fender.m4: BCP38 source-address filtering, at ebtables level.

[firewall] / local.m4

diff --git a/local.m4 b/local.m4
index 23f12a7..a50afd7 100644 (file)
--- a/local.m4
+++ b/local.m4
@@ -151,7 +151,7 @@ defhost radius
        iface eth0 dmz unsafe safe untrusted vpn sgo colobdry default
        iface eth1 dmz unsafe safe untrusted vpn sgo colobdry default
        iface eth2 dmz unsafe safe untrusted vpn sgo colobdry
-       iface eth3 untrusted vpn default
+       iface eth3 unsafe untrusted vpn default
        iface ppp0 default
        iface t6-he default
        iface vpn-precision colobdry vpn sgo
@@ -167,13 +167,13 @@ defhost artist
        hosttype router
        iface eth0 dmz unsafe untrusted
        iface eth1 dmz unsafe untrusted
-       iface eth3 untrusted
+       iface eth3 unsafe untrusted
 defhost vampire
        hosttype router
        iface eth0.4 dmz unsafe untrusted safe vpn sgo colobdry
        iface eth0.5 dmz unsafe untrusted safe vpn sgo colobdry
        iface eth0.6 dmz unsafe safe untrusted vpn sgo colobdry
-       iface eth0.7 untrusted
+       iface eth0.7 unsafe untrusted vpn
        iface vpn-precision colobdry vpn sgo
        iface vpn-chiark sgo
        iface vpn-+ vpn
@@ -222,6 +222,8 @@ defhost telecaster
 defhost stratocaster
        iface eth0 jump colo
        iface eth1 jump colo
+defhost jaguar
+       iface eth0 jump
 defhost jazz
        hosttype router
        iface eth0 jump colo vpn
@@ -258,6 +260,11 @@ defnet binswood noloop
        addr 10.165.27.0/24
        via colohub
 
+defhost mango
+       hosttype router
+       iface eth0 binswood default
+       iface vpn-precision colo
+
 m4_divert(80)m4_dnl
 ###--------------------------------------------------------------------------
 ### Special forwarding exemptions.