change the rule to actually allow dns traffic to tunnel nameserver, not gateway

author: Kali Kaneko <kali@leap.se> 2014-05-06 21:53:39 -0500
committer: Kali Kaneko <kali@leap.se> 2014-05-12 11:24:59 -0500
commit: 71936c911502abdb6411e614bf2eabc06ca8d367 (patch)
tree: a8ddf55c840b89764bac1a87838abdadbc94660c /pkg/linux
parent: 7dd7d8dac61db9623ae97fc9669eaac693b9a3ee (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root
index b9a7acbc..a583c94c 100755
--- a/pkg/linux/bitmask-root
+++ b/pkg/linux/bitmask-root
@@ -561,11 +561,14 @@ def firewall_start(args):
                   "--jump", "ACCEPT")
 
     # block DNS requests to anyone but the service provider or localhost
+    # XXX need to insert ipv6 too ??? -- kali
     ip4tables("--insert", BITMASK_CHAIN, "--protocol", "udp", "--dport", "53",
               "--jump", "REJECT")
-    for allowed_dns in gateways + ["127.0.0.1", "127.0.1.1"]:
-        ip4tables("--insert", "bitmask", "--protocol", "udp", "--dport", "53",
-                  "--destination", allowed_dns, "--jump", "ACCEPT")
+
+    for allowed_dns in [NAMESERVER, "127.0.0.1", "127.0.1.1"]:
+        ip4tables("--insert", BITMASK_CHAIN, "--protocol", "udp",
+                  "--dport", "53", "--destination", allowed_dns,
+                  "--jump", "ACCEPT")
 
 
 def firewall_stop():
author	Kali Kaneko <kali@leap.se>	2014-05-06 21:53:39 -0500
committer	Kali Kaneko <kali@leap.se>	2014-05-12 11:24:59 -0500
commit	71936c911502abdb6411e614bf2eabc06ca8d367 (patch)
tree	a8ddf55c840b89764bac1a87838abdadbc94660c /pkg/linux
parent	7dd7d8dac61db9623ae97fc9669eaac693b9a3ee (diff)