X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/a3972fea9c58e172fb2a1c1dc7362ec6a40fa4bd..bf63c594388914a69c14796d36f872d5e0fa4798:/artist.m4

diff --git a/artist.m4 b/artist.m4
index 19394ee..23195aa 100644
--- a/artist.m4
+++ b/artist.m4
@@ -22,46 +22,34 @@
 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
 ###--------------------------------------------------------------------------
-### Config settings.
-
-## This host isn't a router.
-setconf(forward, 0)
-
-###--------------------------------------------------------------------------
-### Network interfaces.
-
-m4_divert(44)m4_dnl
-## Interface definitions.
-if_untrusted=eth0
-if_trusted=eth0
-if_vpn=eth0
-if_iodine=eth0
-if_its_mz=eth0
-if_its_pi=eth0
-
-m4_divert(-1)
-###--------------------------------------------------------------------------
 ### artist-specific rules.
 
-m4_divert(82)m4_dnl
+m4_divert(86)m4_dnl
 ## Externally visible services.
 allowservices inbound tcp \
 	ssh \
+	ident \
 	ftp ftp_data \
 	http https \
+	disorder disorder2 \
 	tor_public tor_directory i2p
 allowservices inbound udp \
 	i2p
 
 ## Allow smb and nmb to untrusted hosts.
-run iptables -A inbound -j ACCEPT \
-	-s 172.29.198.0/24 \
+run ip46tables -A inbound-untrusted -j ACCEPT \
 	-p udp -m multiport --destination-ports \
-		$port_netbios_ns,$port_netbios_dgm
-run iptables -A inbound -j ACCEPT \
-	-s 172.29.198.0/24 \
-	-p tcp -m multiport --destination-ports \
-		$port_netbios_ssn,$port_microsoft_ds
+	$port_netbios_ns,$port_netbios_dgm
+
+## Open ports for Rygel.
+run iptables -A inbound -j ACCEPT -s 172.29.198.0/23 -p igmp
+run iptables -A inbound -j ACCEPT -s 172.29.198.0/23 \
+	-d 239.255.255.250 -p udp --destination-port 1900
+run iptables -A inbound -j ACCEPT -s 172.29.198.0/23 \
+	-p tcp --destination-port 9501
+
+## Other interesting things.
+dnsresolver inbound
 
 m4_divert(-1)
 ###----- That's all, folks --------------------------------------------------