X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/1fd9cef9dd054bde484f05dd3b95898ad2c2806b..1a9376721557a63bac53fdc748683486511a2717:/local.m4 diff --git a/local.m4 b/local.m4 index 23f12a7..ab8249f 100644 --- a/local.m4 +++ b/local.m4 @@ -90,7 +90,7 @@ m4_divert(-1) ## top nibble of the network number classifies the network, as follows. ## ## 8xxx Untrusted -## 6xxx Virtual +## 6xxx Virtual, safe ## 4xxx Safe ## 0xxx Unsafe, trusted ## @@ -151,7 +151,7 @@ defhost radius iface eth0 dmz unsafe safe untrusted vpn sgo colobdry default iface eth1 dmz unsafe safe untrusted vpn sgo colobdry default iface eth2 dmz unsafe safe untrusted vpn sgo colobdry - iface eth3 untrusted vpn default + iface eth3 unsafe untrusted vpn default iface ppp0 default iface t6-he default iface vpn-precision colobdry vpn sgo @@ -167,13 +167,13 @@ defhost artist hosttype router iface eth0 dmz unsafe untrusted iface eth1 dmz unsafe untrusted - iface eth3 untrusted + iface eth3 unsafe untrusted defhost vampire hosttype router iface eth0.4 dmz unsafe untrusted safe vpn sgo colobdry iface eth0.5 dmz unsafe untrusted safe vpn sgo colobdry iface eth0.6 dmz unsafe safe untrusted vpn sgo colobdry - iface eth0.7 untrusted + iface eth0.7 unsafe untrusted vpn iface vpn-precision colobdry vpn sgo iface vpn-chiark sgo iface vpn-+ vpn @@ -222,6 +222,8 @@ defhost telecaster defhost stratocaster iface eth0 jump colo iface eth1 jump colo +defhost jaguar + iface eth0 jump defhost jazz hosttype router iface eth0 jump colo vpn @@ -241,9 +243,9 @@ defnet sgo noloop defnet vpn safe addr 172.29.199.128/27 2001:ba8:1d9:6000::/64 via househub colohub - host crybaby 1 - host terror 2 - host orange 3 + host crybaby 1 ::1:1 + host terror 2 ::2:1 + host orange 3 ::3:1 defnet anycast trusted addr 172.29.199.224/27 2001:ba8:1d9:0::/64 via dmz unsafe safe untrusted jump colo vpn @@ -258,6 +260,19 @@ defnet binswood noloop addr 10.165.27.0/24 via colohub +defhost mango + hosttype router + iface eth0 binswood default + iface vpn-precision colo + +m4_divert(80)m4_dnl +###-------------------------------------------------------------------------- +### Connection tracking helper modules. + +for i in ftp; do + modprobe nf_conntrack_$i +done + m4_divert(80)m4_dnl ###-------------------------------------------------------------------------- ### Special forwarding exemptions.