
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#m# 123
#a# accept
#i# cluster
#n# dns
#t# clients
#
#   |--------------------------------------------------------------------|
#d# dns-clients (Ports 53 TCP, 53 UDP)
#d# If you're hosting an internet domain, set the accept variable to 
#d# "any/0". This opens port 53 in UDP and TCP (for zone transfers). If 
#d# you don't manage your own domain/zone, leave this option empty.
#   |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

for host in `Option_Value accept $INTOPT dns clients`
do
	Accept_Hostports local udp "DNS Queries" $host domain

	# The above allows connections from ports 1024+. We also need to open source
	# port 53 and 137. Some DNS use source port 53 to be "firewall friendly". :-)
	# Windows clients, when resolving netbios names on the DNS, use a source port
	# of 137.
	#
	for source_port in domain 137 "512:1023"
	do
		ipchains -A $INCHAIN  -j ACCEPT -p udp -s $host $source_port -d $IPADDR domain $LOG
		ipchains -A $OUTCHAIN -j ACCEPT -p udp -s $IPADDR domain -d $host $source_port $LOG
	done

	Accept_Hostports local tcp "DNS Transfers" $host domain
done
unset host

