fix NOTRACK iptables recursor hint, thanks Kai Storbeck

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2839 d19b8d6e-7fed-0310-83ef-9ca221ded41b

diff --git a/pdns/docs/pdns.xml b/pdns/docs/pdns.xml
index 098e693841ef696dc07dc5f546ab4f7337a53735..2ae546d14eef8b55f85efbbe507ba44db5e4a5ef 100644 (file)
--- a/pdns/docs/pdns.xml
+++ b/pdns/docs/pdns.xml
@@ -12671,6 +12671,8 @@ sql> insert into domainmetadata (domain_id, kind, content) values (7,'ALLOW-AXFR
              Sample Linux command lines would be:
              <screen>
              # iptables -t raw -I OUTPUT -p udp --dport 53 -j NOTRACK
+             # iptables -t raw -I OUTPUT -p udp --sport 53 -j NOTRACK
+             # iptables -t raw -I PREROUTING -p udp --dport 53 -j NOTRACK
              # iptables -t raw -I PREROUTING -p udp --sport 53 -j NOTRACK
              # iptables -I INPUT -p udp --dport 53 -j ACCEPT
              # iptables -I INPUT -p udp --sport 53 -j ACCEPT
@@ -12678,7 +12680,9 @@ sql> insert into domainmetadata (domain_id, kind, content) values (7,'ALLOW-AXFR
 
               # # optionally
              # ip6tables -t raw -I OUTPUT -p udp --dport 53 -j NOTRACK
+             # ip6tables -t raw -I OUTPUT -p udp --sport 53 -j NOTRACK
              # ip6tables -t raw -I PREROUTING -p udp --sport 53 -j NOTRACK
+             # ip6tables -t raw -I PREROUTING -p udp --dport 53 -j NOTRACK
              # ip6tables -I INPUT -p udp --dport 53 -j ACCEPT
              # ip6tables -I INPUT -p udp --sport 53 -j ACCEPT
              # ip6tables -I OUTPUT -p udp --dport 53 -j ACCEPT