From 71936c911502abdb6411e614bf2eabc06ca8d367 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Tue, 6 May 2014 21:53:39 -0500 Subject: change the rule to actually allow dns traffic to tunnel nameserver, not gateway --- pkg/linux/bitmask-root | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root index b9a7acbc..a583c94c 100755 --- a/pkg/linux/bitmask-root +++ b/pkg/linux/bitmask-root @@ -561,11 +561,14 @@ def firewall_start(args): "--jump", "ACCEPT") # block DNS requests to anyone but the service provider or localhost + # XXX need to insert ipv6 too ??? -- kali ip4tables("--insert", BITMASK_CHAIN, "--protocol", "udp", "--dport", "53", "--jump", "REJECT") - for allowed_dns in gateways + ["127.0.0.1", "127.0.1.1"]: - ip4tables("--insert", "bitmask", "--protocol", "udp", "--dport", "53", - "--destination", allowed_dns, "--jump", "ACCEPT") + + for allowed_dns in [NAMESERVER, "127.0.0.1", "127.0.1.1"]: + ip4tables("--insert", BITMASK_CHAIN, "--protocol", "udp", + "--dport", "53", "--destination", allowed_dns, + "--jump", "ACCEPT") def firewall_stop(): -- cgit v1.2.3