local.m4: Protect the `untrusted' network from incoming requests.

Currently the untrusted network is vulnerable to incoming hostile IPv6
requests, and only protected from IPv4 by NAT.

I don't think it's especially useful to allow untrusted hosts to
provide externally facing services, so rather than deploy a new
network, I'm just going to change the policy for the existing one, and
forbid new connections and UDP traffic to untrusted hosts.  This
involves splitting out a separate network class for the external
Internet, which is now `scary'.