local.m4: Reinstate detailed filtering from scary networks.

author Mark Wooding <mdw@distorted.org.uk>

Sat, 28 Feb 2015 12:43:49 +0000 (12:43 +0000)

committer Mark Wooding <mdw@distorted.org.uk>

Sat, 28 Feb 2015 12:43:49 +0000 (12:43 +0000)
author Mark Wooding <mdw@distorted.org.uk>
Sat, 28 Feb 2015 12:43:49 +0000 (12:43 +0000)
committer Mark Wooding <mdw@distorted.org.uk>
Sat, 28 Feb 2015 12:43:49 +0000 (12:43 +0000)
diff --git a/local.m4 b/local.m4

index 59ab3420acfb2632de8d478c4fc9cc716e6ba52b..7e7ad158c1350fc1dee0b0cac604baa5ccc10298 100644 (file)
--- a/local.m4
+++ b/local.m4
@@ -370,6 +370,7 @@ openports inbound
  
  ## Inspect inbound packets from untrusted sources.
  run ip46tables -A inbound -j forbidden
+run ip46tables -A INPUT -m mark --mark $from_scary/$MASK_FROM -g inbound
  run ip46tables -A INPUT -m mark --mark $from_untrusted/$MASK_FROM -g inbound
  
  ## Allow responses from the scary outside world into the untrusted net, but
author	Mark Wooding <mdw@distorted.org.uk>
	Sat, 28 Feb 2015 12:43:49 +0000 (12:43 +0000)
committer	Mark Wooding <mdw@distorted.org.uk>
	Sat, 28 Feb 2015 12:43:49 +0000 (12:43 +0000)