###--------------------------------------------------------------------------
### artist-specific rules.
-m4_divert(84)m4_dnl
+m4_divert(86)m4_dnl
## Externally visible services.
allowservices inbound tcp \
ssh \
###--------------------------------------------------------------------------
### fender-specific rules.
-m4_divert(82)m4_dnl
+m4_divert(86)m4_dnl
## Externally visible services.
allowservices inbound tcp \
ssh \
###--------------------------------------------------------------------------
### gibson-specific rules.
-m4_divert(84)m4_dnl
+m4_divert(86)m4_dnl
## Externally visible services.
allowservices inbound tcp \
ssh \
###--------------------------------------------------------------------------
### ibanez-specific rules.
-m4_divert(84)m4_dnl
+m4_divert(86)m4_dnl
## Externally visible services.
allowservices inbound tcp \
ssh \
###--------------------------------------------------------------------------
### jem-specific rules.
-m4_divert(84)m4_dnl
+m4_divert(86)m4_dnl
## Set up the SAUCE sinbin. Unfortunately, ipset is a bit brittle. This
## isn't a completely critical part of the firewall security, so don't make
## this fail the entire script.
iface vpn-+ vpn
iface vpn-precision colobdry vpn
defhost ibanez
- iface br-dmz dmz
+ iface br-dmz dmz unsafe
iface br-unsafe unsafe
defhost gibson
###--------------------------------------------------------------------------
### radius-specific rules.
-m4_divert(84)m4_dnl
+m4_divert(86)m4_dnl
## Externally visible services.
allowservices inbound tcp \
ident \
###--------------------------------------------------------------------------
### roadstar-specific rules.
-m4_divert(84)m4_dnl
+m4_divert(86)m4_dnl
## Externally visible services.
allowservices inbound tcp \
ssh \