University's border routers think ICMP is the devil's doing).
In these cases we usually ask for the following setup:
- * allow all outgoing traffic
- * allow incoming ICMP
- * allow incoming tcp/22 (ssh)
- * allow all incoming from
- ** bytemark: 5.153.231.0/24
- ** grnet: 194.177.211.192/27
- ** man-da: 82.195.75.64/26
- ** sil: 86.59.118.144/28
- ** ubcece: 206.12.19.5.0/24
- ** bytemark:
- ** grnet: 2001:648:2ffc:deb::/64
- ** man-da: 2001:41b8:202:deb::/64
- ** sil: 2001:858:2:2::/64
- ** ubcece: 2607:f8f0:610:4000::/64
+ * allow all outgoing traffic
+ * allow incoming ICMP
+ * allow incoming tcp/22 (ssh)
+ * allow all incoming from
+ ** bytemark: 5.153.231.0/24
+ ** grnet: 194.177.211.192/27
+ ** man-da: 82.195.75.64/26
+ ** sil: 86.59.118.144/28
+ ** ubcece: 206.12.19.5.0/24
+ ** bytemark:
+ ** grnet: 2001:648:2ffc:deb::/64
+ ** man-da: 2001:41b8:202:deb::/64
+ ** sil: 2001:858:2:2::/64
+ ** ubcece: 2607:f8f0:610:4000::/64
Extra ports might be required for specific services.