~mdw / firewall / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
bookends.m4: Configure IPv6 router advertisement stuff.
[firewall] / local.m4
diff --git a/local.m4 b/local.m4
index 3e33b3b..54d0c86 100644 (file)
--- a/local.m4
+++ b/local.m4
@@ -71,7 +71,7 @@ defnet housebdry virtual
 
 ## House hosts.
 defhost radius
 
 ## House hosts.
 defhost radius
-       router
+       hosttype router
        iface eth0 dmz unsafe safe
        iface eth1 dmz unsafe safe
        iface eth2 safe
        iface eth0 dmz unsafe safe
        iface eth1 dmz unsafe safe
        iface eth2 safe
@@ -86,19 +86,21 @@ defhost artist
        iface eth0 dmz unsafe
        iface eth1 dmz unsafe
 defhost vampire
        iface eth0 dmz unsafe
        iface eth1 dmz unsafe
 defhost vampire
-       router
+       hosttype router
        iface eth0.0 dmz unsafe safe
        iface eth0.1 dmz unsafe safe
        iface eth0.2 safe
        iface eth0.3 untrusted
        iface eth0.0 dmz unsafe safe
        iface eth0.1 dmz unsafe safe
        iface eth0.2 safe
        iface eth0.3 untrusted
-       iface dns0 dns
-       iface vpn-+ vpn
+       iface dns0 iodine
        iface vpn-precision colobdry vpn
        iface vpn-precision colobdry vpn
+       iface vpn-chiark sgo
+       iface vpn-+ vpn
 defhost ibanez
        iface br-dmz dmz unsafe
        iface br-unsafe unsafe
 
 defhost gibson
 defhost ibanez
        iface br-dmz dmz unsafe
        iface br-unsafe unsafe
 
 defhost gibson
+       hosttype client
        iface eth0 unsafe
 
 ## Colocated networks.
        iface eth0 unsafe
 
 ## Colocated networks.
@@ -119,11 +121,12 @@ defhost fender
        iface br-jump jump colo
        iface br-colo jump colo
 defhost precision
        iface br-jump jump colo
        iface br-colo jump colo
 defhost precision
-       router
+       hosttype router
        iface eth0 jump colo
        iface eth1 jump colo
        iface eth0 jump colo
        iface eth1 jump colo
-       iface vpn-+ vpn
        iface vpn-vampire housebdry vpn
        iface vpn-vampire housebdry vpn
+       iface vpn-chiark sgo
+       iface vpn-+ vpn
 defhost telecaster
        iface eth0 jump colo
        iface eth1 jump colo
 defhost telecaster
        iface eth0 jump colo
        iface eth1 jump colo
@@ -137,6 +140,12 @@ defhost jazz
 ## Other networks.
 defnet hub virtual
        forwards housebdry colobdry
 ## Other networks.
 defnet hub virtual
        forwards housebdry colobdry
+defnet sgo noloop
+       addr !172.29.198.0/23
+       addr 10.0.0.0/8
+       addr 172.16.0.0/12
+       addr 192.168.0.0/16
+       forwards househub colohub
 defnet vpn safe
        addr 172.29.199.128/27 2001:ba8:1d9:6000::/64
        forwards househub colohub
 defnet vpn safe
        addr 172.29.199.128/27 2001:ba8:1d9:6000::/64
        forwards househub colohub
Firewall scripts for distorted.org.uk.