chiark / gitweb /
~mdw / firewall / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e15ca5a)
Add iodine support..
authorMark Wooding <mdw@distorted.org.uk>
Sat, 17 Apr 2010 15:35:24 +0000 (16:35 +0100)
committerMark Wooding <mdw@distorted.org.uk>
Sat, 17 Apr 2010 15:35:24 +0000 (16:35 +0100)
This introduces a new section of the network which needs to be dealt
with properly.  The externally facing DNS server is actually the iodine
daemon, which listens on 5353 and is mapped from 53 by guvnor.  It
proxies requests outside io.distorted.org.uk on to the usual server
listening on port 53.

local.m4 patch | blob | blame | history
metalzone.m4 patch | blob | blame | history
numbers.m4 patch | blob | blame | history
vampire.m4 patch | blob | blame | history

diff --git a/local.m4 b/local.m4
index 56c22538fd3b1d85a980f5faf57303a19aa03905..52dc94ce13d0a1fe1b234672f95cce10fc65ffe7 100644 (file)
--- a/local.m4
+++ b/local.m4
@@ -43,9 +43,10 @@ defiface $if_trusted \
        safe:172.29.199.64/27 \
        untrusted:default
 defiface $if_untrusted \
-       untrusted:172.29.198.0/24
+       untrusted:172.29.198.0/25
 defvpn $if_vpn safe 172.29.199.128/27 \
        crybaby:172.29.199.129
+defiface $if_iodine untrusted:172.29.198.128/28
 defiface $if_its_mz safe:172.29.199.160/30
 defiface $if_its_pi safe:192.168.0.0/24
 
diff --git a/metalzone.m4 b/metalzone.m4
index 62804c62ba40277eae1c21c54a1638493125e6c6..eb4dd2bf27bd26050f561e4d886403dceb93a7f6 100644 (file)
--- a/metalzone.m4
+++ b/metalzone.m4
@@ -29,6 +29,7 @@ m4_divert(44)m4_dnl
 if_untrusted=eth0
 if_trusted=eth0
 if_vpn=eth0
+if_iodine=eth0
 if_its_mz=its-mz
 if_its_pi=its-pi
 
diff --git a/numbers.m4 b/numbers.m4
index 460a53575d6c812a11076c8286279c280105703b..9596c96d273913dc7074bd6f7e02bc236b61fd0c 100644 (file)
--- a/numbers.m4
+++ b/numbers.m4
@@ -40,6 +40,7 @@ defport syslog 514                    # UDP only!
 defport rsync 873
 defport squid 3128
 defport tripe 4070
+defport iodine 5353
 defport postgresql 5432
 defport gnutella_svc 6346
 defport mpd 6600
diff --git a/vampire.m4 b/vampire.m4
index ef823f0554b0a5107f45c65220702d1e3cc347bb..e5ab346c1f6f1fb68ef0ad7311c9926c0955dde0 100644 (file)
--- a/vampire.m4
+++ b/vampire.m4
@@ -29,6 +29,7 @@ m4_divert(44)m4_dnl
 if_untrusted=eth0.1
 if_trusted=eth0.0
 if_vpn=vpn-+
+if_iodine=dns+
 if_its_mz=eth0.0
 if_its_pi=eth0.0
 
@@ -51,7 +52,7 @@ run iptables -A inbound -g ddos-evil-dns \
 ## Externally visible services.
 allowservices inbound tcp \
        finger ident \
-       dns \
+       dns iodine \
        ssh \
        smtp \
        gnutella_svc \
@@ -63,7 +64,7 @@ allowservices inbound tcp \
 allowservices inbound tcp \
        tor_public tor_directory
 allowservices inbound udp \
-       dns \
+       dns iodine \
        tripe \
        gnutella_svc
 
Firewall scripts for distorted.org.uk.