~mdw / firewall / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
local.m4: Promote the NTP server configuration to a proper variable.
[firewall] / jem.m4
diff --git a/jem.m4 b/jem.m4
index 26f1398..1f74d59 100644 (file)
--- a/jem.m4
+++ b/jem.m4
@@ -34,7 +34,7 @@ setconf(log_martians, 0)
 ###--------------------------------------------------------------------------
 ### Network interfaces.
 
-m4_divert(44)m4_dnl
+m4_divert(28)m4_dnl
 ## Interface definitions.
 if_dmz=eth0
 if_trusted=eth1
@@ -49,7 +49,14 @@ m4_divert(-1)
 ###--------------------------------------------------------------------------
 ### jem-specific rules.
 
-m4_divert(82)m4_dnl
+m4_divert(84)m4_dnl
+## Set up the SAUCE sinbin.  Unfortunately, ipset is a bit brittle.  This
+## isn't a completely critical part of the firewall security, so don't make
+## this fail the entire script.
+errorchain sauce REJECT
+makeset sauce iphash || :
+iptables -A inbound -g sauce -m set --match-set sauce src || :
+
 ## Externally visible services.
 allowservices inbound tcp \
        ssh \
Firewall scripts for distorted.org.uk.