## 172.29.198.0/24 Untrusted networks.
## .0/25 house wireless net
## .128/28 iodine (IP-over-DNS) network
+## .160/27 untrusted virtual network
##
## 172.29.199.0/24 Trusted networks.
## .0/25 house wired network
## The /48s are split into /64s by appending a 16-bit network number. The
## top nibble of the network number classifies the network, as follows.
##
+## axxx Virtual, untrusted
## 8xxx Untrusted
## 6xxx Virtual, safe
## 4xxx Safe
defhost gibson
hosttype client
- iface eth0 unsafe
+ iface eth0.5 unsafe
## Colocated networks.
defnet jump trusted
iface vpn-mango binswood
iface vpn-radius housebdry vpn sgo
iface vpn-chiark sgo
+ iface vpn-national upn
iface vpn-+ vpn
defhost telecaster
iface eth0 jump colo
defhost stratocaster
iface eth0 jump colo
iface eth1 jump colo
-defhost jaguar
- iface eth0 jump
defhost jazz
hosttype router
iface eth0 jump colo vpn
addr 212.13.198.64/28 2001:ba8:0:1d9::/64
addr 2001:ba8:1d9::/48 #temporary
via dmz unsafe untrusted jump colo
+defnet upn untrusted
+ addr 172.29.198.160/27 2001:ba8:1d9:a000::/64
+ via colohub
+ host national 1 ::1:1
+
+## Linode hosts.
+defhost national
+ iface eth0 default
+ iface vpn-precision colohub
## Satellite networks.
defnet binswood noloop
addr 10.165.27.0/24
via colohub
-
defhost mango
hosttype router
iface eth0 binswood default
-p udp --source-port $port_bootpc --destination-port $port_bootps
## Allow incoming ping. This is the only ICMP left.
-run ip46tables -A inbound -j ACCEPT -p icmp
+run iptables -A inbound -j ACCEPT -p icmp
+run ip6tables -A inbound -j ACCEPT -p icmpv6
m4_divert(88)m4_dnl
## Allow unusual things.
~mdw / firewall / blobdiff