From: Mark Wooding <mdw@distorted.org.uk>
Date: Mon, 7 Mar 2011 11:02:35 +0000 (+0000)
Subject: vampire: Allow outside access to squid.
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/firewall/commitdiff_plain/deee94301a9892b3568cd134756ef73e825bf148

vampire: Allow outside access to squid.

This is to provide an escape hatch against the office's cretinous web
filter thing.
---

diff --git a/vampire.m4 b/vampire.m4
index 18365be..224374a 100644
--- a/vampire.m4
+++ b/vampire.m4
@@ -48,7 +48,7 @@ allowservices inbound tcp \
 	ftp ftp_data \
 	rsync \
 	disorder mpd \
-	http https \
+	http https squid \
 	git \
 	tor_public tor_directory i2p
 allowservices inbound udp \
@@ -79,11 +79,6 @@ run iptables -A inbound -j ACCEPT \
 	-s 172.29.198.2 \
 	-p udp --destination-port $port_syslog
 
-## Provide a web cache to local untrusted hosts.
-run iptables -A inbound -j ACCEPT \
-	-s 172.29.198.0/24 \
-	-p tcp --destination-port $port_squid
-
 ## Watch outgoing Tor usage.
 run iptables -A OUTPUT -m multiport \
 	-p tcp --source-ports $port_tor_public,$port_tor_directory