Hey guys,
We made changes to our firewall rules as of today. Going forward,
the project will default to implementing rules that should provide
isolation between subnets. This has been on the road map for a
while but was a back burner task compared to getting the rest of the
network up and running.
We also finally have deployed a network management console internally
that is now handling network usage data for accounting and keeping an
eye on who is doing what on the network. Insight like this is a very
valuable tool that will help us plan future upgrades as well as spot
any potential issues in the network earlier.
Something that was overlooked during the planning and deployment phase
of our network was that we were allowing port 25 and port 465 to be used
on our network and it was something that just slipped our minds for a
long while. This has been corrected as of today. We are now dropping these
ports at the edge and on our wireguard interfaces. Project members are not
allowed to host mail servers on our network. The terms of service and
network management policies have been updated to reflect this change.
In addition, we have brought on a few more project members, which means
a few more /64 subnets have been setup for routing. Pretty cool to see
others taking notice of what we have built out over the past few years!