## 172.29.198.0/24 Untrusted networks.
## .0/25 house wireless net
## .128/28 iodine (IP-over-DNS) network
+## .144/28 hippotat (IP-over-HTTP) network
## .160/27 untrusted virtual network
##
## 172.29.199.0/24 Trusted networks.
defnet iodine untrusted
addr 172.29.198.128/28
via colohub
+defnet hippotat untrusted
+ addr 172.29.198.144/28
+ via colohub
## Colocated hosts.
defhost fender
iface eth0 jump colo vpn
iface eth1 jump colo vpn
iface dns0 iodine
+ iface hippo-svc hippotat
iface vpn-+ vpn
## Other networks.
openports inbound
## Inspect inbound packets from untrusted sources.
-run ip46tables -A inbound -j forbidden
+run ip46tables -A inbound -g forbidden
run ip46tables -A INPUT -m mark --mark $from_scary/$MASK_FROM -g inbound
run ip46tables -A INPUT -m mark --mark $from_untrusted/$MASK_FROM -g inbound