From: Mark Wooding <mdw@distorted.org.uk>
Date: Thu, 1 Oct 2015 07:14:21 +0000 (+0100)
Subject: local.m4: New address range for untrusted VPN hosts.
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/firewall/commitdiff_plain/42f784e269e56ef394744bd64eb8f411f4acbcf6

local.m4: New address range for untrusted VPN hosts.
---

diff --git a/local.m4 b/local.m4
index aeda659..e456e77 100644
--- a/local.m4
+++ b/local.m4
@@ -54,6 +54,7 @@ m4_divert(-1)
 ## 172.29.198.0/24  Untrusted networks.
 ##	.0/25		house wireless net
 ##	.128/28		iodine (IP-over-DNS) network
+##	.160/27		untrusted virtual network
 ##
 ## 172.29.199.0/24  Trusted networks.
 ##	.0/25		house wired network
@@ -89,6 +90,7 @@ m4_divert(-1)
 ## The /48s are split into /64s by appending a 16-bit network number.  The
 ## top nibble of the network number classifies the network, as follows.
 ##
+## axxx		Virtual, untrusted
 ## 8xxx		Untrusted
 ## 6xxx		Virtual, safe
 ## 4xxx		Safe
@@ -257,12 +259,14 @@ defnet default scary
 	addr 212.13.198.64/28 2001:ba8:0:1d9::/64
 	addr 2001:ba8:1d9::/48 #temporary
 	via dmz unsafe untrusted jump colo
+defnet upn untrusted
+	addr 172.29.198.160/27 2001:ba8:1d9:a000::/64
+	via colohub
 
 ## Satellite networks.
 defnet binswood noloop
 	addr 10.165.27.0/24
 	via colohub
-
 defhost mango
 	hosttype router
 	iface eth0 binswood default