| 2018-12-26 |
Mark Wooding | local.mk: Reinstate mango. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2017-10-02 |
Mark Wooding | local.m4: Filter out source routing in the firewall. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2017-10-02 |
Mark Wooding | local.m4: Don't expect `forbidden' to return. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2017-10-01 |
Mark Wooding | local.m4: Add the `hippotat' network. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2017-10-01 |
Mark Wooding | classify.m4: Note the older site-local IPv6 range. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2017-10-01 |
Mark Wooding | classify.m4: Fix typo in commentary. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2017-09-22 |
Mark Wooding | telecaster.m4: Open the old (implicit-TLS) `ftps' port. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2017-09-22 |
Mark Wooding | roadstar.m4, telecaster.m4: No need to open the `ftp_da... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2017-07-02 |
Mark Wooding | base.m4: Improve LSB header to delay firewall shutdown. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2016-10-22 |
Mark Wooding | local.m4: gibson uses untagged packets for the unsafe... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2016-07-01 |
Mark Wooding | local.m4: Designate `vpn' as `trusted' rather than... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2016-07-01 |
Mark Wooding | national.m4: Configure as an authoritative DNS server. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2016-07-01 |
Mark Wooding | Finish the switchover to Andrews & Arnold. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2016-07-01 |
Mark Wooding | fender.m4: Fix silly typo in comment. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2016-06-27 |
Mark Wooding | local.m4: Prepare for switchover to A&A. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2016-06-27 |
Mark Wooding | local.m4: Fix whitespace oddity. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2016-06-15 |
Mark Wooding | fender.m4: Provide NTP service to untrusted clients. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2016-02-07 |
Mark Wooding | New host universe. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2015-10-01 |
Mark Wooding | local.m4, local.mk, national.m4: New virtual host ... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2015-10-01 |
Mark Wooding | local.m4: New address range for untrusted VPN hosts. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2015-05-11 |
Mark Wooding | functions.m4 (ntpclient): Handle NTP servers with IPv6... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2015-05-11 |
Mark Wooding | local.m4: Allow IPv6 ping separately. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2015-04-01 |
Mark Wooding | telecaster.m4: External SMTP service for mailing lists. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2015-04-01 |
Mark Wooding | local.mk: Remove orange and mango. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2015-04-01 |
Mark Wooding | jem.m4, vampire.m4: Cull some external services. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2015-04-01 |
Mark Wooding | local.m4: gibson now uses explicit VLAN tagging. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2015-03-26 |
Mark Wooding | functions.m4: Only call `allow-non-init-frag' on fragments. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2015-03-26 |
Mark Wooding | jaguar.m4, local.m4: Remove jaguar completely. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2015-03-19 |
Mark Wooding | jem.m4: External rsync service. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2015-03-19 |
Mark Wooding | radius.m4: Stop MSS clamping on egress now the external... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2015-02-28 |
Mark Wooding | local.m4: Reinstate detailed filtering from scary networks. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2015-02-24 |
Mark Wooding | local.m4: Inbound restriction on untrusted is no longer... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2015-02-16 |
Mark Wooding | local.m4: Protect the `untrusted' network from incoming... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2015-02-16 |
Mark Wooding | classify.m4: Fix some typos in the commentary. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2015-02-09 |
Mark Wooding | jazz.m4, numbers.m4: Expose the OpenPGP key server. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2015-02-07 |
Mark Wooding | local.m4: Proper configuration for groove. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2015-02-07 |
Mark Wooding | groove.m4: New host. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2015-02-07 |
Mark Wooding | artist.m4: Further Rygel hacking. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2014-09-05 |
Mark Wooding | artist.m4: Punch a hole for Rygel service to local... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2014-07-15 |
Mark Wooding | local.m4: Boundary network addresses can legitimately... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2014-07-15 |
Mark Wooding | stratocaster.m4: Permit incoming finger. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2014-06-29 |
Mark Wooding | local.m4: Load connection tracking modules as standard. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2014-04-27 |
Mark Wooding | classify.m4: Forbid the v4-mapped and v4-compatible... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2014-04-21 |
Mark Wooding | local.m4: Move VPN hosts to ...:1. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2014-04-20 |
Mark Wooding | telecaster.m4: Allow external DNS service. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2014-04-19 |
Mark Wooding | local.m4: Replacing IPv6 host routes with /112 networks. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2014-04-18 |
Mark Wooding | local.m4: Mention that the IPv6 VPN net is logically... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2014-04-18 |
Mark Wooding | icmp.m4: Actually track the correct ICMPv6 protocol. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2014-03-08 |
Mark Wooding | Makefile: Explicit stdin from terminal, so `make -j... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2014-03-08 |
Mark Wooding | fender.m4: BCP38 source-address filtering, at ebtables... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2014-03-08 |
