X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/9853a66dff786eabd7c12e85b468946fd5587f69..eecc0daae4d78c7998a89f667cfd498780504c25:/local.m4 diff --git a/local.m4 b/local.m4 index 53444f9..78e63d4 100644 --- a/local.m4 +++ b/local.m4 @@ -112,10 +112,11 @@ m4_divert(-1) ## Define the available network classes. m4_divert(42)m4_dnl -defnetclass untrusted untrusted trusted mcast -defnetclass trusted untrusted trusted safe noloop mcast -defnetclass safe trusted safe noloop mcast -defnetclass noloop trusted safe mcast +defnetclass untrusted untrusted trusted mcast +defnetclass trusted untrusted trusted safe noloop mcast +defnetclass safe trusted safe noloop mcast +defnetclass noloop trusted safe mcast + defnetclass link defnetclass mcast m4_divert(-1) @@ -150,7 +151,7 @@ defhost radius iface eth0 dmz unsafe safe untrusted vpn sgo colobdry default iface eth1 dmz unsafe safe untrusted vpn sgo colobdry default iface eth2 dmz unsafe safe untrusted vpn sgo colobdry - iface eth3 untrusted vpn default + iface eth3 unsafe untrusted vpn default iface ppp0 default iface t6-he default iface vpn-precision colobdry vpn sgo @@ -166,13 +167,13 @@ defhost artist hosttype router iface eth0 dmz unsafe untrusted iface eth1 dmz unsafe untrusted - iface eth3 untrusted + iface eth3 unsafe untrusted defhost vampire hosttype router iface eth0.4 dmz unsafe untrusted safe vpn sgo colobdry iface eth0.5 dmz unsafe untrusted safe vpn sgo colobdry iface eth0.6 dmz unsafe safe untrusted vpn sgo colobdry - iface eth0.7 untrusted + iface eth0.7 unsafe untrusted vpn iface vpn-precision colobdry vpn sgo iface vpn-chiark sgo iface vpn-+ vpn @@ -211,6 +212,7 @@ defhost precision hosttype router iface eth0 jump colo vpn sgo iface eth1 jump colo vpn sgo + iface vpn-mango binswood iface vpn-radius housebdry vpn sgo iface vpn-chiark sgo iface vpn-+ vpn @@ -251,6 +253,16 @@ defnet default untrusted addr 2001:ba8:1d9::/48 #temporary via dmz unsafe untrusted jump colo +## Satellite networks. +defnet binswood noloop + addr 10.165.27.0/24 + via colohub + +defhost mango + hosttype router + iface eth0 binswood default + iface vpn-precision colo + m4_divert(80)m4_dnl ###-------------------------------------------------------------------------- ### Special forwarding exemptions.