~mdw / firewall / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
local.m4: Refactor common SSH permission between safe/untrusted hosts.
[firewall] / local.m4
diff --git a/local.m4 b/local.m4
index 9dfc464..d57b53d 100644 (file)
--- a/local.m4
+++ b/local.m4
@@ -200,17 +200,10 @@ case $forward in
            -m state --state ESTABLISHED
 
     ## Allow SSH from safe/noloop to untrusted networks.
-    run iptables -A fwd-spec-nofrag -j ACCEPT \
+    run ip46tables -A fwd-spec-nofrag -j ACCEPT \
            -p tcp --destination-port $port_ssh \
            -m mark --mark $to_untrusted/$MASK_TO
-    run iptables -A fwd-spec-nofrag -j ACCEPT \
-           -p tcp --source-port $port_ssh \
-           -m mark --mark $from_untrusted/$MASK_FROM \
-           -m state --state ESTABLISHED
-    run ip6tables -A fwd-spec-nofrag -j ACCEPT \
-           -p tcp --destination-port $port_ssh \
-           -m mark --mark $to_untrusted/$MASK_TO
-    run ip6tables -A fwd-spec-nofrag -j ACCEPT \
+    run ip46tables -A fwd-spec-nofrag -j ACCEPT \
            -p tcp --source-port $port_ssh \
            -m mark --mark $from_untrusted/$MASK_FROM \
            -m state --state ESTABLISHED
Firewall scripts for distorted.org.uk.