## Add rules to CHAIN to allow NTP with NTPSERVERs.
ntpclient () {
set -e
- chain=$1; shift
- for ntp; do
- run iptables -A $chain -s $ntp -j ACCEPT \
- -p udp --source-port 123 --destination-port 123
- done
+ ntpchain=$1; shift
+
+ clearchain ntp-servers
+ for ntp; do run iptables -A ntp-servers -j ACCEPT -s $ntp; done
+ run iptables -A $ntpchain -j ntp-servers \
+ -p udp --source-port 123 --destination-port 123
}
## dnsresolver CHAIN
## Pass 1. Establish the from_NAME and to_NAME constants, and the
## netclass's mask bit.
+ trace "netclass $name = $netclassindex"
eval from_$name=$(( $netclassindex << $BIT_FROM ))
eval to_$name=$(( $netclassindex << $BIT_TO ))
eval _mask_$name=$(( 1 << ($netclassindex + $BIT_MASK) ))
for n in $nn; do
addr=${n%/*}
base=${addr%::*}
- case $a in ::*) aa=$addr$a ;; *) aa=$a ;; esac
+ case $a6 in ::*) aa=$base$a6 ;; *) aa=$a6 ;; esac
eval host_inet6_$name=$aa
done