From: Mark Wooding <mdw@distorted.org.uk>
Date: Wed, 1 Apr 2015 18:38:19 +0000 (+0100)
Subject: jem.m4, vampire.m4: Cull some external services.
X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/commitdiff_plain/29a9e571a23dd5d66b30b67af207b53bf132bb4c?hp=15e9eeffacf76820fe2ba0176030ac2b5b6560ea

jem.m4, vampire.m4: Cull some external services.

jem never provided externally facing email.  vampire used to, but
doesn't any more.  It also doesn't provide a slew of other random
services.  Block them all.
---

diff --git a/jem.m4 b/jem.m4
index a1e9f92..4a9f9c6 100644
--- a/jem.m4
+++ b/jem.m4
@@ -36,7 +36,6 @@ iptables -A inbound -g sauce -m set --match-set sauce src || :
 allowservices inbound tcp \
 	ssh \
 	ident \
-	smtp submission \
 	imaps \
 	http https rsync \
 	git
diff --git a/vampire.m4 b/vampire.m4
index e016358..ed9bd9b 100644
--- a/vampire.m4
+++ b/vampire.m4
@@ -27,16 +27,8 @@
 m4_divert(86)m4_dnl
 ## Externally visible services.
 allowservices inbound tcp \
-	finger ident \
+	ident \
 	ssh \
-	smtp submission \
-	gnutella_svc \
-	ftp ftp_data \
-	rsync \
-	imaps \
-	disorder mpd \
-	http https squid \
-	git \
 	tor_public tor_directory i2p
 allowservices inbound udp \
 	tripe \