local.m4: gibson uses untagged packets for the unsafe network now.

[firewall] / local.m4

diff --git a/local.m4 b/local.m4
index f2b59ce..351b9b2 100644 (file)
--- a/local.m4
+++ b/local.m4
@@ -39,9 +39,9 @@ m4_divert(-1)
 ## block of RFC1918 private-use addresses allocated from the Cambridge G-RIN.
 ## The former are as follows.
 ##
-## 62.49.204.144/28
-##             House border network (dmz).  We have all of these, but .145
-##             is reserved for the router.
+## 81.2.113.195, 81.187.238.128/28
+##             House border network (dmz).  We have all of these; the loose
+##             address is for the router.
 ##
 ## 212.13.18.64/28
 ##             Jump colocated network (jump).  .65--68 are used by Jump
@@ -69,15 +69,9 @@ m4_divert(-1)
 ## There are five blocks of publicly routable IPv6 addresses, though some of
 ## them aren't very interesting.  The ranges are as follows.
 ##
-## 2001:470:1f08:1b98::/64
-##             Hurricane Electric tunnel network: only :1 (HE) and :2
-##             (radius) are used.
-##
-## 2001:470:1f09:1b98::/64
-##             House border network (dmz).
-##
-## 2001:470:9740::/48
-##             Main house range.  See below for allocation policy.
+## 2001:8b0:c92::/48
+##             Main house range (aaisp).  See below for allocation policy.
+##             There is no explicit DMZ allocation (and no need for one).
 ##
 ## 2001:ba8:0:1d9::/64
 ##             Jump border network (jump): :1 is the router (supplied by
@@ -107,6 +101,7 @@ m4_divert(-1)
 ## 0           No specific site: mobile VPN endpoints or anycast addresses.
 ## 1           House.
 ## 2           Jump colocation.
+## fff         Local border network.
 ##
 ## Usually site-0 networks are allocated from the Jump range to improve
 ## expected performance from/to external sites which don't engage in our
@@ -114,7 +109,7 @@ m4_divert(-1)
 
 ## Define the available network classes.
 m4_divert(42)m4_dnl
-defnetclass scary      scary           trusted             mcast
+defnetclass scary      scary           trusted             mcast
 defnetclass untrusted  scary untrusted trusted             mcast
 defnetclass trusted    scary untrusted trusted safe noloop mcast
 defnetclass safe                       trusted safe noloop mcast
@@ -130,16 +125,16 @@ m4_divert(26)m4_dnl
 
 ## House networks.
 defnet dmz trusted
-       addr 62.49.204.144/28 2001:470:1f09:1b98::/64
+       addr 81.2.113.195 81.187.238.128/28 2001:8b0:c92:fff::/64
        via unsafe untrusted
 defnet unsafe trusted
-       addr 172.29.199.0/25 2001:470:9740:1::/64
+       addr 172.29.199.0/25 2001:8b0:c92:1::/64
        via househub
 defnet safe safe
-       addr 172.29.199.192/27 2001:470:9740:4001::/64
+       addr 172.29.199.192/27 2001:8b0:c92:4001::/64
        via househub
 defnet untrusted untrusted
-       addr 172.29.198.0/25 2001:470:9740:8001::/64
+       addr 172.29.198.0/25 2001:8b0:c92:8001::/64
        via househub
 
 defnet househub virtual
@@ -195,7 +190,7 @@ defhost groove
 
 defhost gibson
        hosttype client
-       iface eth0.5 unsafe
+       iface eth0 unsafe
 
 ## Colocated networks.
 defnet jump trusted
@@ -247,7 +242,7 @@ defnet sgo noloop
        addr 172.16.0.0/12
        addr 192.168.0.0/16
        via househub colohub
-defnet vpn safe
+defnet vpn trusted
        addr 172.29.199.128/27 2001:ba8:1d9:6000::/64
        via househub colohub
        host crybaby 1 ::1:1
@@ -259,7 +254,7 @@ defnet anycast trusted
        addr 172.29.199.224/27 2001:ba8:1d9:0::/64
        via dmz unsafe safe untrusted jump colo vpn
 defnet default scary
-       addr 62.49.204.144/28 2001:470:1f09:1b98::/64
+       addr 81.2.113.195 81.187.238.128/28 2001:8b0:c92::/48
        addr 212.13.198.64/28 2001:ba8:0:1d9::/64
        addr 2001:ba8:1d9::/48 #temporary
        via dmz unsafe untrusted jump colo