stratocaster.m4: Permit incoming finger.

[firewall] / local.m4

diff --git a/local.m4 b/local.m4
index 78e63d4..ab8249f 100644 (file)
--- a/local.m4
+++ b/local.m4
@@ -90,7 +90,7 @@ m4_divert(-1)
 ## top nibble of the network number classifies the network, as follows.
 ##
 ## 8xxx                Untrusted
-## 6xxx                Virtual
+## 6xxx                Virtual, safe
 ## 4xxx                Safe
 ## 0xxx                Unsafe, trusted
 ##
@@ -222,6 +222,8 @@ defhost telecaster
 defhost stratocaster
        iface eth0 jump colo
        iface eth1 jump colo
+defhost jaguar
+       iface eth0 jump
 defhost jazz
        hosttype router
        iface eth0 jump colo vpn
@@ -241,9 +243,9 @@ defnet sgo noloop
 defnet vpn safe
        addr 172.29.199.128/27 2001:ba8:1d9:6000::/64
        via househub colohub
-       host crybaby 1
-       host terror 2
-       host orange 3
+       host crybaby 1 ::1:1
+       host terror 2 ::2:1
+       host orange 3 ::3:1
 defnet anycast trusted
        addr 172.29.199.224/27 2001:ba8:1d9:0::/64
        via dmz unsafe safe untrusted jump colo vpn
@@ -265,6 +267,14 @@ defhost mango
 
 m4_divert(80)m4_dnl
 ###--------------------------------------------------------------------------
+### Connection tracking helper modules.
+
+for i in ftp; do
+  modprobe nf_conntrack_$i
+done
+
+m4_divert(80)m4_dnl
+###--------------------------------------------------------------------------
 ### Special forwarding exemptions.
 
 case $forward in