~mdw / firewall / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
local.m4: We don't have an untrusted network.
[firewall] / jaguar.m4
diff --git a/jaguar.m4 b/jaguar.m4
index 0a06ccb..0925d00 100644 (file)
--- a/jaguar.m4
+++ b/jaguar.m4
@@ -31,6 +31,16 @@ allowservices inbound tcp \
        ident \
        http https althttp0 althttp1
 
+## Allow Munin queries from HSTG and the distorted.org.uk mothership.
+clearchain munin
+ip46tables -A inbound -j munin -p tcp --dport $port_munin
+for i in 217.150.97.26 212.13.198.71 62.49.204.147; do
+  iptables -A munin -j ACCEPT -s $i
+done
+for i in 2001:470:1f09:1b98::3 2001:ba8:0:1d9::7; do
+  ip6tables -A munin -j ACCEPT -s $i
+done
+
 ## Other interesting things.
 dnsresolver inbound
 
Firewall scripts for distorted.org.uk.