local.m4: Inbound restriction on untrusted is no longer experimental.

author Mark Wooding <mdw@distorted.org.uk>

Tue, 24 Feb 2015 22:16:32 +0000 (22:16 +0000)

committer Mark Wooding <mdw@distorted.org.uk>

Tue, 24 Feb 2015 22:16:32 +0000 (22:16 +0000)
author Mark Wooding <mdw@distorted.org.uk>
Tue, 24 Feb 2015 22:16:32 +0000 (22:16 +0000)
committer Mark Wooding <mdw@distorted.org.uk>
Tue, 24 Feb 2015 22:16:32 +0000 (22:16 +0000)
diff --git a/local.m4 b/local.m4

index b5cee43..59ab342 100644 (file)
--- a/local.m4
+++ b/local.m4
@@ -373,7 +373,7 @@ run ip46tables -A inbound -j forbidden
  run ip46tables -A INPUT -m mark --mark $from_untrusted/$MASK_FROM -g inbound
  
  ## Allow responses from the scary outside world into the untrusted net, but
  run ip46tables -A INPUT -m mark --mark $from_untrusted/$MASK_FROM -g inbound
  
  ## Allow responses from the scary outside world into the untrusted net, but
-## don't let untrusted things run services.  [EXPERIMENTAL]
+## don't let untrusted things run services.
  case $forward in
    1)
      run ip46tables -A FORWARD -j ACCEPT \
  case $forward in
    1)
      run ip46tables -A FORWARD -j ACCEPT \
author	Mark Wooding <mdw@distorted.org.uk>
	Tue, 24 Feb 2015 22:16:32 +0000 (22:16 +0000)
committer	Mark Wooding <mdw@distorted.org.uk>
	Tue, 24 Feb 2015 22:16:32 +0000 (22:16 +0000)