Renumber the diversions.

[firewall] / local.m4

diff --git a/local.m4 b/local.m4
index 2d880b9..399e69c 100644 (file)
--- a/local.m4
+++ b/local.m4
@@ -30,14 +30,14 @@ defnetclass untrusted untrusted trusted
 defnetclass trusted untrusted trusted safe noloop
 defnetclass safe trusted safe noloop
 defnetclass noloop trusted safe
-m4_divert(-1)m4_dnl
+m4_divert(-1)
 
+m4_divert(26)m4_dnl
 ###--------------------------------------------------------------------------
 ### Network layout.
 
-m4_divert(46)m4_dnl
-## Networks and routing.
-
+m4_divert(44)m4_dnl
+## Network definitions.
 defiface $if_dmz \
        trusted:62.49.204.144/28 \
        trusted:172.29.199.0/25 \
@@ -58,7 +58,7 @@ defiface $if_its_pi safe:192.168.0.0/24
 ## Default NTP servers.
 ntp_servers="158.152.1.76 158.152.1.204 194.159.253.2 195.173.57.232"
 
-m4_divert(60)m4_dnl
+m4_divert(80)m4_dnl
 ###--------------------------------------------------------------------------
 ### Special forwarding exemptions.
 
@@ -105,6 +105,7 @@ run ip6tables -A fwd-spec-nofrag -j ACCEPT \
        -m state --state ESTABLISHED
 
 m4_divert(60)m4_dnl
+m4_divert(80)m4_dnl
 ###--------------------------------------------------------------------------
 ### Kill things we don't understand properly.
 ###
@@ -119,7 +120,7 @@ run iptables -A FORWARD -g poorly-understood \
 run ip6tables -A FORWARD -g poorly-understood \
        -d ff::/8
 
-m4_divert(80)m4_dnl
+m4_divert(84)m4_dnl
 ###--------------------------------------------------------------------------
 ### Locally-bound packet inspection.