modify the firewall to allow any (new) DNS servers through on ifup

1 files changed, 17 insertions, 0 deletions

diff --git a/sysconfig/network-scripts/ifup b/sysconfig/network-scripts/ifup
index e64ba822..b661f5bf 100755
--- a/sysconfig/network-scripts/ifup
+++ b/sysconfig/network-scripts/ifup
@@ -93,6 +93,13 @@ if [ -n "${MACADDR}" ]; then
    ifconfig ${DEVICE} hw ether ${MACADDR}
 fi
 
+# Is there a firewall running, and does it look like one we configured?
+FWACTIVE=
+if [ -f /etc/sysconfig/ipchains -a "ipchains -L input -n 2>&1 | awk 'END { print NR }'" -gt 1 ]; then
+	FWACTIVE=1
+	export FWACTIVE
+fi
+			     
 if [ -n "${DYNCONFIG}" ]; then
     PUMPARGS=
     DHCPCDARGS=
@@ -110,14 +117,24 @@ if [ -n "${DYNCONFIG}" ]; then
     fi
     echo -n $"Determining IP information for ${DEVICE}..."
     
+    # DHCP clients need DNS to be available, and we don't know
+    # what DNS server they're using until they are done.
+    FWHACK=
+    if [ -n "$FWACTIVE" -a "$FIREWALL_MODS" != "no" ]; then
+        ipchains -I input -s 0/0 53 -p udp -j ACCEPT
+	FWHACK=1
+    fi
+    
     if [ -x /sbin/pump ] && /sbin/pump ${PUMPARGS} -i ${DEVICE} ; then
 	echo $" done."
     elif [ -x /sbin/dhcpcd ] && /sbin/dhcpcd ${DHCPCDARGS} ${DEVICE} ; then
 	echo $" done."
     else
 	echo $" failed."
+	[ -n "$FWHACK" ] && ipchains -D input -s 0/0 53 -p udp -j ACCEPT
 	exit 1
     fi
+    [ -n "$FWHACK" ] && ipchains -D input -s 0/0 53 -p udp -j ACCEPT
 else 
     if [ -z "${IPADDR}" ]; then
          # enable device without IP, useful for e.g. PPPoE