~mdw / firewall / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
local.m4: We don't have an untrusted network.
[firewall] / jaguar.m4
diff --git a/jaguar.m4 b/jaguar.m4
index f37debe..0925d00 100644 (file)
--- a/jaguar.m4
+++ b/jaguar.m4
@@ -29,7 +29,17 @@ m4_divert(86)m4_dnl
 allowservices inbound tcp \
        ssh \
        ident \
-       http https
+       http https althttp0 althttp1
+
+## Allow Munin queries from HSTG and the distorted.org.uk mothership.
+clearchain munin
+ip46tables -A inbound -j munin -p tcp --dport $port_munin
+for i in 217.150.97.26 212.13.198.71 62.49.204.147; do
+  iptables -A munin -j ACCEPT -s $i
+done
+for i in 2001:470:1f09:1b98::3 2001:ba8:0:1d9::7; do
+  ip6tables -A munin -j ACCEPT -s $i
+done
 
 ## Other interesting things.
 dnsresolver inbound
Firewall scripts for distorted.org.uk.