Merge remote-tracking branch 'origin' into emergency

[firewall] / local.m4

diff --git a/local.m4 b/local.m4
index 3a52c1b191c4b49c3d8a7e20d4a813e6ceaa06fa..ba09c391e82b15f1d27e573a978063f5d971c4bc 100644 (file)
--- a/local.m4
+++ b/local.m4
@@ -91,10 +91,10 @@ defhost vampire
        iface eth0.1 dmz unsafe safe default
        iface eth0.2 safe
        iface eth0.3 untrusted default
        iface eth0.1 dmz unsafe safe default
        iface eth0.2 safe
        iface eth0.3 untrusted default

-       iface dns0 dns
-       iface vpn-+ vpn
+       iface dns0 iodine

        iface vpn-precision colobdry vpn
        iface vpn-precision colobdry vpn

-       iface t6-he default
+       iface vpn-chiark sgo
+       iface vpn-+ vpn

 defhost ibanez
        iface br-dmz dmz unsafe
        iface br-unsafe unsafe
 defhost ibanez
        iface br-dmz dmz unsafe
        iface br-unsafe unsafe


@@ -124,8 +124,9 @@ defhost precision
        hosttype router
        iface eth0 jump colo
        iface eth1 jump colo
        hosttype router
        iface eth0 jump colo
        iface eth1 jump colo

-       iface vpn-+ vpn

        iface vpn-vampire housebdry vpn
        iface vpn-vampire housebdry vpn

+       iface vpn-chiark sgo
+       iface vpn-+ vpn

 defhost telecaster
        iface eth0 jump colo
        iface eth1 jump colo
 defhost telecaster
        iface eth0 jump colo
        iface eth1 jump colo


@@ -139,6 +140,12 @@ defhost jazz
 ## Other networks.
 defnet hub virtual
        forwards housebdry colobdry
 ## Other networks.
 defnet hub virtual
        forwards housebdry colobdry

+defnet sgo noloop
+       addr !172.29.198.0/23
+       addr 10.0.0.0/8
+       addr 172.16.0.0/12
+       addr 192.168.0.0/16
+       forwards househub colohub

 defnet vpn safe
        addr 172.29.199.128/27 2001:ba8:1d9:6000::/64
        forwards househub colohub
 defnet vpn safe
        addr 172.29.199.128/27 2001:ba8:1d9:6000::/64
        forwards househub colohub