firewall/ipt-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

DNS 'ANY' request uses TCP port. So allow DNS TCP requests for 'resolver_allowed_network_arr'.

Browse Source
This commit is contained in:
Christoph 2020-02-19 14:03:16 +01:00
parent 1fc3da67f8
commit 5ea1b0acbd
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ip6t-firewall-server
View File

@ -1066,6 +1066,7 @@ if [[ -n "$local_resolver_service" ]] && $local_resolver_service ; then
if [[ ${#resolver_allowed_network_arr[@]} -gt 0 ]] ; then if [[ ${#resolver_allowed_network_arr[@]} -gt 0 ]] ; then
for _net in ${resolver_allowed_network_arr[@]} ; do for _net in ${resolver_allowed_network_arr[@]} ; do
$ip6t -A INPUT -p udp -s $_net --dport $resolver_port -m conntrack --ctstate NEW -j ACCEPT $ip6t -A INPUT -p udp -s $_net --dport $resolver_port -m conntrack --ctstate NEW -j ACCEPT
$ip6t -A INPUT -p tcp -s $_net --dport $resolver_port -m conntrack --ctstate NEW -j ACCEPT
done done
echo_done echo_done
else else

1
ipt-firewall-server
View File

@ -1312,6 +1312,7 @@ if [[ -n "$local_resolver_service" ]] && $local_resolver_service ; then
if [[ ${#resolver_allowed_network_arr[@]} -gt 0 ]] ; then if [[ ${#resolver_allowed_network_arr[@]} -gt 0 ]] ; then
for _net in ${resolver_allowed_network_arr[@]} ; do for _net in ${resolver_allowed_network_arr[@]} ; do
$ipt -A INPUT -p udp -s $_net --dport $resolver_port -m conntrack --ctstate NEW -j ACCEPT $ipt -A INPUT -p udp -s $_net --dport $resolver_port -m conntrack --ctstate NEW -j ACCEPT
$ipt -A INPUT -p tcp -s $_net --dport $resolver_port -m conntrack --ctstate NEW -j ACCEPT
done done
echo_done echo_done
else else