X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/e15ca5abc48bdc5647fc155d8ba45dcf1c62ac4d..926655b5205446b631fe68031081f56dcb2c8255:/vampire.m4

diff --git a/vampire.m4 b/vampire.m4
index ef823f0..b7bf1fa 100644
--- a/vampire.m4
+++ b/vampire.m4
@@ -29,6 +29,7 @@ m4_divert(44)m4_dnl
 if_untrusted=eth0.1
 if_trusted=eth0.0
 if_vpn=vpn-+
+if_iodine=dns+
 if_its_mz=eth0.0
 if_its_pi=eth0.0
 
@@ -36,34 +37,23 @@ m4_divert(-1)
 ###--------------------------------------------------------------------------
 ### vampire-specific rules.
 
-m4_divert(35)m4_dnl
-errorchain ddos-evil-dns DROP
-## Invalid DNS request with probably-forged sender address, with intent to
-## cause DDOS.
-
 m4_divert(82)m4_dnl
-## Repelling evil DDos attack.
-run ipset -N ddos-evil-dns iphash 2>/dev/null || :
-run iptables -A inbound -g ddos-evil-dns \
-	-m set --set ddos-evil-dns src \
-	-p udp --destination-port $port_dns
-
 ## Externally visible services.
 allowservices inbound tcp \
 	finger ident \
-	dns \
+	dns iodine \
 	ssh \
 	smtp \
 	gnutella_svc \
 	ftp ftp_data \
 	rsync \
-	disorder \
+	disorder mpd \
 	http https \
 	git	
 allowservices inbound tcp \
 	tor_public tor_directory
 allowservices inbound udp \
-	dns \
+	dns iodine \
 	tripe \
 	gnutella_svc