X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/401b8357d090cef33a394d08ab7794a0d2a73700..a4d8cae3892c13a32f941ef96b24eaa6930500cb:/local.m4

diff --git a/local.m4 b/local.m4
index 2d880b9..399e69c 100644
--- a/local.m4
+++ b/local.m4
@@ -30,14 +30,14 @@ defnetclass untrusted untrusted trusted
 defnetclass trusted untrusted trusted safe noloop
 defnetclass safe trusted safe noloop
 defnetclass noloop trusted safe
-m4_divert(-1)m4_dnl
+m4_divert(-1)
 
+m4_divert(26)m4_dnl
 ###--------------------------------------------------------------------------
 ### Network layout.
 
-m4_divert(46)m4_dnl
-## Networks and routing.
-
+m4_divert(44)m4_dnl
+## Network definitions.
 defiface $if_dmz \
 	trusted:62.49.204.144/28 \
 	trusted:172.29.199.0/25 \
@@ -58,7 +58,7 @@ defiface $if_its_pi safe:192.168.0.0/24
 ## Default NTP servers.
 ntp_servers="158.152.1.76 158.152.1.204 194.159.253.2 195.173.57.232"
 
-m4_divert(60)m4_dnl
+m4_divert(80)m4_dnl
 ###--------------------------------------------------------------------------
 ### Special forwarding exemptions.
 
@@ -105,6 +105,7 @@ run ip6tables -A fwd-spec-nofrag -j ACCEPT \
 	-m state --state ESTABLISHED
 
 m4_divert(60)m4_dnl
+m4_divert(80)m4_dnl
 ###--------------------------------------------------------------------------
 ### Kill things we don't understand properly.
 ###
@@ -119,7 +120,7 @@ run iptables -A FORWARD -g poorly-understood \
 run ip6tables -A FORWARD -g poorly-understood \
 	-d ff::/8
 
-m4_divert(80)m4_dnl
+m4_divert(84)m4_dnl
 ###--------------------------------------------------------------------------
 ### Locally-bound packet inspection.