From: Mark Wooding Date: Wed, 7 Mar 2012 03:06:39 +0000 (+0000) Subject: Merge branch 'master' into emergency X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/commitdiff_plain/3e47a702519350809a38400b03b79d37abbc4d13?hp=83495f9a91a4e0f15aa16d51401a188a88fea249 Merge branch 'master' into emergency * master: Move per-host filtering to diversion 86 as promised. local.m4: Add `unsafe' to ibanez `br-dmz' interface. --- diff --git a/artist.m4 b/artist.m4 index a04cc9c..013949d 100644 --- a/artist.m4 +++ b/artist.m4 @@ -24,7 +24,7 @@ ###-------------------------------------------------------------------------- ### artist-specific rules. -m4_divert(84)m4_dnl +m4_divert(86)m4_dnl ## Externally visible services. allowservices inbound tcp \ ssh \ diff --git a/fender.m4 b/fender.m4 index 05354bd..a6c7362 100644 --- a/fender.m4 +++ b/fender.m4 @@ -24,7 +24,7 @@ ###-------------------------------------------------------------------------- ### fender-specific rules. -m4_divert(82)m4_dnl +m4_divert(86)m4_dnl ## Externally visible services. allowservices inbound tcp \ ssh \ diff --git a/gibson.m4 b/gibson.m4 index 4416aee..75b4607 100644 --- a/gibson.m4 +++ b/gibson.m4 @@ -24,7 +24,7 @@ ###-------------------------------------------------------------------------- ### gibson-specific rules. -m4_divert(84)m4_dnl +m4_divert(86)m4_dnl ## Externally visible services. allowservices inbound tcp \ ssh \ diff --git a/ibanez.m4 b/ibanez.m4 index 93a816e..6769b05 100644 --- a/ibanez.m4 +++ b/ibanez.m4 @@ -24,7 +24,7 @@ ###-------------------------------------------------------------------------- ### ibanez-specific rules. -m4_divert(84)m4_dnl +m4_divert(86)m4_dnl ## Externally visible services. allowservices inbound tcp \ ssh \ diff --git a/jem.m4 b/jem.m4 index 7db1ce5..fc79e10 100644 --- a/jem.m4 +++ b/jem.m4 @@ -24,7 +24,7 @@ ###-------------------------------------------------------------------------- ### jem-specific rules. -m4_divert(84)m4_dnl +m4_divert(86)m4_dnl ## Set up the SAUCE sinbin. Unfortunately, ipset is a bit brittle. This ## isn't a completely critical part of the firewall security, so don't make ## this fail the entire script. diff --git a/local.m4 b/local.m4 index 0a1617f..2d9cacb 100644 --- a/local.m4 +++ b/local.m4 @@ -97,7 +97,7 @@ defhost vampire iface vpn-+ vpn iface vpn-precision colobdry vpn defhost ibanez - iface br-dmz dmz + iface br-dmz dmz unsafe iface br-unsafe unsafe defhost gibson diff --git a/radius.m4 b/radius.m4 index e543878..978a877 100644 --- a/radius.m4 +++ b/radius.m4 @@ -24,7 +24,7 @@ ###-------------------------------------------------------------------------- ### radius-specific rules. -m4_divert(84)m4_dnl +m4_divert(86)m4_dnl ## Externally visible services. allowservices inbound tcp \ ident \ diff --git a/roadstar.m4 b/roadstar.m4 index 4947a80..cbbd8e6 100644 --- a/roadstar.m4 +++ b/roadstar.m4 @@ -24,7 +24,7 @@ ###-------------------------------------------------------------------------- ### roadstar-specific rules. -m4_divert(84)m4_dnl +m4_divert(86)m4_dnl ## Externally visible services. allowservices inbound tcp \ ssh \