From f98dfdf667181aad1d53a6e3a3758c2c6caec3a8 Mon Sep 17 00:00:00 2001 Message-Id: From: Mark Wooding Date: Sat, 17 Apr 2010 16:35:24 +0100 Subject: [PATCH] Add iodine support.. Organization: Straylight/Edgeware From: Mark Wooding This introduces a new section of the network which needs to be dealt with properly. The externally facing DNS server is actually the iodine daemon, which listens on 5353 and is mapped from 53 by guvnor. It proxies requests outside io.distorted.org.uk on to the usual server listening on port 53. --- local.m4 | 3 ++- metalzone.m4 | 1 + numbers.m4 | 1 + vampire.m4 | 5 +++-- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/local.m4 b/local.m4 index 56c2253..52dc94c 100644 --- a/local.m4 +++ b/local.m4 @@ -43,9 +43,10 @@ defiface $if_trusted \ safe:172.29.199.64/27 \ untrusted:default defiface $if_untrusted \ - untrusted:172.29.198.0/24 + untrusted:172.29.198.0/25 defvpn $if_vpn safe 172.29.199.128/27 \ crybaby:172.29.199.129 +defiface $if_iodine untrusted:172.29.198.128/28 defiface $if_its_mz safe:172.29.199.160/30 defiface $if_its_pi safe:192.168.0.0/24 diff --git a/metalzone.m4 b/metalzone.m4 index 62804c6..eb4dd2b 100644 --- a/metalzone.m4 +++ b/metalzone.m4 @@ -29,6 +29,7 @@ m4_divert(44)m4_dnl if_untrusted=eth0 if_trusted=eth0 if_vpn=eth0 +if_iodine=eth0 if_its_mz=its-mz if_its_pi=its-pi diff --git a/numbers.m4 b/numbers.m4 index 460a535..9596c96 100644 --- a/numbers.m4 +++ b/numbers.m4 @@ -40,6 +40,7 @@ defport syslog 514 # UDP only! defport rsync 873 defport squid 3128 defport tripe 4070 +defport iodine 5353 defport postgresql 5432 defport gnutella_svc 6346 defport mpd 6600 diff --git a/vampire.m4 b/vampire.m4 index ef823f0..e5ab346 100644 --- a/vampire.m4 +++ b/vampire.m4 @@ -29,6 +29,7 @@ m4_divert(44)m4_dnl if_untrusted=eth0.1 if_trusted=eth0.0 if_vpn=vpn-+ +if_iodine=dns+ if_its_mz=eth0.0 if_its_pi=eth0.0 @@ -51,7 +52,7 @@ run iptables -A inbound -g ddos-evil-dns \ ## Externally visible services. allowservices inbound tcp \ finger ident \ - dns \ + dns iodine \ ssh \ smtp \ gnutella_svc \ @@ -63,7 +64,7 @@ allowservices inbound tcp \ allowservices inbound tcp \ tor_public tor_directory allowservices inbound udp \ - dns \ + dns iodine \ tripe \ gnutella_svc -- [mdw]