X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=input%2Fdoc%2Ffirewall.mdwn;h=939023e66c51341468dc3fa3d1a6bc2a1bd03682;hb=6159c86df1d06d84b8a83d5d3b913eb6a835046f;hp=b0872729d6a28e1b9b3e327c77d42c253daba65b;hpb=8aeebf1c97b360babf5aef578d04b054ac451fef;p=mirror%2Fdsa-wiki.git diff --git a/input/doc/firewall.mdwn b/input/doc/firewall.mdwn index b087272..939023e 100644 --- a/input/doc/firewall.mdwn +++ b/input/doc/firewall.mdwn @@ -17,21 +17,26 @@ Science department hosts our machine but central IT which controls the University's border routers think ICMP is the devil's doing). In these cases we usually ask for the following setup: - * allow all outgoing traffic - * allow incoming ICMP - * allow incoming tcp/22 (ssh) - * allow all incoming from - ** bytemark: 5.153.231.0/24 - ** grnet: 194.177.211.192/27 - ** man-da: 82.195.75.64/26 - ** sil: 86.59.118.144/28 - ** ubcece: 206.12.19.5.0/24 - ** bytemark: - ** grnet: 2001:648:2ffc:deb::/64 - ** man-da: 2001:41b8:202:deb::/64 - ** sil: 2001:858:2:2::/64 - ** ubcece: 2607:f8f0:610:4000::/64 -Extra ports might be required for specific services. +* allow all outgoing traffic +* allow incoming ICMP +* allow incoming tcp/22 (ssh) +* allow all incoming from + * bytemark: 5.153.231.0/24 + * grnet: 194.177.211.192/27 + * man-da: 82.195.75.64/26 + * sil: 86.59.118.144/28 + * ubcece: 206.12.19.0/24 + * ubc: 209.87.16.0/24 + * bytemark: 2001:41c8:1000::/48 + * grnet: 2001:648:2ffc:deb::/64 + * man-da: 2001:41b8:202:deb::/64 + * sil: 2001:858:2:2::/64 + * ubcece: 2607:f8f0:610:4000::/64 + * ubc: 2607:F8F0:614:1::/64 +* allow all return traffic on tcp/udp/etc. +Extra ports might be required for specific services. +--- +Fri, 26 Jul 2013 22:43:36 +0200