From 91349658f8e771e135be04f885c21abbbb2cfb58 Mon Sep 17 00:00:00 2001
From: Vicente <victek@tomatoraf.com>
Date: Sat, 22 Jun 2013 22:49:40 +0200
Subject: [PATCH] Added extrarules to iptables to get UDP request.
 (https://dev.openwrt.org/ticket/155) EasyTomato patches. Thanks!

---
 release/src/router/Makefile      |  2 +-
 release/src/router/rc/firewall.c |  3 +++
 release/src/router/rc/restrict.c | 32 +++-----------------------------
 3 files changed, 7 insertions(+), 30 deletions(-)

diff --git a/release/src/router/Makefile b/release/src/router/Makefile
index 081fb1b622..77bc7d976c 100644
--- a/release/src/router/Makefile
+++ b/release/src/router/Makefile
@@ -476,7 +476,7 @@ endif
 	@rm -f $(TARGETDIR)/lib/modules/*/build
 
 	@$(MAKE) -C $(LINUXDIR)/scripts/squashfs mksquashfs-lzma
-	@$(LINUXDIR)/scripts/squashfs/mksquashfs-lzma $(TARGETDIR) $(PLATFORMDIR)/target.image -all-root -noappend -nopad | tee target.info
+	@$(LINUXDIR)/scripts/squashfs/mksquashfs-lzma $(TARGETDIR) $(PLATFORMDIR)/target.image -all-root -noappend -no-duplicates | tee target.info
 
 #	Package kernel and filesystem
 #	if grep -q "CONFIG_EMBEDDED_RAMDISK=y" $(LINUXDIR)/.config ; then \
diff --git a/release/src/router/rc/firewall.c b/release/src/router/rc/firewall.c
index 29289afe17..c5593d9dce 100644
--- a/release/src/router/rc/firewall.c
+++ b/release/src/router/rc/firewall.c
@@ -440,6 +440,9 @@ static void ipt_account(void) {
 	char lanN[] = "lanXX";
 	char netaddrnetmask[] = "255.255.255.255/255.255.255.255 ";
 	char br;
+	// If the IP Address changes, the below rule will cause things to choke, and blocking rules don't get applied
+	// As a workaround, flush the entire FORWARD chain
+	system("iptables -F FORWARD");
 
 	for(br=0 ; br<=3 ; br++) {
 		char bridge[2] = "0";
diff --git a/release/src/router/rc/restrict.c b/release/src/router/rc/restrict.c
index ca8accf8c1..db6a5447b3 100644
--- a/release/src/router/rc/restrict.c
+++ b/release/src/router/rc/restrict.c
@@ -282,41 +282,15 @@ void ipt_restrictions(void)
 						  wanfaces.iface[n].name);
 				}
 			}
-		}
+		// Only mess with DNS requests that are coming in on INPUT
+		ip46t_write("-I INPUT 1 -p udp --dport 53 -j restrict\n");
+	}
 
 		sprintf(reschain, "rres%02d", nrule);
 		ip46t_write(":%s - [0:0]\n", reschain);
 
 		blockall = 1;
 
-		/*
-
-		proto<dir<port<ipp2p<layer7[<addr_type<addr]
-
-		proto:
-			-1 = both tcp/udp
-			-2 = any protocol
-			else = proto #
-		dir:
-		if proto == -1,tcp,udp:
-			a = any port
-			s = src port
-			d = dst port
-			x = src or dst port
-		port:
-			port # if proto == -1,tcp,udp
-		ipp2p:
-			# = ipp2p bit
-		l7:
-			.* = pattern name
-		addr_type:
-			0 = any
-			1 = dest ip
-			2 = src ip
-		addr:
-			ip if addr_type == 1
-
-		*/
 		while ((q = strsep(&matches, ">")) != NULL) {
 			n = vstrsep(q, "<", &pproto, &dir, &pport, &ipp2p, &layer7, &addr_type, &addr);
 			if (n == 5) {
-- 
2.11.4.GIT