From f3674af0db055028fc06a21d2d448aa61f06dea5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= <bserie@evolix.fr>
Date: Fri, 25 Jul 2014 14:21:42 +0200
Subject: [PATCH] Allow Input DNS on IPv6.

Used when a slave respond to a master notification in bind for example.
---
 firewall.rc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/firewall.rc b/firewall.rc
index bc5b9aa..56e60c4 100644
--- a/firewall.rc
+++ b/firewall.rc
@@ -77,12 +77,13 @@ NTPOK='0.0.0.0/0'
 ################### IPv6 Specific rules
 # /sbin/ip6tables ...
 
-# Allow HTTP/HTTPS/SMTP traffic
+# Allow Input HTTP/HTTPS/SMTP/DNS traffic
 /sbin/ip6tables -A INPUT -i $INT -p tcp --sport 80 --match state --state ESTABLISHED,RELATED -j ACCEPT
 /sbin/ip6tables -A INPUT -i $INT -p tcp --sport 443 --match state --state ESTABLISHED,RELATED -j ACCEPT
 /sbin/ip6tables -A INPUT -i $INT -p tcp --sport 25 --match state --state ESTABLISHED,RELATED -j ACCEPT
+/sbin/ip6tables -A INPUT -i $INT -p tcp --sport 53 --match state --state ESTABLISHED,RELATED -j ACCEPT
 
-# Allow DNS, NTP and traceroute traffic
+# Allow Output DNS, NTP and traceroute traffic
 /sbin/ip6tables -A OUTPUT -o $INT -p udp --dport 53 --match state --state NEW -j ACCEPT
 /sbin/ip6tables -A OUTPUT -o $INT -p udp --dport 123 --match state --state NEW -j ACCEPT
 /sbin/ip6tables -A OUTPUT -o $INT -p udp --dport 33434:33523 --match state --state NEW -j ACCEPT