Extend firewalling doc to talk about restricted ssh (rt#6881)

diff --git a/input/doc/firewall.mdwn b/input/doc/firewall.mdwn
index 939023e..c56a189 100644 (file)
--- a/input/doc/firewall.mdwn
+++ b/input/doc/firewall.mdwn
@@ -1,5 +1,17 @@
-Third party firewalling debian.org hosts
-========================================
+Firewalling debian.org hosts
+============================
+
+Debian's own firewalling
+------------------------
+
+A number of hosts have incoming ssh connections restricted to some subnets.
+In particular, this includes mirrors, buildds and DSA's gitolite host.  To
+connect to those machines, users can hop through master.debian.org or
+people.debian.org.
+
+
+Third party firewalling
+-----------------------
 
 In Debian we rely on sponsors for providing housing and hosting for all
 of our infrastructure.  As such, we have a lot of our gear spread out
@@ -39,4 +51,4 @@ In these cases we usually ask for the following setup:
 Extra ports might be required for specific services.
 
 ---
-Fri, 26 Jul 2013 22:43:36 +0200
+Sat, 04 Nov 2017 19:34:24 +0000

diff --git a/input/index.mdwn b/input/index.mdwn
index 1e3f1a8..5c71a98 100644 (file)
--- a/input/index.mdwn
+++ b/input/index.mdwn
@@ -27,6 +27,7 @@ ticket.
 * [how to request guest access to porter machines](doc/guest-account)
 * [how to use schroot on porter machines](doc/schroot)
 * [how to manage service subdomains](doc/subdomains)
+* [firewalling](doc/firewall)
 
 ## documentation for contributors