config.m4: Stupid typo.

[firewall] / vampire.m4

diff --git a/vampire.m4 b/vampire.m4
index d25bf49..6dc3710 100644 (file)
--- a/vampire.m4
+++ b/vampire.m4
@@ -1,4 +1,4 @@
-### -*-m4-*-
+### -*-sh-*-
 ###
 ### Firewall configuration for vampire
 ###
@@ -43,12 +43,13 @@ allowservices inbound tcp \
        finger ident \
        dns iodine \
        ssh \
-       smtp \
+       smtp submission \
        gnutella_svc \
        ftp ftp_data \
        rsync \
+       imaps \
        disorder mpd \
-       http https \
+       http https squid \
        git \
        tor_public tor_directory i2p
 allowservices inbound udp \
@@ -64,16 +65,21 @@ for p in tcp udp; do
          -p $p --destination-port $port_dns
 done
 
+## Allow smb and nmb to untrusted hosts.  This is a bit experimental.
+run iptables -A inbound -j ACCEPT \
+       -s 172.29.198.0/24 \
+       -p udp -m multiport --destination-ports \
+               $port_netbios_ns,$port_netbios_dgm
+run iptables -A inbound -j ACCEPT \
+       -s 172.29.198.0/24 \
+       -p tcp -m multiport --destination-ports \
+               $port_netbios_ssn,$port_microsoft_ds
+
 ## Provide syslog for evolution.
 run iptables -A inbound -j ACCEPT \
        -s 172.29.198.2 \
        -p udp --destination-port $port_syslog
 
-## Provide a web cache to local untrusted hosts.
-run iptables -A inbound -j ACCEPT \
-       -s 172.29.198.0/24 \
-       -p tcp --destination-port $port_squid
-
 ## Watch outgoing Tor usage.
 run iptables -A OUTPUT -m multiport \
        -p tcp --source-ports $port_tor_public,$port_tor_directory