~mdw
/
firewall
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fender.m4: Define an address to be a guaranteed black hole.
[firewall]
/
local.m4
diff --git
a/local.m4
b/local.m4
index
3e33b3b
..
357043b
100644
(file)
--- a/
local.m4
+++ b/
local.m4
@@
-91,9
+91,10
@@
defhost vampire
iface eth0.1 dmz unsafe safe
iface eth0.2 safe
iface eth0.3 untrusted
iface eth0.1 dmz unsafe safe
iface eth0.2 safe
iface eth0.3 untrusted
- iface dns0 dns
- iface vpn-+ vpn
+ iface dns0 iodine
iface vpn-precision colobdry vpn
iface vpn-precision colobdry vpn
+ iface vpn-chiark sgo
+ iface vpn-+ vpn
defhost ibanez
iface br-dmz dmz unsafe
iface br-unsafe unsafe
defhost ibanez
iface br-dmz dmz unsafe
iface br-unsafe unsafe
@@
-122,8
+123,9
@@
defhost precision
router
iface eth0 jump colo
iface eth1 jump colo
router
iface eth0 jump colo
iface eth1 jump colo
- iface vpn-+ vpn
iface vpn-vampire housebdry vpn
iface vpn-vampire housebdry vpn
+ iface vpn-chiark sgo
+ iface vpn-+ vpn
defhost telecaster
iface eth0 jump colo
iface eth1 jump colo
defhost telecaster
iface eth0 jump colo
iface eth1 jump colo
@@
-137,6
+139,12
@@
defhost jazz
## Other networks.
defnet hub virtual
forwards housebdry colobdry
## Other networks.
defnet hub virtual
forwards housebdry colobdry
+defnet sgo noloop
+ addr !172.29.198.0/23
+ addr 10.0.0.0/8
+ addr 172.16.0.0/12
+ addr 192.168.0.0/16
+ forwards househub colohub
defnet vpn safe
addr 172.29.199.128/27 2001:ba8:1d9:6000::/64
forwards househub colohub
defnet vpn safe
addr 172.29.199.128/27 2001:ba8:1d9:6000::/64
forwards househub colohub