~mdw / firewall / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Renumber the diversions.
[firewall] / local.m4
diff --git a/local.m4 b/local.m4
index 2d880b9..399e69c 100644 (file)
--- a/local.m4
+++ b/local.m4
@@ -30,14 +30,14 @@ defnetclass untrusted untrusted trusted
 defnetclass trusted untrusted trusted safe noloop
 defnetclass safe trusted safe noloop
 defnetclass noloop trusted safe
 defnetclass trusted untrusted trusted safe noloop
 defnetclass safe trusted safe noloop
 defnetclass noloop trusted safe
-m4_divert(-1)m4_dnl
+m4_divert(-1)
 
 
+m4_divert(26)m4_dnl
 ###--------------------------------------------------------------------------
 ### Network layout.
 
 ###--------------------------------------------------------------------------
 ### Network layout.
 
-m4_divert(46)m4_dnl
-## Networks and routing.
-
+m4_divert(44)m4_dnl
+## Network definitions.
 defiface $if_dmz \
        trusted:62.49.204.144/28 \
        trusted:172.29.199.0/25 \
 defiface $if_dmz \
        trusted:62.49.204.144/28 \
        trusted:172.29.199.0/25 \
@@ -58,7 +58,7 @@ defiface $if_its_pi safe:192.168.0.0/24
 ## Default NTP servers.
 ntp_servers="158.152.1.76 158.152.1.204 194.159.253.2 195.173.57.232"
 
 ## Default NTP servers.
 ntp_servers="158.152.1.76 158.152.1.204 194.159.253.2 195.173.57.232"
 
-m4_divert(60)m4_dnl
+m4_divert(80)m4_dnl
 ###--------------------------------------------------------------------------
 ### Special forwarding exemptions.
 
 ###--------------------------------------------------------------------------
 ### Special forwarding exemptions.
 
@@ -105,6 +105,7 @@ run ip6tables -A fwd-spec-nofrag -j ACCEPT \
        -m state --state ESTABLISHED
 
 m4_divert(60)m4_dnl
        -m state --state ESTABLISHED
 
 m4_divert(60)m4_dnl
+m4_divert(80)m4_dnl
 ###--------------------------------------------------------------------------
 ### Kill things we don't understand properly.
 ###
 ###--------------------------------------------------------------------------
 ### Kill things we don't understand properly.
 ###
@@ -119,7 +120,7 @@ run iptables -A FORWARD -g poorly-understood \
 run ip6tables -A FORWARD -g poorly-understood \
        -d ff::/8
 
 run ip6tables -A FORWARD -g poorly-understood \
        -d ff::/8
 
-m4_divert(80)m4_dnl
+m4_divert(84)m4_dnl
 ###--------------------------------------------------------------------------
 ### Locally-bound packet inspection.
 
 ###--------------------------------------------------------------------------
 ### Locally-bound packet inspection.
 
Firewall scripts for distorted.org.uk.