.

ferm-eve.conf

@@ -27,6 +27,7 @@ domain (ip ip6) {
       policy DROP;
       interface lo ACCEPT;
       protocol icmp ACCEPT;
+      protocol tcp dport 22 ACCEPT;
       mod conntrack ctstate (RELATED ESTABLISHED) ACCEPT;
 
       LOG log-prefix "iptables reject:";

services-eve/45-btsync

@@ -0,0 +1,7 @@
+&def_service(btsync-web, btsync, tcp, 8888);
+&def_service(btsync-tcp, btsync, tcp, 5555);
+&def_service(btsync-udp, btsync, udp, 5555);
+
+&allow_service_for(btsync-web, web);
+&forward_to_service(btsync-tcp, tcp, 5555);
+&forward_to_service(btsync-udp, udp, 5555);

services-eve/45-dns

@@ -5,10 +5,3 @@
 &forward_to_service(dns2, tcp, 53);
 &allow_service_for_all(dns);
 &allow_service_for_all(dns2);
-
-# chain to allow forwarding to the service
-domain ip table filter chain FORWARD {
-  @def $ns1_ip4  = @resolve(ns1.evenet.dn42, A);
-  @def $ns2_ip4  = @resolve(ns2.evenet.dn42, A);
-  daddr ($ns1_ip4 $ns2_ip4) protocol udp dport 53 ACCEPT;
-}

services-eve/45-letsencrypt

@@ -0,0 +1,8 @@
+&def_service(letsencrypt1, letsencrypt, tcp, 80);
+&def_service(letsencrypt2, letsencrypt, tcp, 443);
+&allow_service_for_all(letsencrypt1);
+&allow_service_for_all(letsencrypt2);
+@def $lets_ip4 = @resolve("letsencrypt.eve.higgsboson.tk", A); 
+@def $lets_ip6 = @resolve("ipv6.letsencrypt.eve.higgsboson.tk", AAAA); 
+@def $lets_ula = @resolve("ula.letsencrypt.eve.higgsboson.tk", AAAA);
+table filter chain FORWARD daddr @ipfilter(($lets_ip4 $lets_ip6 $lets_ula)) protocol tcp dport (80 443) ACCEPT;

services-eve/70-teamspeak

@@ -10,8 +10,8 @@
 &def_service(ts3_devkid, teamspeak, udp, 9987);
 &forward_to_service(ts3_devkid, udp, 9987);
 
-&def_service(ts3_ist, teamspeak, udp, 4242);
+&def_service(ts3_martijn, teamspeak, udp, 22222);
-&forward_to_service(ts3_ist, udp, 4242);
+&forward_to_service(ts3_martijn, udp, 22222);
 
 &def_service(ts3_martin, teamspeak, udp, 5037);
 &forward_to_service(ts3_martin, udp, 5037);