From: Mark Wooding Date: Sat, 11 Feb 2012 19:22:05 +0000 (+0000) Subject: fender: New host, with basic firewall. X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/commitdiff_plain/b5aae78272ca6d750b101ab73e7907e63d10c9ee fender: New host, with basic firewall. Eventually fender will live elsewhere and have totally different routing. For now, though, this will do. --- diff --git a/fender.m4 b/fender.m4 new file mode 100644 index 0000000..ea0fb32 --- /dev/null +++ b/fender.m4 @@ -0,0 +1,62 @@ +### -*-sh-*- +### +### Firewall configuration for fender actual +### +### (c) 2008 Mark Wooding +### + +###----- Licensing notice --------------------------------------------------- +### +### This program is free software; you can redistribute it and/or modify +### it under the terms of the GNU General Public License as published by +### the Free Software Foundation; either version 2 of the License, or +### (at your option) any later version. +### +### This program is distributed in the hope that it will be useful, +### but WITHOUT ANY WARRANTY; without even the implied warranty of +### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +### GNU General Public License for more details. +### +### You should have received a copy of the GNU General Public License +### along with this program; if not, write to the Free Software Foundation, +### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +###-------------------------------------------------------------------------- +### Config settings. + +## This host isn't a router. +setconf(forward, 0) + +## This host is involved in a routing asymmetry. +setconf(rp_filter, 0) +setconf(log_martians, 0) + +###-------------------------------------------------------------------------- +### Network interfaces. + +m4_divert(44)m4_dnl +## Interface definitions. +if_untrusted=eth0 +if_dmz=$if_untrusted +if_safe=$if_dmz +if_trusted=$if_dmz +if_vpn=$if_dmz +if_iodine=$if_dmz +if_its_mz=$if_dmz +if_its_pi=$if_dmz + +m4_divert(-1) +###-------------------------------------------------------------------------- +### fender-specific rules. + +m4_divert(82)m4_dnl +## Externally visible services. +allowservices inbound tcp \ + ssh \ + ident + +## We have to provide NTP service. The guests sync to our clock. +ntpclient inbound $ntp_servers + +m4_divert(-1) +###----- That's all, folks -------------------------------------------------- diff --git a/local.mk b/local.mk index d272914..e69fd29 100644 --- a/local.mk +++ b/local.mk @@ -12,4 +12,6 @@ HOSTS += roadstar HOSTS += jem HOSTS += artist +HOSTS += fender + HOSTS += gibson