From: Mark Wooding <mdw@distorted.org.uk>
Date: Thu, 26 Mar 2015 21:59:22 +0000 (+0000)
Subject: jaguar.m4: Also allow Munin from roadstar and telecaster.
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/firewall/commitdiff_plain/2d80d32bfdddc389983c5fc779d0adc1623a7dc2

jaguar.m4: Also allow Munin from roadstar and telecaster.
---

diff --git a/jaguar.m4 b/jaguar.m4
index 6400676..0925d00 100644
--- a/jaguar.m4
+++ b/jaguar.m4
@@ -31,10 +31,15 @@ allowservices inbound tcp \
 	ident \
 	http https althttp0 althttp1
 
-## Allow Munin queries from HSTG.
-iptables -A inbound -j ACCEPT \
-	-s 217.150.97.26 \
-	-p tcp --dport $port_munin
+## Allow Munin queries from HSTG and the distorted.org.uk mothership.
+clearchain munin
+ip46tables -A inbound -j munin -p tcp --dport $port_munin
+for i in 217.150.97.26 212.13.198.71 62.49.204.147; do
+  iptables -A munin -j ACCEPT -s $i
+done
+for i in 2001:470:1f09:1b98::3 2001:ba8:0:1d9::7; do
+  ip6tables -A munin -j ACCEPT -s $i
+done
 
 ## Other interesting things.
 dnsresolver inbound