From: Peter van Dijk <peter.van.dijk@netherlabs.nl>
Date: Thu, 1 Nov 2012 09:51:46 +0000 (+0000)
Subject: fix NOTRACK iptables recursor hint, thanks Kai Storbeck
X-Git-Tag: auth-3.2-rc1~43
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d61a30d75be965e49c4c0c5b1ff45da5fb8cdd65;p=thirdparty%2Fpdns.git

fix NOTRACK iptables recursor hint, thanks Kai Storbeck

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2839 d19b8d6e-7fed-0310-83ef-9ca221ded41b
---

diff --git a/pdns/docs/pdns.xml b/pdns/docs/pdns.xml
index 098e693841..2ae546d14e 100644
--- a/pdns/docs/pdns.xml
+++ b/pdns/docs/pdns.xml
@@ -12671,6 +12671,8 @@ sql> insert into domainmetadata (domain_id, kind, content) values (7,'ALLOW-AXFR
 	      Sample Linux command lines would be:
 	      <screen>
 	      # iptables -t raw -I OUTPUT -p udp --dport 53 -j NOTRACK
+	      # iptables -t raw -I OUTPUT -p udp --sport 53 -j NOTRACK
+	      # iptables -t raw -I PREROUTING -p udp --dport 53 -j NOTRACK
 	      # iptables -t raw -I PREROUTING -p udp --sport 53 -j NOTRACK
 	      # iptables -I INPUT -p udp --dport 53 -j ACCEPT
 	      # iptables -I INPUT -p udp --sport 53 -j ACCEPT
@@ -12678,7 +12680,9 @@ sql> insert into domainmetadata (domain_id, kind, content) values (7,'ALLOW-AXFR
 
               # # optionally
 	      # ip6tables -t raw -I OUTPUT -p udp --dport 53 -j NOTRACK
+	      # ip6tables -t raw -I OUTPUT -p udp --sport 53 -j NOTRACK
 	      # ip6tables -t raw -I PREROUTING -p udp --sport 53 -j NOTRACK
+	      # ip6tables -t raw -I PREROUTING -p udp --dport 53 -j NOTRACK
 	      # ip6tables -I INPUT -p udp --dport 53 -j ACCEPT
 	      # ip6tables -I INPUT -p udp --sport 53 -j ACCEPT
 	      # ip6tables -I OUTPUT -p udp --dport 53 -j ACCEPT