From a305632d36836eec48f39fb29bd7977a228446cf Mon Sep 17 00:00:00 2001
From: Bill Nottingham <notting@redhat.com>
Date: Thu, 19 Jun 2003 17:58:46 +0000
Subject: fix DNS punching in the case of other rules for the DNS server
 (#97686, <martin@zepler.org>)

---
 sysconfig/network-scripts/ifup-post | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'sysconfig/network-scripts')

diff --git a/sysconfig/network-scripts/ifup-post b/sysconfig/network-scripts/ifup-post
index c6e9062b..39dbad59 100755
--- a/sysconfig/network-scripts/ifup-post
+++ b/sysconfig/network-scripts/ifup-post
@@ -86,7 +86,7 @@ if [ "$FIREWALL_MODS" != "no" -a -f /etc/sysconfig/iptables ] && \
 	ns=`awk '/^nameserver / { print $2 }' /etc/resolv.conf`
 	if [ -n "$ns" ]; then
 		for nameserver in $ns ; do
-			if ! iptables -L RH-Lokkit-0-50-INPUT -n | grep -q $nameserver ; then
+			if ! iptables -L RH-Lokkit-0-50-INPUT -n | grep -q "$nameserver.* --sport 53 " ; then
 				iptables -I RH-Lokkit-0-50-INPUT -m udp -s $nameserver/32 --sport 53 -d 0/0 --dport 1025:65535 -p udp -j ACCEPT
 				[ -x /usr/bin/logger ] && logger $"punching nameserver $nameserver through the firewall"
 			fi
-- 
cgit v1.2.1