~mdw
/
firewall
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Overhaul address classification.
[firewall]
/
gibson.m4
diff --git
a/gibson.m4
b/gibson.m4
index
c49c36a
..
5c82c41
100644
(file)
--- a/
gibson.m4
+++ b/
gibson.m4
@@
-28,25
+28,21
@@
setconf(forward, 0)
###--------------------------------------------------------------------------
setconf(forward, 0)
###--------------------------------------------------------------------------
-### Network interfaces.
-
-m4_divert(44)m4_dnl
-## Interface definitions.
-if_untrusted=eth0
-if_trusted=eth0
-if_vpn=eth0
-if_iodine=eth0
-if_its_mz=eth0
-if_its_pi=eth0
-
-m4_divert(-1)
-###--------------------------------------------------------------------------
### gibson-specific rules.
### gibson-specific rules.
-m4_divert(8
2
)m4_dnl
+m4_divert(8
4
)m4_dnl
## Externally visible services.
allowservices inbound tcp \
## Externally visible services.
allowservices inbound tcp \
- ssh
+ ssh \
+ ident \
+ h323
+allowservices inbound udp \
+ siplo:siphi
+
+## IMPI client hacking.
+run ip46tables -A inbound -j ACCEPT \
+ -m state --state ESTABLISHED \
+ -p udp --source-port $port_ipmi
m4_divert(-1)
###----- That's all, folks --------------------------------------------------
m4_divert(-1)
###----- That's all, folks --------------------------------------------------