From 65537cb338f7c80b284e11f765d9b3e2e1b78878 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Fri, 20 Apr 2012 21:57:24 +0100 Subject: [PATCH] Configuration for new colocated virtual servers. --- jazz.m4 | 41 +++++++++++++++++++++++++++++++++++++++++ local.mk | 4 ++++ precision.m4 | 41 +++++++++++++++++++++++++++++++++++++++++ stratocaster.m4 | 47 +++++++++++++++++++++++++++++++++++++++++++++++ telecaster.m4 | 41 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 174 insertions(+) create mode 100644 jazz.m4 create mode 100644 precision.m4 create mode 100644 stratocaster.m4 create mode 100644 telecaster.m4 diff --git a/jazz.m4 b/jazz.m4 new file mode 100644 index 0000000..e011a34 --- /dev/null +++ b/jazz.m4 @@ -0,0 +1,41 @@ +### -*-sh-*- +### +### Firewall configuration for jazz +### +### (c) 2008 Mark Wooding +### + +###----- Licensing notice --------------------------------------------------- +### +### This program is free software; you can redistribute it and/or modify +### it under the terms of the GNU General Public License as published by +### the Free Software Foundation; either version 2 of the License, or +### (at your option) any later version. +### +### This program is distributed in the hope that it will be useful, +### but WITHOUT ANY WARRANTY; without even the implied warranty of +### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +### GNU General Public License for more details. +### +### You should have received a copy of the GNU General Public License +### along with this program; if not, write to the Free Software Foundation, +### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +###-------------------------------------------------------------------------- +### jazz-specific rules. + +m4_divert(86)m4_dnl +## Externally visible services. +allowservices inbound tcp \ + ssh \ + ident \ + http https \ + tor_public tor_directory i2p +allowservices inbound udp \ + i2p + +## Other interesting things. +dnsresolver inbound + +m4_divert(-1) +###----- That's all, folks -------------------------------------------------- diff --git a/local.mk b/local.mk index e69fd29..0caff91 100644 --- a/local.mk +++ b/local.mk @@ -13,5 +13,9 @@ HOSTS += jem HOSTS += artist HOSTS += fender +HOSTS += precision +HOSTS += telecaster +HOSTS += stratocaster +HOSTS += jazz HOSTS += gibson diff --git a/precision.m4 b/precision.m4 new file mode 100644 index 0000000..f5c07ac --- /dev/null +++ b/precision.m4 @@ -0,0 +1,41 @@ +### -*-sh-*- +### +### Firewall configuration for precision +### +### (c) 2008 Mark Wooding +### + +###----- Licensing notice --------------------------------------------------- +### +### This program is free software; you can redistribute it and/or modify +### it under the terms of the GNU General Public License as published by +### the Free Software Foundation; either version 2 of the License, or +### (at your option) any later version. +### +### This program is distributed in the hope that it will be useful, +### but WITHOUT ANY WARRANTY; without even the implied warranty of +### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +### GNU General Public License for more details. +### +### You should have received a copy of the GNU General Public License +### along with this program; if not, write to the Free Software Foundation, +### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +###-------------------------------------------------------------------------- +### precision-specific rules. + +m4_divert(86)m4_dnl +## Externally visible services. +allowservices inbound tcp \ + ident \ + dns \ + ssh +allowservices inbound udp \ + dns \ + tripe + +## Other interesting things. +dnsresolver inbound + +m4_divert(-1) +###----- That's all, folks -------------------------------------------------- diff --git a/stratocaster.m4 b/stratocaster.m4 new file mode 100644 index 0000000..9ade7fb --- /dev/null +++ b/stratocaster.m4 @@ -0,0 +1,47 @@ +### -*-sh-*- +### +### Firewall configuration for stratocaster +### +### (c) 2008 Mark Wooding +### + +###----- Licensing notice --------------------------------------------------- +### +### This program is free software; you can redistribute it and/or modify +### it under the terms of the GNU General Public License as published by +### the Free Software Foundation; either version 2 of the License, or +### (at your option) any later version. +### +### This program is distributed in the hope that it will be useful, +### but WITHOUT ANY WARRANTY; without even the implied warranty of +### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +### GNU General Public License for more details. +### +### You should have received a copy of the GNU General Public License +### along with this program; if not, write to the Free Software Foundation, +### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +###-------------------------------------------------------------------------- +### stratocaster-specific rules. + +m4_divert(86)m4_dnl +## Set up the SAUCE sinbin. Unfortunately, ipset is a bit brittle. This +## isn't a completely critical part of the firewall security, so don't make +## this fail the entire script. +errorchain sauce REJECT +makeset sauce iphash || : +iptables -A inbound -g sauce -m set --match-set sauce src || : + +## Externally visible services. +allowservices inbound tcp \ + ssh \ + ident \ + smtp submission \ + http https \ + imaps + +## Other interesting things. +dnsresolver inbound + +m4_divert(-1) +###----- That's all, folks -------------------------------------------------- diff --git a/telecaster.m4 b/telecaster.m4 new file mode 100644 index 0000000..716e6b1 --- /dev/null +++ b/telecaster.m4 @@ -0,0 +1,41 @@ +### -*-sh-*- +### +### Firewall configuration for telecaster +### +### (c) 2008 Mark Wooding +### + +###----- Licensing notice --------------------------------------------------- +### +### This program is free software; you can redistribute it and/or modify +### it under the terms of the GNU General Public License as published by +### the Free Software Foundation; either version 2 of the License, or +### (at your option) any later version. +### +### This program is distributed in the hope that it will be useful, +### but WITHOUT ANY WARRANTY; without even the implied warranty of +### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +### GNU General Public License for more details. +### +### You should have received a copy of the GNU General Public License +### along with this program; if not, write to the Free Software Foundation, +### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +###-------------------------------------------------------------------------- +### telecaster-specific rules. + +m4_divert(86)m4_dnl +## Externally visible services. +allowservices inbound tcp \ + ssh \ + ident \ + ftp ftp_data \ + rsync \ + http https squid \ + git + +## Other interesting things. +dnsresolver inbound + +m4_divert(-1) +###----- That's all, folks -------------------------------------------------- -- 2.11.0