X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=input%2Fdoc%2Ffirewall.mdwn;h=9b13d95e6e67defecb2ad88848c912f893b79a23;hb=0005b5d0b23ab73cb26f508733fbc3c6d54de56b;hp=5f71914322ca0c73d2a90127bd0952459c36e39c;hpb=a4e39f9ca59b00dec1dad73126634bceae0526be;p=mirror%2Fdsa-wiki.git

diff --git a/input/doc/firewall.mdwn b/input/doc/firewall.mdwn
index 5f71914..9b13d95 100644
--- a/input/doc/firewall.mdwn
+++ b/input/doc/firewall.mdwn
@@ -1,5 +1,17 @@
-Third party firewalling debian.org hosts
-========================================
+Firewalling debian.org hosts
+============================
+
+Debian's own firewalling
+------------------------
+
+A number of hosts have incoming ssh connections restricted to some subnets.
+In particular, this includes mirrors, buildds and DSA's gitolite host.  To
+connect to those machines, users can hop through master.debian.org or
+people.debian.org.
+
+
+Third party firewalling
+-----------------------
 
 In Debian we rely on sponsors for providing housing and hosting for all
 of our infrastructure.  As such, we have a lot of our gear spread out
@@ -25,14 +37,20 @@ In these cases we usually ask for the following setup:
   * bytemark: 5.153.231.0/24
   * grnet: 194.177.211.192/27
   * man-da: 82.195.75.64/26
+  * osuosl: 140.211.166.192/27
   * sil: 86.59.118.144/28
-  * ubcece: 206.12.19.5.0/24
+  * ubcece: 206.12.19.0/24
+  * ubc: 209.87.16.0/24
   * bytemark: 2001:41c8:1000::/48
   * grnet: 2001:648:2ffc:deb::/64
   * man-da: 2001:41b8:202:deb::/64
+  * osuosl: 2605:bc80:3010:b00::/64
   * sil: 2001:858:2:2::/64
   * ubcece: 2607:f8f0:610:4000::/64
+  * ubc: 2607:F8F0:614:1::/64
+* allow all return traffic on tcp/udp/etc.
 
 Extra ports might be required for specific services.
 
-
+---
+Sat, 04 Nov 2017 19:34:24 +0000