X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/65537cb338f7c80b284e11f765d9b3e2e1b78878..1cdf89eeaf11631682c0066df12cf833d248028a:/precision.m4

diff --git a/precision.m4 b/precision.m4
index f5c07ac..2a07763 100644
--- a/precision.m4
+++ b/precision.m4
@@ -28,14 +28,25 @@ m4_divert(86)m4_dnl
 ## Externally visible services.
 allowservices inbound tcp \
 	ident \
-	dns \
 	ssh
 allowservices inbound udp \
-	dns \
 	tripe
 
 ## Other interesting things.
 dnsresolver inbound
+dnsserver inbound
+
+## Nefarious VPN NAT hack.
+for i in PREROUTING OUTPUT POSTROUTING; do
+  run iptables -t nat -P $i ACCEPT 2>/dev/null || :
+  run iptables -t nat -F $i 2>/dev/null || :
+done
+run iptables -t nat -F
+run iptables -t nat -X
+makeset vpn-nat hash:net family inet
+run iptables -t nat -A POSTROUTING -o eth0 \
+	-m set --match-set vpn-nat dst \
+	-j SNAT --to-source 212.13.198.70
 
 m4_divert(-1)
 ###----- That's all, folks --------------------------------------------------