-### -*-m4-*-
+### -*-sh-*-
###
### Firewall configuration for vampire
###
finger ident \
dns iodine \
ssh \
- smtp \
+ smtp submission \
gnutella_svc \
ftp ftp_data \
rsync \
+ imaps \
disorder mpd \
- http https \
+ http https squid \
git \
tor_public tor_directory i2p
allowservices inbound udp \
-p $p --destination-port $port_dns
done
+## Allow smb and nmb to untrusted hosts. This is a bit experimental.
+run iptables -A inbound -j ACCEPT \
+ -s 172.29.198.0/24 \
+ -p udp -m multiport --destination-ports \
+ $port_netbios_ns,$port_netbios_dgm
+run iptables -A inbound -j ACCEPT \
+ -s 172.29.198.0/24 \
+ -p tcp -m multiport --destination-ports \
+ $port_netbios_ssn,$port_microsoft_ds
+
## Provide syslog for evolution.
run iptables -A inbound -j ACCEPT \
-s 172.29.198.2 \
-p udp --destination-port $port_syslog
-## Provide a web cache to local untrusted hosts.
-run iptables -A inbound -j ACCEPT \
- -s 172.29.198.0/24 \
- -p tcp --destination-port $port_squid
-
## Watch outgoing Tor usage.
run iptables -A OUTPUT -m multiport \
-p tcp --source-ports $port_tor_public,$port_tor_directory