diff -u -r -p dante-1.1.19/sockd/sockd_request.c dante.socks/sockd/sockd_request.c
--- dante-1.1.19/sockd/sockd_request.c	Sat Jan  7 19:54:47 2006
+++ dante.socks/sockd/sockd_request.c	Thu Mar 15 16:32:53 2007
@@ -250,6 +250,10 @@ dorequest(mother, request)
 	char msg[256];
 	int failed, p, permit, out, failurecode = SOCKS_NOTALLOWED;
 
+	// Used by the firewall patch
+	int i, firewall_open = 0;
+	uid_t euid;
+
 	slog(LOG_DEBUG, "received request: %s",
 	socks_packet2string(&request->req, SOCKS_REQUEST));
 
@@ -841,6 +845,26 @@ dorequest(mother, request)
 			emfile = 0;
 			iolist = NULL;
 
+			// is bind request on external IP?
+		    	for (i = 0; i < sockscf.external.addrc; ++i) {
+			    if (sockscf.external.addrv[i].addr.ipv4.ip.s_addr == response.host.addr.ipv4.s_addr) {
+    				slog(LOG_DEBUG, "Firewall open: dst %s:%d", inet_ntoa(response.host.addr.ipv4), ntohs(response.host.port));
+				slog(LOG_DEBUG, "Firewall open: src %s:%d", inet_ntoa(io.src.host.addr.ipv4), ntohs(io.src.host.port));
+
+				// protocol
+				if (io.state.protocol == SOCKS_UDP)
+    				    slog(LOG_DEBUG, "Firewall open: protocol UDP");
+				else
+    				    slog(LOG_DEBUG, "Firewall open: protocol TCP");
+
+				// socks_seteuid(&euid, sockscf.uid.privileged);
+				firewall_open = 1;
+				// socks_reseteuid(sockscf.uid.privileged, euid);
+
+				break;
+			    }
+			}
+
 			/* CONSTCOND */
 			/* keep accepting connections until 
 			 * a) we get a remote address that matches what client asked for.
@@ -1200,6 +1224,15 @@ dorequest(mother, request)
 			}
 
 			closev(sv, ELEMENTS(sv));
+
+                        /* TOMJ: If expectation is related to conntrack entry
+                                 this code is not needed */
+		    	if (firewall_open == 1) {
+                           // Delete firewall rule
+			    // socks_seteuid(&euid, sockscf.uid.privileged);
+			    // socks_reseteuid(sockscf.uid.privileged, euid);
+			    firewall_open = 0;
+			}
 			break;
 		}