X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/4d0888c3de7cc02ae6cc6556358eff7b86bf46d3..12ac65a1e0d1d8083bdbf50154248a0c5110a2b2:/local.m4

diff --git a/local.m4 b/local.m4
index b321cde..27caa44 100644
--- a/local.m4
+++ b/local.m4
@@ -38,17 +38,18 @@ m4_divert(-1)m4_dnl
 m4_divert(46)m4_dnl
 ## Networks and routing.
 
-defiface $if_trusted \
-	trusted:172.29.199.0/26 \
-	safe:172.29.199.64/27 \
-	untrusted:default
 defiface $if_untrusted \
 	untrusted:172.29.198.0/25
 defvpn $if_vpn safe 172.29.199.128/27 \
-	crybaby:172.29.199.129
+	crybaby:172.29.199.129 \
+	terror:172.29.199.130
 defiface $if_iodine untrusted:172.29.198.128/28
 defiface $if_its_mz safe:172.29.199.160/30
 defiface $if_its_pi safe:192.168.0.0/24
+defiface $if_trusted \
+	trusted:172.29.199.0/26 \
+	safe:172.29.199.64/27 \
+	untrusted:default
 
 m4_divert(60)m4_dnl
 ###--------------------------------------------------------------------------
@@ -65,7 +66,7 @@ run iptables -A FORWARD -j ACCEPT \
 
 ## Allow SSH from safe/noloop to untrusted networks.
 run iptables -A FORWARD -j ACCEPT \
-    	-p tcp ! -f --destination-port $port_ssh \
+	-p tcp ! -f --destination-port $port_ssh \
 	-m mark --mark $to_untrusted/$MASK_TO
 run iptables -A FORWARD -j ACCEPT \
 	-p tcp ! -f --source-port $port_ssh \