" -- if you use Chromecasts for [[Geth|AniNIX::Geth]], make sure to look for explicit validation of the devices, or run your own extensive regressions.
# Hosted Services and Entities
Nothing is hosted by the Shadowfeed, but it is manageable by either SSH or an onboard webserver.[[Category:Lighttpd]]
# Connections
The Shadowfeed has a number of hosts and entities that connect to it -- unknown entities are routed to a guest network, while known hosts are allowed inside the DMZ where they can access internal services. Direct AniNIX network members are listed below.
{{Reference|Core}}{{Reference|Windows}}{{Reference|DarkNet}}{{Reference|Print}}{{Reference|Bastion}}{{Reference|Tricorder}}{{Reference|Geth}}{{Reference|Forge2}}{{Reference|Infrastructure}}
# Additional Reference
## Add NAT Rule
iptables -t nat -I PREROUTING -p tcp -d $(nvram get wan_ipaddr) --dport 3389 -j DNAT --to 10.0.1.2 [ -s SourceIP ]
iptables -I FORWARD -p tcp -d 10.0.1.2 --dport 3389 -j ACCEPT
iptables -t nat -I PREROUTING -p udp -d $(nvram get wan_ipaddr) --dport 3389 -j DNAT --to 10.0.1.2 [ -s SourceIP ]
iptables -I FORWARD -p udp -d 10.0.1.2 --dport 3389 -j ACCEPT
## Direct config alteration
nvram show will get all the current options, whereas nvram get variable will return a variable.
nvram set or unset change variables.
nvram commit pushes the change.
## Guest Wifi
[https://dd-wrt.com/wiki/index.php/Guest_Network See here.]
## Sample Startup Script
The following will insert firewall lines into your sample startup script to harden your network edge. This allows [[WebServer|web]], [[SSH]], [[IRC]], [[Geth|AniNIX::Geth]], and [[Nazara|bastion]] access through the firewall, dropping all others. It also sets up the block chain for [[Cerberus|AniNIX::Cerberus]].
iptables -N severe
iptables -I INPUT 2 -i vlan2 -j DROP
iptables -I INPUT 2 -i vlan2 -p tcp -m tcp --dport 22 -j ACCEPT
iptables -I INPUT 2 -i vlan2 -p tcp -m tcp --dport 80 -j ACCEPT
iptables -I INPUT 2 -i vlan2 -p tcp -m tcp --dport 443 -j ACCEPT
iptables -I INPUT 2 -i vlan2 -p tcp -m tcp --dport 6641 -j ACCEPT
iptables -I INPUT 2 -i vlan2 -p tcp -m tcp --dport 6697 -j ACCEPT
iptables -I INPUT 2 -i vlan2 -p tcp -m tcp --dport 9022 -j ACCEPT
iptables -I INPUT 2 -j severe
iptables -I FORWARD -j severe
}}