From 422ec1b21e2cd6ff4f7cb1a14af49ca92eb68ac5 Mon Sep 17 00:00:00 2001 Message-Id: <422ec1b21e2cd6ff4f7cb1a14af49ca92eb68ac5.1717480929.git.mdw@distorted.org.uk> From: Mark Wooding Date: Sun, 9 May 2010 17:09:51 +0100 Subject: [PATCH] local.m4: Put the default network stanza at the end. Organization: Straylight/Edgeware From: Mark Wooding Otherwise packets get mistakenly classified as being to-untrusted and stuff doesn't work properly. Most notably, forwarding between VPN hosts fails. --- local.m4 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/local.m4 b/local.m4 index 8e7bd1e..0d38497 100644 --- a/local.m4 +++ b/local.m4 @@ -38,10 +38,6 @@ m4_divert(-1)m4_dnl m4_divert(46)m4_dnl ## Networks and routing. -defiface $if_trusted \ - trusted:172.29.199.0/26 \ - safe:172.29.199.64/27 \ - untrusted:default defiface $if_untrusted \ untrusted:172.29.198.0/25 defvpn $if_vpn safe 172.29.199.128/27 \ @@ -50,6 +46,10 @@ defvpn $if_vpn safe 172.29.199.128/27 \ defiface $if_iodine untrusted:172.29.198.128/28 defiface $if_its_mz safe:172.29.199.160/30 defiface $if_its_pi safe:192.168.0.0/24 +defiface $if_trusted \ + trusted:172.29.199.0/26 \ + safe:172.29.199.64/27 \ + untrusted:default m4_divert(60)m4_dnl ###-------------------------------------------------------------------------- -- [mdw]