
#-----------------------------------------------------------------------
# CHANGES
#-----------------------------------------------------------------------
#
# 2000-04-16  Jean-Sebastien Morisset <jsmoriss@mvlan.net>
#             Added source port 137 for DNS queries. This allows windows
#             clients to lokkup up netbios names on the DNS.
# 2001-03-29  Edwin ten Brink <edwin@privateer.student.utwente.nl>
#             Converted UDP statements to Accept_Hostports function
#             Small text improvements
# 2000-10-14  Jean-Sebastien Morisset <jsmoriss@jsm-mv.dyndns.org>
#             Initial module written for v5.0.
#
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#m# 123
#a# accept
#i# cluster
#n# dns
#t# clients
#
#   |--------------------------------------------------------------------|
#d# dns-clients (Ports 53 TCP, 53 UDP)
#d# If you're hosting an internet domain, set the accept variable to 
#d# "any/0". This opens port 53 in UDP and TCP (for zone transfers). If 
#d# you don't manage your own domain/zone, leave this option empty.
#   |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

for host in `Option_Value accept $INTOPT dns clients`
do
	Accept_Hostports local udp "DNS Queries" $host domain

	# The above allows connections from ports 1024+. We also need to open source
	# port 53 and 137. Some DNS use source port 53 to be "firewall friendly". :-)
	# Windows clients, when resolving netbios names on the DNS, use a source port
	# of 137.
	#
	for source_port in domain 137
	do
		ipchains -A $INCHAIN  -j ACCEPT -p udp -s $host $source_port -d $IPADDR domain $LOG
		ipchains -A $OUTCHAIN -j ACCEPT -p udp -s $IPADDR domain -d $host $source_port $LOG
	done

	Accept_Hostports local tcp "DNS Transfers" $host domain
done
unset host

