use iptables & our lokkit chain

1 files changed, 4 insertions, 4 deletions

diff --git a/sysconfig/network-scripts/ifup-post b/sysconfig/network-scripts/ifup-post
index bd716553..a2616aae 100755
--- a/sysconfig/network-scripts/ifup-post
+++ b/sysconfig/network-scripts/ifup-post
@@ -79,13 +79,13 @@ if [ "$PEERDNS" != "no" -o -n "$RESOLV_MODS" -a "$RESOLV_MODS" != "no" ]; then
   fi
 fi
 
-if [ "$FIREWALL_MODS" != "no" -a -f /etc/sysconfig/ipchains -a \
-	"`ipchains -L input -n 2>&1 | awk 'END { print NR }'`" -gt 1 ]; then
+if [ "$FIREWALL_MODS" != "no" -a -f /etc/sysconfig/ipchains ] && \
+      iptables -L 2>/dev/null | grep -q RH-Lokkit-0-50-INPUT ; then
 	ns=`awk '/^nameserver / { print $2 }' /etc/resolv.conf`
 	if [ -n "$ns" ]; then
 		for nameserver in $ns ; do
-			if ! ipchains -L input -n | grep -q $nameserver ; then
-				ipchains -I input -s $nameserver/32 53 -d 0/0 1025:65535 -p udp -j ACCEPT
+			if ! iptables -L RH-Lokkit-0-50-INPUT -n | grep -q $nameserver ; then
+				iptables -A RH-Lokkit-0-50-INPUT -s $nameserver/32 --sport 53 -d 0/0 --dport 1025:65535 -p udp -m udp -j ACCEPT
 				[ -x /usr/bin/logger ] && logger $"punching nameserver $nameserver through the firewall"
 			fi
 		done