chiark / gitweb /
~mdw / firewall / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1264e91)
local.m4: A new network for the SGO VPN.
authorMark Wooding <mdw@distorted.org.uk>
Fri, 23 Mar 2012 16:04:22 +0000 (16:04 +0000)
committerMark Wooding <mdw@distorted.org.uk>
Fri, 23 Mar 2012 18:52:13 +0000 (18:52 +0000)
local.m4 patch | blob | blame | history

diff --git a/local.m4 b/local.m4
index 3e33b3b3bda5178865938befb9d4e717a916c425..357043b17379576ff26e0e16ef45505b21acec85 100644 (file)
--- a/local.m4
+++ b/local.m4
@@ -91,9 +91,10 @@ defhost vampire
        iface eth0.1 dmz unsafe safe
        iface eth0.2 safe
        iface eth0.3 untrusted
        iface eth0.1 dmz unsafe safe
        iface eth0.2 safe
        iface eth0.3 untrusted
-       iface dns0 dns
-       iface vpn-+ vpn
+       iface dns0 iodine
        iface vpn-precision colobdry vpn
        iface vpn-precision colobdry vpn
+       iface vpn-chiark sgo
+       iface vpn-+ vpn
 defhost ibanez
        iface br-dmz dmz unsafe
        iface br-unsafe unsafe
 defhost ibanez
        iface br-dmz dmz unsafe
        iface br-unsafe unsafe
@@ -122,8 +123,9 @@ defhost precision
        router
        iface eth0 jump colo
        iface eth1 jump colo
        router
        iface eth0 jump colo
        iface eth1 jump colo
-       iface vpn-+ vpn
        iface vpn-vampire housebdry vpn
        iface vpn-vampire housebdry vpn
+       iface vpn-chiark sgo
+       iface vpn-+ vpn
 defhost telecaster
        iface eth0 jump colo
        iface eth1 jump colo
 defhost telecaster
        iface eth0 jump colo
        iface eth1 jump colo
@@ -137,6 +139,12 @@ defhost jazz
 ## Other networks.
 defnet hub virtual
        forwards housebdry colobdry
 ## Other networks.
 defnet hub virtual
        forwards housebdry colobdry
+defnet sgo noloop
+       addr !172.29.198.0/23
+       addr 10.0.0.0/8
+       addr 172.16.0.0/12
+       addr 192.168.0.0/16
+       forwards househub colohub
 defnet vpn safe
        addr 172.29.199.128/27 2001:ba8:1d9:6000::/64
        forwards househub colohub
 defnet vpn safe
        addr 172.29.199.128/27 2001:ba8:1d9:6000::/64
        forwards househub colohub
Firewall scripts for distorted.org.uk.