X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/5ac64c9b750673e11f9a0f78be88d8658bc2e5e5:/metalzone.m4..a3972fea9c58e172fb2a1c1dc7362ec6a40fa4bd:/radius.m4

diff --git a/metalzone.m4 b/radius.m4
similarity index 85%
rename from metalzone.m4
rename to radius.m4
index 90c37dd..b97f481 100644
--- a/metalzone.m4
+++ b/radius.m4
@@ -1,6 +1,6 @@
 ### -*-sh-*-
 ###
-### Firewall configuration for metalzone
+### Firewall configuration for radius
 ###
 ### (c) 2008 Mark Wooding
 ###
@@ -26,32 +26,25 @@
 
 m4_divert(44)m4_dnl
 ## Interface definitions.
-if_untrusted=eth0
+if_untrusted=eth1
 if_trusted=eth0
 if_vpn=eth0
 if_iodine=eth0
-if_its_mz=its-mz
-if_its_pi=its-pi
+if_its_mz=eth0
+if_its_pi=eth0
 
 m4_divert(-1)
 ###--------------------------------------------------------------------------
-### metalzone-specific rules.
+### radius-specific rules.
 
 m4_divert(82)m4_dnl
 ## Externally visible services.
 allowservices inbound tcp \
-	finger ident \
-	ssh \
-	smtp submission \
-	gnutella_svc \
-	ftp ftp_data \
-	rsync \
-	imaps \
-	http https \
-	git
+	dns iodine \
+	ssh
 allowservices inbound udp \
-	tripe \
-	gnutella_svc
+	dns iodine \
+	tripe
 
 ## Provide DNS resolution to local untrusted hosts.
 for p in tcp udp; do
@@ -60,6 +53,11 @@ for p in tcp udp; do
 	  -p $p --destination-port $port_dns
 done
 
+## Provide syslog for evolution.
+run iptables -A inbound -j ACCEPT \
+	-s 172.29.198.2 \
+	-p udp --destination-port $port_syslog
+
 ## Other interesting things.
 dnsresolver inbound
 ntpclient inbound 158.152.1.76 158.152.1.204 194.159.253.2