iface eth1 dmz unsafe safe untrusted vpn sgo colobdry default
iface eth2 dmz unsafe safe untrusted vpn sgo colobdry
iface eth3 untrusted vpn default
+ iface ppp0 default
iface t6-he default
iface vpn-precision colobdry vpn sgo
iface vpn-chiark sgo
iface eth1 dmz unsafe
defhost artist
hosttype router
- iface eth0 dmz unsafe
- iface eth1 dmz unsafe
+ iface eth0 dmz unsafe untrusted
+ iface eth1 dmz unsafe untrusted
iface eth3 untrusted
defhost vampire
hosttype router
- iface eth0.0 dmz unsafe untrusted safe vpn sgo colobdry
- iface eth0.1 dmz unsafe untrusted safe vpn sgo colobdry
- iface eth0.2 dmz unsafe safe untrusted vpn sgo colobdry
- iface eth0.3 untrusted
+ iface eth0.4 dmz unsafe untrusted safe vpn sgo colobdry
+ iface eth0.5 dmz unsafe untrusted safe vpn sgo colobdry
+ iface eth0.6 dmz unsafe safe untrusted vpn sgo colobdry
+ iface eth0.7 untrusted
iface dns0 iodine
iface vpn-precision colobdry vpn sgo
iface vpn-chiark sgo
-m state --state ESTABLISHED
## Allow SSH from safe/noloop to untrusted networks.
- run iptables -A fwd-spec-nofrag -j ACCEPT \
+ run ip46tables -A fwd-spec-nofrag -j ACCEPT \
-p tcp --destination-port $port_ssh \
-m mark --mark $to_untrusted/$MASK_TO
- run iptables -A fwd-spec-nofrag -j ACCEPT \
- -p tcp --source-port $port_ssh \
- -m mark --mark $from_untrusted/$MASK_FROM \
- -m state --state ESTABLISHED
- run ip6tables -A fwd-spec-nofrag -j ACCEPT \
- -p tcp --destination-port $port_ssh \
- -m mark --mark $to_untrusted/$MASK_TO
- run ip6tables -A fwd-spec-nofrag -j ACCEPT \
+ run ip46tables -A fwd-spec-nofrag -j ACCEPT \
-p tcp --source-port $port_ssh \
-m mark --mark $from_untrusted/$MASK_FROM \
-m state --state ESTABLISHED