From 8af8b3986decb4be636b2b1cf9db0003ecf51d44 Mon Sep 17 00:00:00 2001
From: Rafal Wojtczuk <rafal@invisiblethingslab.com>
Date: Fri, 4 Jun 2010 13:44:18 +0200
Subject: [PATCH] Use iptables-restore in qubes_setup_dnat_to_ns

---
 common/qubes_setup_dnat_to_ns | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/common/qubes_setup_dnat_to_ns b/common/qubes_setup_dnat_to_ns
index 37f3e44..e484191 100755
--- a/common/qubes_setup_dnat_to_ns
+++ b/common/qubes_setup_dnat_to_ns
@@ -2,19 +2,23 @@
 addrule()
 {
         if [ $FIRSTONE = yes ] ; then
-                NS=$NS1
                 FIRSTONE=no
+                RULE1="-A PREROUTING -d $NS1 -p udp --dport 53 -j DNAT --to $1"
         else
+                RULE2="-A PREROUTING -d $NS2 -p udp --dport 53 -j DNAT --to $1"
                 NS=$NS2
         fi
-        iptables -A PREROUTING -t nat -d $NS -p udp --dport 53 -j DNAT \
-                --to "$1"
 }
 export PATH=$PATH:/sbin:/bin
 source /var/run/qubes_ns
 if [ "X"$NS1 = "X" ] ; then exit ; fi
 iptables -t nat -F PREROUTING
 FIRSTONE=yes
-grep ^nameserver /etc/resolv.conf | head -2 | while read x y z ; do
-        addrule "$y"
-done
+grep ^nameserver /etc/resolv.conf | head -2 |
+        (
+        while read x y z ; do
+                addrule "$y"
+        done
+        (echo "*nat"; echo $RULE1; echo $RULE2; echo COMMIT) | iptables-restore -n
+        )
+