### `defnetclass'.
### net_inet_NET List of IPv4 address ranges in the network.
### net_inet6_NET List of IPv6 address ranges in the network.
-### net_fwd_NET List of other networks that this one forwards to.
+### net_via_NET List of other networks that this one forwards via.
### net_hosts_NET List of hosts known to be in the network.
### host_inet_HOST IPv4 address of the named HOST.
### host_inet6_HOST IPv6 address of the named HOST.
## defnet NET CLASS
##
-## Define a network. Follow by calls to `addr', `forwards', etc. to define
+## Define a network. Follow by calls to `addr', `via', etc. to define
## properties of the network. Networks are processed in order, so if their
## addresses overlap then the more specific addresses should be defined
## earlier.
done
}
-## forwards NET ...
+## via NET ...
##
## Declare that packets from this network are forwarded to the other NETs.
-forwards () {
- eval "net_fwd_$net=\"$*\""
+via () {
+ eval "net_via_$net=\"$*\""
}
## noxit NET ...
nextnets=""
any=nil
for net in $nets; do
- eval fwd=\$net_fwd_$net
- for n in $fwd; do
+ eval via=\$net_via_$net
+ for n in $via; do
case $seen in *":$n:"*) continue ;; esac
seen=$seen$n:
eval noxit=\$net_noxit_$n
## House networks.
defnet dmz trusted
addr 62.49.204.144/28 2001:470:1f09:1b98::/64
- forwards unsafe untrusted
+ via unsafe untrusted
defnet unsafe trusted
addr 172.29.199.0/25 2001:470:9740:1::/64
- forwards househub
+ via househub
defnet safe safe
addr 172.29.199.192/27 2001:470:9740:4001::/64
- forwards househub
+ via househub
defnet untrusted untrusted
addr 172.29.198.0/25 2001:470:9740:8001::/64
- forwards househub
+ via househub
defnet househub virtual
- forwards housebdry dmz unsafe safe untrusted
+ via housebdry dmz unsafe safe untrusted
defnet housebdry virtual
- forwards househub hub
+ via househub hub
noxit dmz
## House hosts.
## Colocated networks.
defnet jump trusted
addr 212.13.198.64/28 2001:ba8:0:1d9::/64
- forwards colohub
+ via colohub
defnet colo trusted
addr 172.29.199.176/28 2001:ba8:1d9:2::/64
- forwards colohub
+ via colohub
defnet colohub virtual
- forwards colobdry jump colo iodine
+ via colobdry jump colo iodine
defnet colobdry virtual
- forwards colohub hub
+ via colohub hub
noxit jump
defnet iodine untrusted
addr 172.29.198.128/28
- forwards colohub
+ via colohub
## Colocated hosts.
defhost fender
## Other networks.
defnet hub virtual
- forwards housebdry colobdry
+ via housebdry colobdry
defnet sgo noloop
addr !172.29.198.0/23
addr 10.0.0.0/8
addr 172.16.0.0/12
addr 192.168.0.0/16
- forwards househub colohub
+ via househub colohub
defnet vpn safe
addr 172.29.199.128/27 2001:ba8:1d9:6000::/64
- forwards househub colohub
+ via househub colohub
host crybaby 1
host terror 2
host orange 3
defnet anycast trusted
addr 172.29.199.224/27 2001:ba8:1d9:0::/64
- forwards dmz unsafe safe untrusted jump colo vpn
+ via dmz unsafe safe untrusted jump colo vpn
defnet default untrusted
addr 62.49.204.144/28 2001:470:1f09:1b98::/64
addr 212.13.198.64/28 2001:ba8:0:1d9::/64
addr 2001:ba8:1d9::/48 #temporary
- forwards dmz unsafe untrusted jump colo
+ via dmz unsafe untrusted jump colo
m4_divert(80)m4_dnl
###--------------------------------------------------------------------------
~mdw / firewall / commitdiff