Obsolete as of August 2013

Our firewall service has been shut down and replaced with router-based ACLs.

Firewall quick reference

The alleged definitive statement on firewall zone organization is presently located at http://www.cs.uwaterloo.ca/cscf/policies/firewall. It is, however, obsolete as of January 2010.

Zone ID Description Networks
-1 not firewalled 172.19.0.0/20, 129.97.{74, 75, 78, 79}/24, 10.15.0.0/20
0 CSCF internal, few restrictions 172.19.16.0/20, 129.97.15.0/24, 10.15.16.0/20
1 CS public servers 172.19.32.0/20, 129.97.152.0/24, 10.15.32.0/20
2 thin clients, allows remote-access protocols 172.19.48.0/20, 129.97.59.0/25, 10.15.48.0/20
3 teaching workstations, no inbound traffic 172.19.64.0/20, 129.97.51.0/24, 129.97.59.128/25, 10.15.64.0/20
4 office workstations, allows SSH & RDP 172.19.80.0/20, 129.97.{84, 168, 169}.0/24, 129.97.170.0/23, 10.15.80.0/20
5 research computers, unrestricted outbound (stateful), inbound customizable 172.19.96.0/20, 129.97.7.0/24, 10.15.96.0/20
Topic revision: r3 - 2013-09-17 - TrevorGrove
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback