSClientUsev6ResolvConf="yes"
 ResolvConfv6File="/etc/resolv.conf"
 
-# Uncomment below if you set above to no.
+# Uncomment below if you set above to no.  You can still manually define your servers
+# here if you want.  Useful at times.
+# Values: space separated IP list of DNS servers
 #DNSClientManualv6Servers=""

lib/iptables.inc

@@ -206,4 +206,25 @@ function allow_resolvconf_servers {
 		${VER_IPTABLES} -A ${OutPreRules} -p tcp -s ${server} --sport 1024:65535 --dport 53 -j ACCEPT
 		${VER_IPTABLES} -A ${InPreRules} -p tcp -d ${server} --dport 1024:65535 --sport 53 -j ACCEPT
 	done < "${ResolvConfFile}"
+	${debug} ${DebugColor} "${FUNCNAME}: done"
+}
+
+function allow_dnsclient_manual {
+	IP_VERSION=$1
+		case $IP_VERSION in
+		ipv6) VER_IPTABLES=${IP6TABLES};
+				IPVER="6" ;;
+		ipv4|*) VER_IPTABLES=${IPTABLES}
+				IPVER="4" ;;
+	esac
+	DNS_SERVERS="$2-"
+	${debug} ${DebugColor} "${FUNCNAME}: loading"
+	for i in ${DNS_SERVERS}; do
+		${debug} ${DebugColor} "${FUNCNAME}: Added ${i} to DNS client trusted list"
+		${VER_IPTABLES} -A ${OutPreRules} -p udp -s ${i} --sport 1024:65535 --dport 53 -j ACCEPT
+		${VER_IPTABLES} -A ${InPreRules} -p udp -d ${i} --dport 1024:65535 --sport 53 -j ACCEPT
+		${VER_IPTABLES} -A ${OutPreRules} -p tcp -s ${i} --sport 1024:65535 --dport 53 -j ACCEPT
+		${VER_IPTABLES} -A ${InPreRules} -p tcp -d ${i} --dport 1024:65535 --sport 53 -j ACCEPT
+	done
+	${debug} ${DebugColor} "${FUNCNAME}: done"
 }