vampire.m4: Forbid incoming traffic directly on the NAT address.

author Mark Wooding <mdw@distorted.org.uk>

Tue, 6 Mar 2012 10:36:47 +0000 (10:36 +0000)

committer Mark Wooding <mdw@distorted.org.uk>

Tue, 6 Mar 2012 10:36:47 +0000 (10:36 +0000)
author Mark Wooding <mdw@distorted.org.uk>
Tue, 6 Mar 2012 10:36:47 +0000 (10:36 +0000)
committer Mark Wooding <mdw@distorted.org.uk>
Tue, 6 Mar 2012 10:36:47 +0000 (10:36 +0000)
diff --git a/vampire.m4 b/vampire.m4

index 44eef03..9d8cdce 100644 (file)
--- a/vampire.m4
+++ b/vampire.m4
@@ -97,5 +97,8 @@ for p in ftp sip h323; do
    run modprobe nf_nat_$p
  done
  
+## Forbid anything complicated to the NAT address.
+run iptables -A INPUT -d 62.49.204.158 ! -p icmp -j REJECT
+
  m4_divert(-1)
  ###----- That's all, folks --------------------------------------------------
author	Mark Wooding <mdw@distorted.org.uk>
	Tue, 6 Mar 2012 10:36:47 +0000 (10:36 +0000)
committer	Mark Wooding <mdw@distorted.org.uk>
	Tue, 6 Mar 2012 10:36:47 +0000 (10:36 +0000)