From d36c76dd2827e7d649ee316b56b6fc7d2717e306 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@higgsboson.tk>
Date: Sat, 14 Nov 2015 21:54:06 +0000
Subject: [PATCH] .

---
 ferm-eve.conf               | 1 +
 services-eve/45-btsync      | 7 +++++++
 services-eve/45-dns         | 7 -------
 services-eve/45-letsencrypt | 8 ++++++++
 services-eve/70-teamspeak   | 4 ++--
 5 files changed, 18 insertions(+), 9 deletions(-)
 create mode 100644 services-eve/45-btsync
 create mode 100644 services-eve/45-letsencrypt

diff --git a/ferm-eve.conf b/ferm-eve.conf
index 15924c3..07fca8e 100644
--- a/ferm-eve.conf
+++ b/ferm-eve.conf
@@ -27,6 +27,7 @@ domain (ip ip6) {
       policy DROP;
       interface lo ACCEPT;
       protocol icmp ACCEPT;
+      protocol tcp dport 22 ACCEPT;
       mod conntrack ctstate (RELATED ESTABLISHED) ACCEPT;
 
       LOG log-prefix "iptables reject:";
diff --git a/services-eve/45-btsync b/services-eve/45-btsync
new file mode 100644
index 0000000..cdd949c
--- /dev/null
+++ b/services-eve/45-btsync
@@ -0,0 +1,7 @@
+&def_service(btsync-web, btsync, tcp, 8888);
+&def_service(btsync-tcp, btsync, tcp, 5555);
+&def_service(btsync-udp, btsync, udp, 5555);
+
+&allow_service_for(btsync-web, web);
+&forward_to_service(btsync-tcp, tcp, 5555);
+&forward_to_service(btsync-udp, udp, 5555);
diff --git a/services-eve/45-dns b/services-eve/45-dns
index 0b7ff15..f3f826f 100644
--- a/services-eve/45-dns
+++ b/services-eve/45-dns
@@ -5,10 +5,3 @@
 &forward_to_service(dns2, tcp, 53);
 &allow_service_for_all(dns);
 &allow_service_for_all(dns2);
-
-# chain to allow forwarding to the service
-domain ip table filter chain FORWARD {
-  @def $ns1_ip4  = @resolve(ns1.evenet.dn42, A);
-  @def $ns2_ip4  = @resolve(ns2.evenet.dn42, A);
-  daddr ($ns1_ip4 $ns2_ip4) protocol udp dport 53 ACCEPT;
-}
diff --git a/services-eve/45-letsencrypt b/services-eve/45-letsencrypt
new file mode 100644
index 0000000..5bc7f0e
--- /dev/null
+++ b/services-eve/45-letsencrypt
@@ -0,0 +1,8 @@
+&def_service(letsencrypt1, letsencrypt, tcp, 80);
+&def_service(letsencrypt2, letsencrypt, tcp, 443);
+&allow_service_for_all(letsencrypt1);
+&allow_service_for_all(letsencrypt2);
+@def $lets_ip4 = @resolve("letsencrypt.eve.higgsboson.tk", A); 
+@def $lets_ip6 = @resolve("ipv6.letsencrypt.eve.higgsboson.tk", AAAA); 
+@def $lets_ula = @resolve("ula.letsencrypt.eve.higgsboson.tk", AAAA);
+table filter chain FORWARD daddr @ipfilter(($lets_ip4 $lets_ip6 $lets_ula)) protocol tcp dport (80 443) ACCEPT;
diff --git a/services-eve/70-teamspeak b/services-eve/70-teamspeak
index 81b934c..2d52e27 100644
--- a/services-eve/70-teamspeak
+++ b/services-eve/70-teamspeak
@@ -10,8 +10,8 @@
 &def_service(ts3_devkid, teamspeak, udp, 9987);
 &forward_to_service(ts3_devkid, udp, 9987);
 
-&def_service(ts3_ist, teamspeak, udp, 4242);
-&forward_to_service(ts3_ist, udp, 4242);
+&def_service(ts3_martijn, teamspeak, udp, 22222);
+&forward_to_service(ts3_martijn, udp, 22222);
 
 &def_service(ts3_martin, teamspeak, udp, 5037);
 &forward_to_service(ts3_martin, udp, 5037);