bookends.m4: Better check for bridging.

[firewall] / vampire.m4

diff --git a/vampire.m4 b/vampire.m4
index 6ddbbf5223bb624139b5e3d6e71133d42225064b..34d5fdec9b0b187ee1b6e8c2cbd2171f3cb3ce4d 100644 (file)
--- a/vampire.m4
+++ b/vampire.m4
@@ -21,13 +21,6 @@
 ### along with this program; if not, write to the Free Software Foundation,
 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
-###--------------------------------------------------------------------------
-### Config settings.
-
-## This router is involved in a routing asymmetry.
-setconf(rp_filter, 0)
-setconf(log_martians, 0)
-
 ###--------------------------------------------------------------------------
 ### vampire-specific rules.
 
@@ -35,7 +28,6 @@ m4_divert(86)m4_dnl
 ## Externally visible services.
 allowservices inbound tcp \
        finger ident \
-       dns iodine \
        ssh \
        smtp submission \
        gnutella_svc \
@@ -47,18 +39,18 @@ allowservices inbound tcp \
        git \
        tor_public tor_directory i2p
 allowservices inbound udp \
-       dns iodine \
        tripe \
        gnutella_svc \
        i2p
 
 ## Extend some services to local untrusted hosts.
 clearchain inbound-untrusted
-run iptables -A inbound -j inbound-untrusted \
-       -s 172.29.198.0/24
+run iptables -A inbound -j inbound-untrusted -s $net_inet_untrusted
+run ip6tables -A inbound -j inbound-untrusted -s $net_inet6_untrusted
 
 allowservices inbound-untrusted tcp \
        dns \
+       lpd \
        netbios_ssn microsoft_ds
 allowservices inbound-untrusted udp \
        dns \
@@ -75,6 +67,7 @@ run iptables -A OUTPUT -m multiport \
 
 ## Other interesting things.
 dnsresolver inbound
+dnsserver inbound
 ntpclient inbound $ntp_servers
 
 m4_divert(-1)