X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/1fd9cef9dd054bde484f05dd3b95898ad2c2806b..49b81a663c69fd67ec8cf8739602b5dbe287486e:/local.m4

diff --git a/local.m4 b/local.m4
index 23f12a7..288769c 100644
--- a/local.m4
+++ b/local.m4
@@ -90,7 +90,7 @@ m4_divert(-1)
 ## top nibble of the network number classifies the network, as follows.
 ##
 ## 8xxx		Untrusted
-## 6xxx		Virtual
+## 6xxx		Virtual, safe
 ## 4xxx		Safe
 ## 0xxx		Unsafe, trusted
 ##
@@ -143,7 +143,6 @@ defnet househub virtual
 	via housebdry dmz unsafe safe untrusted
 defnet housebdry virtual
 	via househub hub
-	noxit dmz
 
 ## House hosts.
 defhost radius
@@ -151,7 +150,7 @@ defhost radius
 	iface eth0 dmz unsafe safe untrusted vpn sgo colobdry default
 	iface eth1 dmz unsafe safe untrusted vpn sgo colobdry default
 	iface eth2 dmz unsafe safe untrusted vpn sgo colobdry
-	iface eth3 untrusted vpn default
+	iface eth3 unsafe untrusted vpn default
 	iface ppp0 default
 	iface t6-he default
 	iface vpn-precision colobdry vpn sgo
@@ -167,13 +166,13 @@ defhost artist
 	hosttype router
 	iface eth0 dmz unsafe untrusted
 	iface eth1 dmz unsafe untrusted
-	iface eth3 untrusted
+	iface eth3 unsafe untrusted
 defhost vampire
 	hosttype router
 	iface eth0.4 dmz unsafe untrusted safe vpn sgo colobdry
 	iface eth0.5 dmz unsafe untrusted safe vpn sgo colobdry
 	iface eth0.6 dmz unsafe safe untrusted vpn sgo colobdry
-	iface eth0.7 untrusted
+	iface eth0.7 unsafe untrusted vpn
 	iface vpn-precision colobdry vpn sgo
 	iface vpn-chiark sgo
 	iface vpn-+ vpn
@@ -183,6 +182,8 @@ defhost ibanez
 defhost orange
 	iface wlan0 untrusted
 	iface vpn-radius unsafe
+defhost groove
+	iface eth0 unsafe
 
 defhost gibson
 	hosttype client
@@ -199,7 +200,6 @@ defnet colohub virtual
 	via colobdry jump colo
 defnet colobdry virtual
 	via colohub hub
-	noxit jump
 defnet iodine untrusted
 	addr 172.29.198.128/28
 	via colohub
@@ -222,6 +222,8 @@ defhost telecaster
 defhost stratocaster
 	iface eth0 jump colo
 	iface eth1 jump colo
+defhost jaguar
+	iface eth0 jump
 defhost jazz
 	hosttype router
 	iface eth0 jump colo vpn
@@ -241,9 +243,10 @@ defnet sgo noloop
 defnet vpn safe
 	addr 172.29.199.128/27 2001:ba8:1d9:6000::/64
 	via househub colohub
-	host crybaby 1
-	host terror 2
-	host orange 3
+	host crybaby 1 ::1:1
+	host terror 2 ::2:1
+	host orange 3 ::3:1
+	host haze 4 ::4:1
 defnet anycast trusted
 	addr 172.29.199.224/27 2001:ba8:1d9:0::/64
 	via dmz unsafe safe untrusted jump colo vpn
@@ -258,6 +261,19 @@ defnet binswood noloop
 	addr 10.165.27.0/24
 	via colohub
 
+defhost mango
+	hosttype router
+	iface eth0 binswood default
+	iface vpn-precision colo
+
+m4_divert(80)m4_dnl
+###--------------------------------------------------------------------------
+### Connection tracking helper modules.
+
+for i in ftp; do
+  modprobe nf_conntrack_$i
+done
+
 m4_divert(80)m4_dnl
 ###--------------------------------------------------------------------------
 ### Special forwarding exemptions.