## standard configuration
## debug
- realconnect +172.29.199.2:25
- realconnect +172.29.199.2:53
- realconnect +172.29.199.2:80
- realconnect +172.29.199.2:3128
- realconnect +127.0.0.1:6010-6020
- realconnect -127.0.0.0/8
+ realconnect +127.0.0.1:6010-6020, +[::1]:6010-6020
+ realconnect +127.0.0.1:53, +[::1]:53
+ realconnect +local:22
+ realconnect -127.0.0.0/8, -[::1]
realconnect -local
- (172.29.199.2 is the IP address of the machine I took this
- from.) What this says is as follows.
+ What this says is as follows.
* Don't produce debugging output, but let me turn it on easily
if I feel the urge.
- * Allow direct connection to my SMTP server, on port 25. (The
- `+' means `allow'.)
+ * Allow conversations with SSH-forwarded X displays, which
+ listen on the loopback interface. Notice that the IPv6
+ address must be enclosed in square brackets because colons
+ are having to do double-duty here.
- * Allow conversations with my local DNS server. (The noip
- hack is not particularly discriminating. It replaces UDP
- sockets with Unix-domain datagram sockets, just as it
- replaces TCP sockets with Unix-domain stream sockets.)
+ * Allow conversations with my local DNS server. (I run
+ `unbound' on all of my servers, to do DNSsec validation.
+ The noip hack is not particularly discriminating. It
+ replaces UDP sockets with Unix-domain datagram sockets, just
+ as it replaces TCP sockets with Unix-domain stream sockets.)
- * Allow conversations with my local web server.
-
- * Allow conversations with my local squid proxy.
-
- * Allow conversations with SSH-forwarded X displays.
+ * Allow conversations with my local SSH server.
* Don't allow any other communication with anything else on
the loopback network 127.0.0.0/8. (I've still no idea why
- each machine needs 16 million IP addresses for talking to
+ each machine needs 16 million IPv4 addresses for talking to
itself. The `-' means `deny'.)
* Don't allow any other communication with any of my other
~mdw / preload-hacks / blobdiff