X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/43e20546eefaa0057685ac0b62ba33f97870e13d..2b5ca0033749741dbbe22eed9bc12b4f64199b0d:/local.m4

diff --git a/local.m4 b/local.m4
index 59ab342..aeda659 100644
--- a/local.m4
+++ b/local.m4
@@ -190,7 +190,7 @@ defhost groove
 
 defhost gibson
 	hosttype client
-	iface eth0 unsafe
+	iface eth0.5 unsafe
 
 ## Colocated networks.
 defnet jump trusted
@@ -225,8 +225,6 @@ defhost telecaster
 defhost stratocaster
 	iface eth0 jump colo
 	iface eth1 jump colo
-defhost jaguar
-	iface eth0 jump
 defhost jazz
 	hosttype router
 	iface eth0 jump colo vpn
@@ -362,7 +360,8 @@ run iptables -A inbound -j ACCEPT \
 	-p udp --source-port $port_bootpc --destination-port $port_bootps
 
 ## Allow incoming ping.  This is the only ICMP left.
-run ip46tables -A inbound -j ACCEPT -p icmp
+run iptables -A inbound -j ACCEPT -p icmp
+run ip6tables -A inbound -j ACCEPT -p icmpv6
 
 m4_divert(88)m4_dnl
 ## Allow unusual things.
@@ -370,6 +369,7 @@ openports inbound
 
 ## Inspect inbound packets from untrusted sources.
 run ip46tables -A inbound -j forbidden
+run ip46tables -A INPUT -m mark --mark $from_scary/$MASK_FROM -g inbound
 run ip46tables -A INPUT -m mark --mark $from_untrusted/$MASK_FROM -g inbound
 
 ## Allow responses from the scary outside world into the untrusted net, but