* 'master' of metalzone:public-git/firewall:
functions.m4, local.m4: Handle fragments in a useful way.
classify.m4: Correct summary line at the top.
vampire.m4: Remove the magical DNS DDoS hack.
safe:172.29.199.64/27 \
untrusted:default
defiface $if_untrusted \
- untrusted:172.29.198.0/24
+ untrusted:172.29.198.0/25
defvpn $if_vpn safe 172.29.199.128/27 \
crybaby:172.29.199.129
+defiface $if_iodine untrusted:172.29.198.128/28
defiface $if_its_mz safe:172.29.199.160/30
defiface $if_its_pi safe:192.168.0.0/24
if_untrusted=eth0
if_trusted=eth0
if_vpn=eth0
+if_iodine=eth0
if_its_mz=its-mz
if_its_pi=its-pi
defport rsync 873
defport squid 3128
defport tripe 4070
+defport iodine 5353
defport postgresql 5432
defport gnutella_svc 6346
+defport mpd 6600
defport tor_public 9001
defport tor_directory 9030
defport git 9418
+defport disorder 23599
m4_divert(-1)
###----- That's all, folks --------------------------------------------------
if_untrusted=eth0.1
if_trusted=eth0.0
if_vpn=vpn-+
+if_iodine=dns+
if_its_mz=eth0.0
if_its_pi=eth0.0
## Externally visible services.
allowservices inbound tcp \
finger ident \
- dns \
+ dns iodine \
ssh \
smtp \
gnutella_svc \
ftp ftp_data \
rsync \
+ disorder \
http https \
git
allowservices inbound tcp \
tor_public tor_directory
allowservices inbound udp \
- dns \
+ dns iodine \
tripe \
gnutella_svc
~mdw / firewall / commitdiff