0001269: iptables not starting if having more than 1 DNS server in the config - inline mode - PacketFence

PacketFence - BTS - PacketFence

View Issue Details

Project

Category

View Status

Date Submitted

Last Update

0001269

PacketFence

configuration

public

2011-09-15 13:42

2011-09-21 22:16

Reporter

fgaudreault

Assigned To

obilodeau

Priority

high

Severity

minor

Reproducibility

always

Status

closed

Resolution

fixed

Platform

OS Version

Product Version

devel

Target Version

Fixed in Version

3.0.0

fixed in git revision

fixed in mtn revision

6bb7cedc16341ea992237686c956d05690035bb3

Summary

0001269: iptables not starting if having more than 1 DNS server in the config - inline mode

Description

Looks like the comma-separated DNS server list is creating an error in iptables.

In the generated config :

:FORWARD DROP [0:0]
:forward-internal-inline-if - [0:0]
-A forward-internal-inline-if --protocol udp --destination 4.2.2.2,4.2.2.1 --destination-port 53 --jump ACCEPT
-A forward-internal-inline-if --match mark --mark 0x1 --jump ACCEPT

In pf.conf :
# general.dnsservers
#
# Comma-delimited list of DNS servers. Passthroughs are created to allow queries to these servers from even "trapped" nodes.
dnsservers=4.2.2.2,4.2.2.1

Steps To Reproduce

Additional Information