~mdw / firewall / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
vampire.m4: Forbid incoming traffic directly on the NAT address.
[firewall] / vampire.m4
diff --git a/vampire.m4 b/vampire.m4
index 44eef03..9d8cdce 100644 (file)
--- a/vampire.m4
+++ b/vampire.m4
@@ -97,5 +97,8 @@ for p in ftp sip h323; do
   run modprobe nf_nat_$p
 done
 
+## Forbid anything complicated to the NAT address.
+run iptables -A INPUT -d 62.49.204.158 ! -p icmp -j REJECT
+
 m4_divert(-1)
 ###----- That's all, folks --------------------------------------------------
Firewall scripts for distorted.org.uk.