From 08bb35b23ec0b429018715839d547fc90411a6c3 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Thu, 24 Apr 2014 10:12:48 +0100 Subject: [PATCH] README: Fettle to include IPv6, and update configuration. --- README | 36 ++++++++++++++++-------------------- 1 file changed, 16 insertions(+), 20 deletions(-) diff --git a/README b/README index b067845..4abb92c 100644 --- a/README +++ b/README @@ -180,37 +180,33 @@ noip ## standard configuration ## debug - realconnect +172.29.199.2:25 - realconnect +172.29.199.2:53 - realconnect +172.29.199.2:80 - realconnect +172.29.199.2:3128 - realconnect +127.0.0.1:6010-6020 - realconnect -127.0.0.0/8 + realconnect +127.0.0.1:6010-6020, +[::1]:6010-6020 + realconnect +127.0.0.1:53, +[::1]:53 + realconnect +local:22 + realconnect -127.0.0.0/8, -[::1] realconnect -local - (172.29.199.2 is the IP address of the machine I took this - from.) What this says is as follows. + What this says is as follows. * Don't produce debugging output, but let me turn it on easily if I feel the urge. - * Allow direct connection to my SMTP server, on port 25. (The - `+' means `allow'.) + * Allow conversations with SSH-forwarded X displays, which + listen on the loopback interface. Notice that the IPv6 + address must be enclosed in square brackets because colons + are having to do double-duty here. - * Allow conversations with my local DNS server. (The noip - hack is not particularly discriminating. It replaces UDP - sockets with Unix-domain datagram sockets, just as it - replaces TCP sockets with Unix-domain stream sockets.) + * Allow conversations with my local DNS server. (I run + `unbound' on all of my servers, to do DNSsec validation. + The noip hack is not particularly discriminating. It + replaces UDP sockets with Unix-domain datagram sockets, just + as it replaces TCP sockets with Unix-domain stream sockets.) - * Allow conversations with my local web server. - - * Allow conversations with my local squid proxy. - - * Allow conversations with SSH-forwarded X displays. + * Allow conversations with my local SSH server. * Don't allow any other communication with anything else on the loopback network 127.0.0.0/8. (I've still no idea why - each machine needs 16 million IP addresses for talking to + each machine needs 16 million IPv4 addresses for talking to itself. The `-' means `deny'.) * Don't allow any other communication with any of my other -- 2.11.0