MkDocs configuration and content for info/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

2.1 KiB


Ziltoid is a blanket firewall and a gateway server.

Basic Info

Ziltoid takes traffic from the VLAN 3 (public vlan) and sends data over to VLAN 2 (private vlan) while applying a set of firewall rules.

The configuration files are version controlled on the COSI Git Server using a private repository (so that outside actors can't find the rules).

There are instructions contained in the repo, but basically there is a special shell script that takes the rules from the Git server and applies them.

There are also some proposed upgrades on the Git repo to make the service more foolproof, as administration of the firewall can be complicated.


COSI's network (as late as Summer 2015, there was a VLAN tagged network with a gateway box before 2014 IIRC) up until 2016 was a flat VLAN that had all the servers on it, and no firewall except a few host firewalls using /etc/hosts.allow and /etc/hosts.deny (which is pretty abysmal security practice and caused multiple security incursions, such as the "Stack-Stack" incident).

On March 25, 2016, Ziltoid was completed and brought online. It used a 4 port NIC card - one port was the uplink, one port was to the COSI private network (now VLAN 2), and another one had a 10.x.x.x network to the Tor Exit Node (which has since been removed after the service was deprecated).

In 2017 at some point, Ziltoid's hardware was upgraded as part of the 10G upgrade project, the NIC was changed from the 4 port PCIe NIC to a 2 port 10G SPF+ Intel PCIe NIC. This allows full line-speed 10G network traffic through the firewall.


It's running Ubuntu 18.04 LTS. Not too complex a system, it just bridges the two networks together and has iptables-presistent installed, plus some special configuration files and shell scripts to aid in system administration and system security.

!!! Warning

Ziltoid's performance will be greatly reduced if you do UDP filtering on it. Only do TCP firewall rules and firewall UDP on each VM if you need firewalls on UDP (typically not used for most services).