Extremely basic, but functional, DNS proxying support (--dns option)

Limitations:
- uses a hardcoded DNS server IP on both client and server
- never expires request/response objects, so leaks memory and sockets
- works only with iptables, not with ipfw

main.py

@@ -54,6 +54,7 @@ sshuttle --hostwatch
 l,listen=  transproxy to this ip address and port number [127.0.0.1:0]
 H,auto-hosts scan for remote hostnames and update local /etc/hosts
 N,auto-nets  automatically determine subnets to route
+dns        capture local DNS requests and forward to the remote DNS server
 python=    path to python interpreter on the remote server [python]
 r,remote=  ssh hostname (and optional username) of remote sshuttle server
 x,exclude= exclude this subnet (can be used more than once)
@@ -82,9 +83,9 @@ try:
         server.latency_control = opt.latency_control
         sys.exit(server.main())
     elif opt.firewall:
-        if len(extra) != 1:
-            o.fatal('exactly one argument expected')
-        sys.exit(firewall.main(int(extra[0]), opt.syslog))
+        if len(extra) != 2:
+            o.fatal('exactly two arguments expected')
+        sys.exit(firewall.main(int(extra[0]), int(extra[1]), opt.syslog))
     elif opt.hostwatch:
         sys.exit(hostwatch.hw_main(extra))
     else:
@@ -111,6 +112,7 @@ try:
                              remotename,
                              opt.python,
                              opt.latency_control,
+                             opt.dns,
                              sh,
                              opt.auto_nets,
                              parse_subnets(includes),