From: Mark Wooding Date: Sat, 17 Mar 2012 16:04:22 +0000 (+0000) Subject: Merge branch 'master' into emergency X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/commitdiff_plain/d8e37f37a3d09961f5bb0ab438e5ed2becba736d?hp=-c Merge branch 'master' into emergency * master: local.m4: Declare network for anycast services. local.m4: Reorder forwarding networks for `default'. local.m4: Move `vpn' to the common networks section. --- d8e37f37a3d09961f5bb0ab438e5ed2becba736d diff --combined local.m4 index 0705fb2,3e33b3b..3a52c1b --- a/local.m4 +++ b/local.m4 @@@ -60,11 -60,6 +60,6 @@@ defnet safe saf defnet untrusted untrusted addr 172.29.198.0/25 2001:470:9740:8001::/64 forwards househub - defnet vpn safe - addr 172.29.199.128/27 2001:ba8:1d9:6000::/64 - forwards househub colohub - host crybaby 1 - host terror 2 defnet iodine untrusted addr 172.29.198.128/28 @@@ -76,7 -71,7 +71,7 @@@ defnet housebdry virtua ## House hosts. defhost radius - router + hosttype router iface eth0 dmz unsafe safe iface eth1 dmz unsafe safe iface eth2 safe @@@ -91,21 -86,19 +86,21 @@@ defhost artis iface eth0 dmz unsafe iface eth1 dmz unsafe defhost vampire - router - iface eth0.0 dmz unsafe safe - iface eth0.1 dmz unsafe safe + hosttype router + iface eth0.0 dmz unsafe safe default + iface eth0.1 dmz unsafe safe default iface eth0.2 safe - iface eth0.3 untrusted + iface eth0.3 untrusted default iface dns0 dns iface vpn-+ vpn iface vpn-precision colobdry vpn + iface t6-he default defhost ibanez iface br-dmz dmz unsafe iface br-unsafe unsafe defhost gibson + hosttype client iface eth0 unsafe ## Colocated networks. @@@ -126,7 -119,7 +121,7 @@@ defhost fende iface br-jump jump colo iface br-colo jump colo defhost precision - router + hosttype router iface eth0 jump colo iface eth1 jump colo iface vpn-+ vpn @@@ -144,11 -137,19 +139,19 @@@ defhost jaz ## Other networks. defnet hub virtual forwards housebdry colobdry + defnet vpn safe + addr 172.29.199.128/27 2001:ba8:1d9:6000::/64 + forwards househub colohub + host crybaby 1 + host terror 2 + defnet anycast trusted + addr 172.29.199.224/27 2001:ba8:1d9:0::/64 + forwards dmz unsafe safe untrusted jump colo vpn defnet default untrusted addr 62.49.204.144/28 2001:470:1f09:1b98::/64 addr 212.13.198.64/28 2001:ba8:0:1d9::/64 addr 2001:ba8:1d9::/48 #temporary - forwards dmz untrusted unsafe jump colo + forwards dmz unsafe untrusted jump colo m4_divert(80)m4_dnl ###--------------------------------------------------------------------------