## Externally visible services.
allowservices inbound tcp \
finger ident \
- dns iodine \
ssh \
smtp submission \
gnutella_svc \
git \
tor_public tor_directory i2p
allowservices inbound udp \
- dns iodine \
tripe \
gnutella_svc \
i2p
## Extend some services to local untrusted hosts.
clearchain inbound-untrusted
-run iptables -A inbound -j inbound-untrusted \
- -s 172.29.198.0/24
+run iptables -A inbound -j inbound-untrusted -s $net_inet_untrusted
+run ip6tables -A inbound -j inbound-untrusted -s $net_inet6_untrusted
allowservices inbound-untrusted tcp \
dns \
+ lpd \
netbios_ssn microsoft_ds
allowservices inbound-untrusted udp \
dns \
## Other interesting things.
dnsresolver inbound
+dnsserver inbound
ntpclient inbound $ntp_servers
m4_divert(-1)