local.m4, etc.: Establish `inbound-untrusted' chain and deploy.

[firewall] / artist.m4

diff --git a/artist.m4 b/artist.m4
index bc07708..23195aa 100644 (file)
--- a/artist.m4
+++ b/artist.m4
@@ -37,14 +37,9 @@ allowservices inbound udp \
        i2p
 
 ## Allow smb and nmb to untrusted hosts.
-run iptables -A inbound -j ACCEPT \
-       -s 172.29.198.0/24 \
+run ip46tables -A inbound-untrusted -j ACCEPT \
        -p udp -m multiport --destination-ports \
-               $port_netbios_ns,$port_netbios_dgm
-run iptables -A inbound -j ACCEPT \
-       -s 172.29.198.0/24 \
-       -p tcp -m multiport --destination-ports \
-               $port_netbios_ssn,$port_microsoft_ds
+       $port_netbios_ns,$port_netbios_dgm
 
 ## Open ports for Rygel.
 run iptables -A inbound -j ACCEPT -s 172.29.198.0/23 -p igmp