From 3dc88ddc002964ace632e757ee7161fa26715e0e Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Mon, 11 May 2015 15:16:48 +0100
Subject: [PATCH] local.m4: We don't have an untrusted network.

---
 local.m4 | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/local.m4 b/local.m4
index 37da67a..f0702c3 100644
--- a/local.m4
+++ b/local.m4
@@ -153,16 +153,6 @@ openports inbound
 run ip46tables -A inbound -j forbidden
 run ip46tables -A INPUT -m mark --mark $from_untrusted/$MASK_FROM -g inbound
 
-## Allow responses from the scary outside world into the untrusted net, but
-## don't let untrusted things run services.
-case $forward in
-  1)
-    run ip46tables -A FORWARD -j ACCEPT \
-	-m mark --mark $to_untrusted/$(( $MASK_FROM | $MASK_TO )) \
-	-m state --state ESTABLISHED,RELATED
-    ;;
-esac
-
 ## Otherwise process as indicated by the mark.
 for i in $inchains; do
   run ip46tables -A $i -m mark ! --mark 0/$MASK_MASK -j ACCEPT
-- 
2.11.0