Overhaul address classification.

[firewall] / local.m4

diff --git a/local.m4 b/local.m4
index 987cf73..69122e2 100644 (file)
--- a/local.m4
+++ b/local.m4
@@ -45,25 +45,104 @@ m4_divert(26)m4_dnl
 ###--------------------------------------------------------------------------
 ### Network layout.
 
-m4_divert(44)m4_dnl
-## Network definitions.
-defiface $if_dmz \
-       trusted:62.49.204.144/28 \
-       trusted:172.29.199.0/25 \
-       untrusted:default
-defiface $if_trusted \
-       trusted:172.29.199.0/25 \
-       untrusted:default
-defiface $if_safe safe:172.29.199.192/26
-defiface $if_untrusted \
-       untrusted:172.29.198.0/25
-defvpn $if_vpn safe 172.29.199.128/27 \
-       crybaby:172.29.199.129 \
-       terror:172.29.199.130
-defiface $if_iodine untrusted:172.29.198.128/28
-defiface $if_its_mz safe:172.29.199.160/30
-defiface $if_its_pi safe:192.168.0.0/24
+## House networks.
+defnet dmz trusted
+       addr 62.49.204.144/28
+       forwards unsafe untrusted
+defnet unsafe trusted
+       addr 172.29.199.0/25
+       forwards househub
+defnet safe safe
+       addr 172.29.199.192/28
+       forwards househub
+defnet untrusted untrusted
+       addr 172.29.198.0/25
+       forwards househub
+defnet vpn safe
+       addr 172.29.199.128/27
+       forwards househub
+       host crybaby 1
+       host terror 2
+defnet iodine untrusted
+       addr 172.29.198.128/28
 
+defnet househub virtual
+       forwards housebdry dmz unsafe safe untrusted
+defnet housebdry virtual
+       forwards househub hub
+       noxit dmz
+
+## House hosts.
+defhost radius
+       router
+       iface eth0 dmz
+       iface eth1 unsafe
+       iface eth2 safe
+       iface eth3 untrusted
+defhost roadstar
+       iface eth0 dmz
+       iface eth1 unsafe
+defhost jem
+       iface eth0 dmz
+       iface eth1 unsafe
+defhost artist
+       iface eth0 dmz
+       iface eth1 unsafe
+defhost vampire
+       router
+       iface eth0.0 dmz
+       iface eth0.1 unsafe
+       iface eth0.3 untrusted
+       iface dns0 dns
+       iface vpn-+ vpn
+       iface vpn-precision colobdry vpn
+defhost ibanez
+       iface br-dmz dmz
+       iface br-unsafe unsafe
+
+defhost gibson
+       iface eth0 unsafe
+
+## Colocated networks.
+defnet jump trusted
+       addr 212.13.198.64/28
+       forwards colohub
+defnet colo trusted
+       addr 172.29.199.176/28
+       forwards colohub
+defnet colohub virtual
+       forwards colobdry jump colo
+defnet colobdry virtual
+       forwards colohub hub
+       noxit jump
+
+## Colocated hosts.
+defhost fender
+       iface br-jump jump
+       iface br-colo colo
+defhost precision
+       router
+       iface eth0 jump
+       iface eth1 colo
+       iface vpn-+ vpn
+       iface vpn-vampire housebdry vpn
+defhost telecaster
+       iface eth0 jump
+       iface eth1 colo
+defhost stratocaster
+       iface eth0 jump
+       iface eth1 colo
+defhost jazz
+       iface eth0 jump
+       iface eth1 colo
+
+## Other networks.
+defnet hub virtual
+       forwards housebdry colobdry
+defnet default untrusted
+       addr 62.49.204.144/28
+       addr 212.13.198.64/28
+       forwards dmz untrusted unsafe jump colo
 
 m4_divert(80)m4_dnl
 ###--------------------------------------------------------------------------