From: Mark Wooding Date: Fri, 10 May 2024 14:10:02 +0000 (+0100) Subject: eggle.m4, local.m4, local.mk: Add new VPS `eggle'. X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/firewall/commitdiff_plain eggle.m4, local.m4, local.mk: Add new VPS `eggle'. --- diff --git a/eggle.m4 b/eggle.m4 new file mode 100644 index 0000000..9793e52 --- /dev/null +++ b/eggle.m4 @@ -0,0 +1,46 @@ +### -*-sh-*- +### +### Firewall configuration for eggle +### +### (c) 2024 Mark Wooding +### + +###----- Licensing notice --------------------------------------------------- +### +### This program is free software; you can redistribute it and/or modify +### it under the terms of the GNU General Public License as published by +### the Free Software Foundation; either version 2 of the License, or +### (at your option) any later version. +### +### This program is distributed in the hope that it will be useful, +### but WITHOUT ANY WARRANTY; without even the implied warranty of +### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +### GNU General Public License for more details. +### +### You should have received a copy of the GNU General Public License +### along with this program; if not, write to the Free Software Foundation, +### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +###-------------------------------------------------------------------------- +### eggle-specific rules. + +m4_divert(86)m4_dnl +## Externally visible services. +allowservices inbound tcp \ + ssh \ + ident \ + squid +allowservices inbound udp \ + tripe + +## We use public NTP servers. +run ip46tables -A inbound -j ACCEPT \ + -m state --state ESTABLISHED \ + -p udp --source-port 123 --destination-port 123 + +## Other interesting things. +dnsresolver inbound +dnsserver inbound + +m4_divert(-1) +###----- That's all, folks -------------------------------------------------- diff --git a/local.m4 b/local.m4 index db46787..b0a1770 100644 --- a/local.m4 +++ b/local.m4 @@ -190,6 +190,7 @@ defhost precision iface vpn-chiark sgo iface vpn-national upn iface vpn-mdwdev upn + iface vpn-eggle upn iface vpn-+ vpn defhost telecaster iface eth0 dmz unsafe vpn sgo @@ -245,8 +246,12 @@ defnet upn untrusted via househub host national 1 ::1:1 host mdwdev 2 ::2:1 + host eggle 3 ::3:1 ## VPS hosts. +defhost eggle + iface eth0 default + iface vpn-precision househub defhost national iface eth0 default iface vpn-precision househub diff --git a/local.mk b/local.mk index 0352165..0680d72 100644 --- a/local.mk +++ b/local.mk @@ -25,4 +25,5 @@ HOSTS += jazz HOSTS += gibson +HOSTS += eggle HOSTS += national