[HamWAN PSDR] Firewall Changes for HamWAN

Dean Gibson AE7Q hamwan at ae7q.com
Fri Apr 25 14:09:44 PDT 2014 

I sent this to Nigel, but for the record  for 44.24.240.173 (I think 
you'll have more work to do than I will, if my IP address changes):

 1. Inbound established connections: ALLOW
 2. Inbound related connections:  ALLOW
 3. Inbound from 44.0.0.0/8: ALLOW
 4. Inbound from 209.59.217.159: ALLOW
 5. Inbound, the rest:  BLACKHOLE

Outbound:  ALLOW

No urgency.

-- Dean

On 2014-04-25 12:04, Bart Kus wrote:
> As an update, the inbound filtering was turned off since it caused 
> problems.  We're looking into doing things differently now.
>
> Also, I would re-phrase "If you want to be able to reach a service" to 
> just "let us know what firewall rules you'd like for your subnet/IP".  
> If you want to define ranges of ports and stuff, that's fine.  Work is 
> on-going to automate this too, so you won't need to reach out to puny 
> humans.
>
> --Bart
>
> On 4/24/2014 10:14 PM, Nigel Vander Houwen wrote:
>> Hello All!
>>
>> Tonight myself and the other admins have spent some time working on 
>> improving the firewall implemented at our edge routers to help 
>> improve security and compliance, and I installed them on both edges a 
>> short time ago.
>>
>> We are now at this point implementing a default block of traffic 
>> coming in from the internet at large, unless specifically exempted.
>>
>> What does this mean for you?
>>
>>  1. For most things, you should not notice this change at all.
>>     Anything you request from your hamwan connection should work fine
>>     as the response will be related to your connection.
>>  2. If you want to be able to reach a service you have on your hamwan
>>     connection from the internet at large, please let myself or
>>     another admin know, and we can add that to the known exceptions.
>>     This is a temporary state until we can get a web interface for
>>     managing your HamWAN DNS and firewall rules.
>>  3. If you do notice any problems, please reach out to us. The best
>>     is via the #hamwan channel on irc.freenode.net, but email will
>>     work as well.
>>
>> Thanks, Nigel K7NVH

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20140425/6404d6fc/attachment.html>

More information about the PSDR mailing list