Use iptables-restore in qubes_setup_dnat_to_ns

This commit is contained in:
Rafal Wojtczuk 2010-06-04 13:44:18 +02:00
parent 7c2c941678
commit 67b1bbfb65

View File

@ -2,19 +2,23 @@
addrule() addrule()
{ {
if [ $FIRSTONE = yes ] ; then if [ $FIRSTONE = yes ] ; then
NS=$NS1
FIRSTONE=no FIRSTONE=no
RULE1="-A PREROUTING -d $NS1 -p udp --dport 53 -j DNAT --to $1"
else else
RULE2="-A PREROUTING -d $NS2 -p udp --dport 53 -j DNAT --to $1"
NS=$NS2 NS=$NS2
fi fi
iptables -A PREROUTING -t nat -d $NS -p udp --dport 53 -j DNAT \
--to "$1"
} }
export PATH=$PATH:/sbin:/bin export PATH=$PATH:/sbin:/bin
source /var/run/qubes_ns source /var/run/qubes_ns
if [ "X"$NS1 = "X" ] ; then exit ; fi if [ "X"$NS1 = "X" ] ; then exit ; fi
iptables -t nat -F PREROUTING iptables -t nat -F PREROUTING
FIRSTONE=yes FIRSTONE=yes
grep ^nameserver /etc/resolv.conf | head -2 | while read x y z ; do grep ^nameserver /etc/resolv.conf | head -2 |
(
while read x y z ; do
addrule "$y" addrule "$y"
done done
(echo "*nat"; echo $RULE1; echo $RULE2; echo COMMIT) | iptables-restore -n
)