-m4_divert(46)m4_dnl
-## Networks and routing.
-
-defiface $if_trusted \
- trusted:172.29.199.0/26 \
- safe:172.29.199.64/27 \
- untrusted:default
-defiface $if_untrusted \
- untrusted:172.29.198.0/25
-defvpn $if_vpn safe 172.29.199.128/27 \
- crybaby:172.29.199.129
-defiface $if_iodine untrusted:172.29.198.128/28
-defiface $if_its_mz safe:172.29.199.160/30
-defiface $if_its_pi safe:192.168.0.0/24
-
-m4_divert(60)m4_dnl
+## House networks.
+defnet dmz trusted
+ addr 81.2.113.195 81.187.238.128/28 217.169.12.64/28 2001:8b0:c92:fff::/64
+ via unsafe untrusted
+defnet unsafe trusted
+ addr 172.29.199.0/25 2001:8b0:c92:1::/64
+ via househub
+defnet safe safe
+ addr 172.29.199.192/27 2001:8b0:c92:4001::/64
+ via househub
+defnet untrusted untrusted
+ addr 172.29.198.0/25 2001:8b0:c92:8001::/64
+ via househub
+
+defnet househub virtual
+ via housebdry dmz unsafe safe untrusted
+defnet housebdry virtual
+ via househub hub
+
+## House hosts.
+defhost radius
+ hosttype router
+ iface eth0 dmz unsafe safe untrusted vpn sgo default
+ iface eth1 dmz unsafe safe untrusted vpn sgo default
+ iface eth2 dmz unsafe safe untrusted vpn sgo
+ iface eth3 unsafe untrusted vpn default
+ iface ppp0 default
+ iface t6-he default
+ iface vpn-precision vpn sgo
+ iface vpn-chiark sgo
+ iface vpn-+ vpn
+defhost roadstar
+ iface eth0 dmz unsafe
+ iface eth1 dmz unsafe
+defhost jem
+ iface eth0 dmz unsafe
+ iface eth1 dmz unsafe
+defhost universe
+ iface eth0 dmz unsafe
+ iface eth1 dmz unsafe
+defhost artist
+ hosttype router
+ iface eth0 dmz unsafe untrusted
+ iface eth1 dmz unsafe untrusted
+ iface eth3 unsafe untrusted
+defhost vampire
+ hosttype router
+ iface eth0.4 dmz unsafe untrusted safe vpn sgo
+ iface eth0.5 dmz unsafe untrusted safe vpn sgo
+ iface eth0.6 dmz unsafe safe untrusted vpn sgo
+ iface eth0.7 unsafe untrusted vpn
+ iface vpn-precision vpn sgo
+ iface vpn-chiark sgo
+ iface vpn-+ vpn
+defhost ibanez
+ iface br-dmz dmz unsafe
+ iface br-unsafe unsafe
+defhost orange
+ iface wlan0 untrusted
+ iface vpn-radius unsafe
+defhost groove
+ iface eth0 unsafe
+ iface wlan0 untrusted
+ iface vpn-radius unsafe
+
+defhost gibson
+ hosttype client
+ iface eth0 unsafe
+
+## Formerly colocated hosts.
+defhost fender
+ iface br-dmz dmz unsafe
+ iface br-unsafe dmz unsafe
+defhost precision
+ hosttype router
+ iface eth0 dmz unsafe vpn sgo
+ iface eth1 dmz unsafe vpn sgo
+ iface vpn-mango binswood
+ iface vpn-chiark sgo
+ iface vpn-national upn
+ iface vpn-mdwdev upn
+ iface vpn-eggle upn
+ iface vpn-+ vpn
+defhost telecaster
+ iface eth0 dmz unsafe vpn sgo
+ iface eth1 dmz unsafe vpn sgo
+defhost stratocaster
+ iface eth0 dmz unsafe vpn sgo
+ iface eth1 dmz unsafe vpn sgo
+defhost jazz
+ hosttype router
+ iface eth0 dmz unsafe vpn sgo
+ iface eth1 dmz unsafe vpn sgo
+ iface dns0 iodine
+ iface hippo-svc hippotat
+ iface vpn-+ vpn
+
+## Stunt connectivity networks.
+defnet iodine untrusted
+ addr 172.29.198.128/28
+ via colohub
+defnet hippotat untrusted
+ addr 172.29.198.144/28
+ via colohub
+
+
+## Other networks.
+defnet hub virtual
+ via housebdry
+defnet sgo noloop
+ addr !172.29.198.0/23
+ addr !10.165.27.0/24
+ addr 10.0.0.0/8
+ addr 172.16.0.0/12
+ addr 192.168.0.0/16
+ via househub
+defnet vpn trusted
+ addr 172.29.199.128/27 2001:8b0:c92:6000::/64
+ via househub
+ host crybaby 1 ::1:1
+ host terror 2 ::2:1
+ host orange 3 ::3:1
+ host haze 4 ::4:1
+ host spirit 9 ::9:1
+ host groove 10 ::10:1
+defnet anycast trusted
+ addr 172.29.199.224/27 2001:8b0:c92:0::/64
+ via dmz unsafe safe untrusted vpn nvpn
+defnet default scary
+ addr 81.2.113.195 81.187.238.128/28 217.169.12.64/28 \
+ 2001:8b0:c92::/48
+ via dmz unsafe untrusted
+defnet upn untrusted
+ addr 172.29.198.160/27 2001:8b0:c92:a000::/64
+ via househub
+ host national 1 ::1:1
+ host mdwdev 2 ::2:1
+ host eggle 3 ::3:1
+
+## VPS hosts.
+defhost eggle
+ iface eth0 default
+ iface vpn-precision househub
+defhost national
+ iface eth0 default
+ iface vpn-precision househub
+
+## Satellite networks.
+defnet binswood vpnnat
+ addr 10.165.27.0/24
+ via househub
+defhost mango
+ hosttype router
+ iface eth0 binswood default
+ iface vpn-precision dmz default
+
+m4_divert(80)m4_dnl
+###--------------------------------------------------------------------------
+### Connection tracking helper modules.
+
+for i in ftp; do
+ modprobe nf_conntrack_$i
+done
+
+m4_divert(80)m4_dnl