Host changeover.

[firewall] / radius.m4

diff --git a/metalzone.m4 b/radius.m4
similarity index 85%
rename from metalzone.m4
rename to radius.m4
index 90c37dd..b97f481 100644 (file)
--- a/metalzone.m4
+++ b/radius.m4
@@ -1,6 +1,6 @@
 ### -*-sh-*-
 ###
-### Firewall configuration for metalzone
+### Firewall configuration for radius
 ###
 ### (c) 2008 Mark Wooding
 ###
@@ -26,32 +26,25 @@
 
 m4_divert(44)m4_dnl
 ## Interface definitions.
-if_untrusted=eth0
+if_untrusted=eth1
 if_trusted=eth0
 if_vpn=eth0
 if_iodine=eth0
-if_its_mz=its-mz
-if_its_pi=its-pi
+if_its_mz=eth0
+if_its_pi=eth0
 
 m4_divert(-1)
 ###--------------------------------------------------------------------------
-### metalzone-specific rules.
+### radius-specific rules.
 
 m4_divert(82)m4_dnl
 ## Externally visible services.
 allowservices inbound tcp \
-       finger ident \
-       ssh \
-       smtp submission \
-       gnutella_svc \
-       ftp ftp_data \
-       rsync \
-       imaps \
-       http https \
-       git
+       dns iodine \
+       ssh
 allowservices inbound udp \
-       tripe \
-       gnutella_svc
+       dns iodine \
+       tripe
 
 ## Provide DNS resolution to local untrusted hosts.
 for p in tcp udp; do
@@ -60,6 +53,11 @@ for p in tcp udp; do
          -p $p --destination-port $port_dns
 done
 
+## Provide syslog for evolution.
+run iptables -A inbound -j ACCEPT \
+       -s 172.29.198.2 \
+       -p udp --destination-port $port_syslog
+
 ## Other interesting things.
 dnsresolver inbound
 ntpclient inbound 158.152.1.76 158.152.1.204 194.159.253.2