~mdw
/
firewall
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Host changeover.
[firewall]
/
radius.m4
diff --git
a/metalzone.m4
b/radius.m4
similarity index 85%
rename from
metalzone.m4
rename to
radius.m4
index
90c37dd
..
b97f481
100644
(file)
--- a/
metalzone.m4
+++ b/
radius.m4
@@
-1,6
+1,6
@@
### -*-sh-*-
###
### -*-sh-*-
###
-### Firewall configuration for
metalzone
+### Firewall configuration for
radius
###
### (c) 2008 Mark Wooding
###
###
### (c) 2008 Mark Wooding
###
@@
-26,32
+26,25
@@
m4_divert(44)m4_dnl
## Interface definitions.
m4_divert(44)m4_dnl
## Interface definitions.
-if_untrusted=eth
0
+if_untrusted=eth
1
if_trusted=eth0
if_vpn=eth0
if_iodine=eth0
if_trusted=eth0
if_vpn=eth0
if_iodine=eth0
-if_its_mz=
its-mz
-if_its_pi=
its-pi
+if_its_mz=
eth0
+if_its_pi=
eth0
m4_divert(-1)
###--------------------------------------------------------------------------
m4_divert(-1)
###--------------------------------------------------------------------------
-###
metalzone
-specific rules.
+###
radius
-specific rules.
m4_divert(82)m4_dnl
## Externally visible services.
allowservices inbound tcp \
m4_divert(82)m4_dnl
## Externally visible services.
allowservices inbound tcp \
- finger ident \
- ssh \
- smtp submission \
- gnutella_svc \
- ftp ftp_data \
- rsync \
- imaps \
- http https \
- git
+ dns iodine \
+ ssh
allowservices inbound udp \
allowservices inbound udp \
-
trip
e \
- gnutella_svc
+
dns iodin
e \
+ tripe
## Provide DNS resolution to local untrusted hosts.
for p in tcp udp; do
## Provide DNS resolution to local untrusted hosts.
for p in tcp udp; do
@@
-60,6
+53,11
@@
for p in tcp udp; do
-p $p --destination-port $port_dns
done
-p $p --destination-port $port_dns
done
+## Provide syslog for evolution.
+run iptables -A inbound -j ACCEPT \
+ -s 172.29.198.2 \
+ -p udp --destination-port $port_syslog
+
## Other interesting things.
dnsresolver inbound
ntpclient inbound 158.152.1.76 158.152.1.204 194.159.253.2
## Other interesting things.
dnsresolver inbound
ntpclient inbound 158.152.1.76 158.152.1.204 194.159.253.2