~mdw / firewall / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fender: New host, with basic firewall.
[firewall] / artist.m4
diff --git a/artist.m4 b/artist.m4
index 19394ee..1f97e73 100644 (file)
--- a/artist.m4
+++ b/artist.m4
@@ -27,17 +27,23 @@
 ## This host isn't a router.
 setconf(forward, 0)
 
+## This host is involved in a routing asymmetry.
+setconf(rp_filter, 0)
+setconf(log_martians, 0)
+
 ###--------------------------------------------------------------------------
 ### Network interfaces.
 
 m4_divert(44)m4_dnl
 ## Interface definitions.
-if_untrusted=eth0
-if_trusted=eth0
-if_vpn=eth0
-if_iodine=eth0
-if_its_mz=eth0
-if_its_pi=eth0
+if_dmz=eth0
+if_trusted=eth1
+if_safe=$if_dmz,$if_trusted
+if_untrusted=$if_dmz,$if_trusted
+if_vpn=$if_dmz,$if_trusted
+if_iodine=$if_dmz,$if_trusted
+if_its_mz=$if_dmz,$if_trusted
+if_its_pi=$if_dmz,$if_trusted
 
 m4_divert(-1)
 ###--------------------------------------------------------------------------
@@ -47,6 +53,7 @@ m4_divert(82)m4_dnl
 ## Externally visible services.
 allowservices inbound tcp \
        ssh \
+       ident \
        ftp ftp_data \
        http https \
        tor_public tor_directory i2p
Firewall scripts for distorted.org.uk.