X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/f5a0901ed4205e4675ec69a138b958be512a3211..HEAD:/ibanez.m4

diff --git a/ibanez.m4 b/ibanez.m4
index 334ba03..0708ed6 100644
--- a/ibanez.m4
+++ b/ibanez.m4
@@ -29,17 +29,15 @@ m4_divert(86)m4_dnl
 allowservices inbound tcp \
 	ssh \
 	ident
+allowservices inbound udp \
+	udpkey
 
 ## We have to provide NTP service.  The guests sync to our clock.
 ntpclient inbound $ntp_servers
 
 ## Provide NTP service to untrusted clients.
-iptables -A inbound -p udp -j ACCEPT \
-	--source-port 123 --destination-port 123 \
-	-s 172.29.198.0/23
-ip6tables -A inbound -p udp -j ACCEPT \
-	--source-port 123 --destination-port 123 \
-	-s 2001:470:9740::/48
+run ip46tables -A inbound-untrusted -p udp -j ACCEPT \
+	--source-port 123 --destination-port 123
 
 m4_divert(-1)
 ###----- That's all, folks --------------------------------------------------