From: Mark Wooding Date: Sun, 13 Jan 2013 20:48:53 +0000 (+0000) Subject: New host `orange'. X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/commitdiff_plain/6fd217ae2465d315d507e1a58a53d4afa53bde25?ds=sidebyside New host `orange'. --- diff --git a/functions.m4 b/functions.m4 index f75d16e..ebc1661 100644 --- a/functions.m4 +++ b/functions.m4 @@ -130,7 +130,7 @@ errorchain () { clearchain $table:$chain run ip46tables -t $table -A $chain -j LOG \ -m limit --limit 3/minute --limit-burst 10 \ - --log-prefix "fw: $chain " --log-level notice + --log-prefix "fw: $chain " --log-level notice || : run ip46tables -t $table -A $chain -j "$@" \ -m limit --limit 20/second --limit-burst 100 run ip46tables -t $table -A $chain -j DROP diff --git a/local.m4 b/local.m4 index 128d645..ed99b00 100644 --- a/local.m4 +++ b/local.m4 @@ -179,6 +179,9 @@ defhost vampire defhost ibanez iface br-dmz dmz unsafe iface br-unsafe unsafe +defhost orange + iface wlan0 untrusted + iface vpn-radius unsafe defhost gibson hosttype client @@ -238,6 +241,7 @@ defnet vpn safe forwards househub colohub host crybaby 1 host terror 2 + host orange 3 defnet anycast trusted addr 172.29.199.224/27 2001:ba8:1d9:0::/64 forwards dmz unsafe safe untrusted jump colo vpn diff --git a/local.mk b/local.mk index 0caff91..f02bb6d 100644 --- a/local.mk +++ b/local.mk @@ -6,6 +6,8 @@ MAIN_M4_SOURCES += local.m4 ## The avaiable hosts. HOSTS += vampire +HOSTS += orange + HOSTS += ibanez HOSTS += radius HOSTS += roadstar diff --git a/orange.m4 b/orange.m4 new file mode 100644 index 0000000..719dff0 --- /dev/null +++ b/orange.m4 @@ -0,0 +1,41 @@ +### -*-sh-*- +### +### Firewall configuration for orange +### +### (c) 2008 Mark Wooding +### + +###----- Licensing notice --------------------------------------------------- +### +### This program is free software; you can redistribute it and/or modify +### it under the terms of the GNU General Public License as published by +### the Free Software Foundation; either version 2 of the License, or +### (at your option) any later version. +### +### This program is distributed in the hope that it will be useful, +### but WITHOUT ANY WARRANTY; without even the implied warranty of +### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +### GNU General Public License for more details. +### +### You should have received a copy of the GNU General Public License +### along with this program; if not, write to the Free Software Foundation, +### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +###-------------------------------------------------------------------------- +### orange-specific rules. + +m4_divert(86)m4_dnl +## Externally visible services. +allowservices inbound tcp \ + ssh \ + ident \ + http https \ + disorder +allowservices inbound udp \ + tripe + +## Other interesting things. +dnsresolver inbound + +m4_divert(-1) +###----- That's all, folks --------------------------------------------------