X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/65537cb338f7c80b284e11f765d9b3e2e1b78878..5e5950c5e929593b05740aa4173c93c50eac0110:/jazz.m4

diff --git a/jazz.m4 b/jazz.m4
index e011a34..af494e3 100644
--- a/jazz.m4
+++ b/jazz.m4
@@ -30,12 +30,33 @@ allowservices inbound tcp \
 	ssh \
 	ident \
 	http https \
+	pgp_keys \
 	tor_public tor_directory i2p
 allowservices inbound udp \
+	tripe \
 	i2p
 
 ## Other interesting things.
 dnsresolver inbound
+dnsserver inbound
+ip46tables -A inbound -p tcp -j ACCEPT \
+	-m mark --mark $from_noloop/$MASK_FROM \
+	--destination-port $port_privoxy
+
+## Temporary NAT for iodine tunnel.
+for i in PREROUTING OUTPUT POSTROUTING; do
+  run iptables -t nat -P $i ACCEPT 2>/dev/null || :
+  run iptables -t nat -F $i 2>/dev/null || :
+done
+run iptables -t nat -F
+run iptables -t nat -X
+
+iptables -t nat -N outbound
+run iptables -t nat -A outbound -j RETURN ! -i dns+
+run iptables -t nat -A outbound -j RETURN ! -s 172.29.198.128/28
+run iptables -t nat -A outbound -j RETURN -d 172.29.198.0/23
+run iptables -t nat -A outbound -j SNAT --to-source 212.13.198.77
+iptables -t nat -A POSTROUTING -j outbound
 
 m4_divert(-1)
 ###----- That's all, folks --------------------------------------------------