Mark Wooding | fender.m4: Reformat the ebtables hacking a bit. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2014-03-08 |
Mark Wooding | functions.m4, radius.m4: BCP38 filtering for outbound... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2014-03-07 |
Mark Wooding | base.m4: Run firewall after local filesystems are mounted. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2014-02-12 |
Mark Wooding | numbers.m4, stratocaster.m4: Public-facing IMAP server. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2014-01-07 |
Mark Wooding | numbers.m4, telecaster.m4: TLS-enabled web cache. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-09-10 |
Mark Wooding | local.mk: jaguar's firewall is maintained locally now. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-09-04 |
Mark Wooding | fender.m4: Trap bad source IP addresses at the ethernet... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-09-02 |
Mark Wooding | jazz.m4: Allow iodine hosts NATed internet access. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-09-02 |
Mark Wooding | jaguar.m4, local.m4, local.mk: New host. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-05-06 |
Mark Wooding | telecaster.m4: Rate-limit incoming ICP. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-05-06 |
Mark Wooding | functions.m4: Partially cope with ipset(8) command... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-04-19 |
Mark Wooding | numbers.m4, telecaster.m4: Expose the Squid ICP port. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-04-19 |
Mark Wooding | mango.m4: Reverse NAT into the main network. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-04-19 |
Mark Wooding | classify.m4: Document the source of blacklisted address... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-03-26 |
Mark Wooding | jazz.m4: No, jazz is not a nameserver. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-03-26 |
Mark Wooding | mango.m4: Tighten up the SNAT rules. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-03-16 |
Mark Wooding | config.m4: Extend the upper limit on open ports. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-02-10 |
Mark Wooding | New host `mango'. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-02-09 |
Mark Wooding | classify.m4: Hook the INPUT and FORWARD chains, not... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-02-09 |
Mark Wooding | ibanez.m4: Open an explicit hole for `udpkey'. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-02-09 |
Mark Wooding | local.m4: Yet more explicit networks for asymmetric... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-01-26 |
Mark Wooding | local.m4: New satellite network `binswood'. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-01-26 |
Mark Wooding | local.m4: Make the net-class policies easier to read. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-01-26 |
Mark Wooding | local.m4: Nothing should forward via `iodine'. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-01-26 |
Mark Wooding | functions.m4, local.m4: Rename `forwards' to `via'. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-01-13 |
Mark Wooding | New host `orange'. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-01-13 |
Mark Wooding | ibanez.m4, vampire.m4: Provide NTP service to untrusted... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2013-01-08 |
Mark Wooding | bookends.m4: Better check for bridging. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-12-29 |
Mark Wooding | stratocaster.m4: Provide rsync service. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-12-28 |
Mark Wooding | {roadstar,jem,telecaster,stratocaster}.m4: Move Git... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-12-28 |
Mark Wooding | artist.m4: Moved the `rawk' server to artist. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-12-15 |
Mark Wooding | jazz.m4, local.m4: Make jazz be a TrIPE endpoint. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-12-14 |
Mark Wooding | numbers.m4: Add port number for IRC. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-12-13 |
Mark Wooding | Makefile: If the user overrides HOSTS, don't install... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-12-13 |
Mark Wooding | local.m4: Add a prose commentary on address allocation. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-12-11 |
Mark Wooding | functions.m4: Correctly clear `to' network field in... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-12-11 |
Mark Wooding | classify.m4: Dispatch on destination addresses to corre... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-12-11 |
Mark Wooding | classify.m4: Classify individual host routes correctly. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-12-11 |
Mark Wooding | classify.m4: Clean up interface map tracing. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-12-11 |
Mark Wooding | functions.m4: Fix up commentary for `matchnets'. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-12-11 |
Mark Wooding | local.m4, jazz.m4: Move iodine endpoint to jazz. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-12-11 |
Mark Wooding | numbers.m4, vampire.m4: Expose print server to local... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-10-14 |
Mark Wooding | radius.m4: Allow external servers to contact the identd. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-10-14 |
Mark Wooding | local.m4, radius.m4: radius is now the host gateway... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-09-12 |
Mark Wooding | local.m4: artist should expect untrusted source addrs... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-09-12 |
Mark Wooding | local.m4: Track VLAN renumbering in vampire's interface... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-06-08 |
Mark Wooding | Rate limiting for incoming DNS queries over UDP. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-06-08 |
Mark Wooding | radius.m4: Handy ipset hook for ad-hoc safe/unstrusted... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-06-08 |
Mark Wooding | local.m4: Refactor common SSH permission between safe... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-05-03 |
Mark Wooding | local.m4: Packets can be routed over the safe network. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| next |
~mdw / firewall / shortlog