~mdw / firewall / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a0ade6f) | patch
Major network restructuring.
authorMark Wooding <mdw@distorted.org.uk>
Sun, 10 Jul 2011 20:57:12 +0000 (21:57 +0100)
committerMark Wooding <mdw@distorted.org.uk>
Sun, 10 Jul 2011 21:13:23 +0000 (22:13 +0100)
commit08926d25f80fecabb4ef2b3f1e63b3a361ecdb59
treec33798d6d57cda870d392cbba4b6420df71c106dtree | snapshot (tar.gz zip)
parenta0ade6f121b4a25c327acdaa1ea584f85d1c8845commit | diff
Major network restructuring.

We now have a globally routable /28.  Use this as the DMZ and the
network backbone.  The main servers (ibanez, radius, roadstar, jem,
artist and vampire) are on both the DMZ and the unsafe network.
radius is now the main internal router, though vampire is still on
several networks because it provides DHCP and DNS services.

This new configuration makes essential use of the ability (added to
defiface) to accept multiple interface names by setting lists of names
into the interface variables if_FOO.

There's another aspect of the routing complexity which we must address
here: multicasts can arrive on any of several trusted networks, and we
should accept them all.  (We must cope with interface name lists in the
interface variables here, and deduplicate.)
artist.m4 diff | blob | blame | history
gibson.m4 diff | blob | blame | history
ibanez.m4 diff | blob | blame | history
jem.m4 diff | blob | blame | history
local.m4 diff | blob | blame | history
radius.m4 diff | blob | blame | history
roadstar.m4 diff | blob | blame | history
vampire.m4 diff | blob | blame | history
Firewall scripts for distorted.org.uk.