### -*-sh-*-
###
-### Firewall configuration for metalzone
+### Firewall configuration for radius
###
### (c) 2008 Mark Wooding
###
m4_divert(44)m4_dnl
## Interface definitions.
-if_untrusted=eth0
+if_untrusted=eth1
if_trusted=eth0
if_vpn=eth0
if_iodine=eth0
-if_its_mz=its-mz
-if_its_pi=its-pi
+if_its_mz=eth0
+if_its_pi=eth0
m4_divert(-1)
###--------------------------------------------------------------------------
-### metalzone-specific rules.
+### radius-specific rules.
m4_divert(82)m4_dnl
## Externally visible services.
allowservices inbound tcp \
- finger ident \
- ssh \
- smtp submission \
- gnutella_svc \
- ftp ftp_data \
- rsync \
- imaps \
- http https \
- git
+ dns iodine \
+ ssh
allowservices inbound udp \
- tripe \
- gnutella_svc
+ dns iodine \
+ tripe
## Provide DNS resolution to local untrusted hosts.
for p in tcp udp; do
-p $p --destination-port $port_dns
done
+## Provide syslog for evolution.
+run iptables -A inbound -j ACCEPT \
+ -s 172.29.198.2 \
+ -p udp --destination-port $port_syslog
+
## Other interesting things.
dnsresolver inbound
ntpclient inbound 158.152.1.76 158.152.1.204 194.159.253.2