#!/bin/sh
#
# DNS
#

source /filter/fw.conf
echo "$0"

ARG=$1
if [ ${1:-none} = "none" ]; then
    ARG="refresh"
    ipchains -F dns
else
    if [ $ARG != "refresh" -a $ARG != "purge" -a $ARG != "delete" ]; then
        echo
        echo "Usage:   $0 <refresh|purge|delete>"
        echo "Example: $0 refresh    (default)"
        echo
        exit
    fi
fi
case $ARG in ( refresh ) ACTION="-A"; ipchains -F dns;;
             ( purge )   ACTION="-D";;
             ( delete )  ACTION="-D"; ipchains -F dns; exit;;
esac

###------- Edit Rules Below -------###

# LOCAL input
ipchains $ACTION dns -p UDP -i $IF_IP -s $SLUGER 53 -d $IP -j ACCEPT
ipchains $ACTION dns -p UDP -i $IF_IP -s $PINUS 53 -d $IP -j ACCEPT

ipchains $ACTION dns -p TCP -i $IF_IP ! -y -s $SLUGER 53 -d $IP -j ACCEPT
ipchains $ACTION dns -p TCP -i $IF_IP ! -y -s $PINUS 53 -d $IP -j ACCEPT

# FORWARD input in
ipchains $ACTION dns -p UDP -i $IF_IP -s $SLUGER 53 -d $NET_IP2 -j ACCEPT
ipchains $ACTION dns -p UDP -i $IF_IP -s $PINUS 53 -d $NET_IP2 -j ACCEPT

ipchains $ACTION dns -p TCP -i $IF_IP ! -y -s $SLUGER 53 -d $NET_IP2 -j ACCEPT
ipchains $ACTION dns -p TCP -i $IF_IP ! -y -s $PINUS 53 -d $NET_IP2 -j ACCEPT

# Logging
ipchains $ACTION dns -p UDP -i $IF_IP -s $NET_ALL -d $NET_IP2 53 -j DENY -l
ipchains $ACTION dns -p TCP -i $IF_IP -y -s $NET_ALL -d $NET_IP2 53 -j DENY -l