From: Mark Wooding <mdw@distorted.org.uk>
Date: Sun, 14 Oct 2012 19:41:58 +0000 (+0100)
Subject: radius.m4: Allow external servers to contact the identd.
X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/commitdiff_plain/a92589b82be0e9123e7f782734ecee64c06fcf3d

radius.m4: Allow external servers to contact the identd.

Otherwise all requests for NATted connections will fail.
---

diff --git a/radius.m4 b/radius.m4
index 2d5f8aa..b8481bb 100644
--- a/radius.m4
+++ b/radius.m4
@@ -88,7 +88,10 @@ for p in ftp sip h323; do
   run modprobe nf_nat_$p
 done
 
-## Forbid anything complicated to the NAT address.
+## Forbid anything complicated to the NAT address.  Be sure to allow ident,
+## though.
+run iptables -A INPUT -d 62.49.204.158 -p tcp -j ACCEPT \
+	-m multiport --destination-ports=113
 run iptables -A INPUT -d 62.49.204.158 ! -p icmp -j REJECT
 
 m4_divert(-1)