firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity

Task #15: The Frostwall Protocol — GRE Tunnel Security Architecture #175

New Issue
Open
opened 2026-03-21 02:33:37 -05:00 by mkrause612 · 0 comments
mkrause612 commented 2026-03-21 02:33:37 -05:00
Owner
Copy Link

Task #15: The Frostwall Protocol — GRE Tunnel Security Architecture

Time Estimate: 3-4 hours

Documentation: docs/tasks/ (see operations manual)

Time: 3-4 hours
Status: DEPRIORITIZED — March 14, 2026
Priority: LOW — no active DDoS problem, email unblocked via Billing VPS
Documentation: docs/tasks/frostwall-protocol/

Custom DDoS protection using GRE tunnels from Command Center to TX1/NC1. Hides real IPs, protects email reputation.

Why urgent now: Email is needed soon — Holly staff email, staff comms, subscriber notifications. Frostwall → Mailcow is the only path to get there. This is the critical blocker.

Core Components:

  • GRE tunneling (encrypted links)
  • 1-to-1 NAT/DMZ forwarding
  • Iron Wall UFW rules
  • IP hierarchy (scrubbing → backend → binding)

Blocks: Mailcow (email) → Holly email, staff email, subscriber comms, all Tier 2+ infrastructure
Deployment doc: https://docs.google.com/document/d/12Kh-AhUgJLOJrBgIjMiGi3xRZH1basRzv9Pa_-x1t_0/edit

Source: docs/core/tasks.md (Task #15)

### Task #15: The Frostwall Protocol — GRE Tunnel Security Architecture **Time Estimate:** 3-4 hours **Documentation:** `docs/tasks/` (see operations manual) --- **Time:** 3-4 hours **Status:** DEPRIORITIZED — March 14, 2026 **Priority:** LOW — no active DDoS problem, email unblocked via Billing VPS **Documentation:** `docs/tasks/frostwall-protocol/` Custom DDoS protection using GRE tunnels from Command Center to TX1/NC1. Hides real IPs, protects email reputation. **Why urgent now:** Email is needed soon — Holly staff email, staff comms, subscriber notifications. Frostwall → Mailcow is the only path to get there. This is the critical blocker. **Core Components:** - GRE tunneling (encrypted links) - 1-to-1 NAT/DMZ forwarding - Iron Wall UFW rules - IP hierarchy (scrubbing → backend → binding) **Blocks:** Mailcow (email) → Holly email, staff email, subscriber comms, all Tier 2+ infrastructure **Deployment doc:** https://docs.google.com/document/d/12Kh-AhUgJLOJrBgIjMiGi3xRZH1basRzv9Pa_-x1t_0/edit --- --- **Source:** `docs/core/tasks.md` (Task #15)
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
area/automation
n8n workflows and automation
 area/billing
Paymenter billing system
 area/development-tools
Internal tools for workflow automation and team productivity
 area/email
Mailcow email system
 area/game-servers
Minecraft or other game servers
 area/networking
Network infrastructure and configuration
 area/operations
General operations and documentation
 area/panel
Pterodactyl Panel
 area/website
Ghost CMS website
 area/wings
Pterodactyl Wings
 duplicate
This issue is a duplicate of another issue
 for/holly
Assigned to Holly (unicorn20089)
 for/meg
Assigned to Meg (GingerFury)
 for/michael
Assigned to Michael (Frostystyle)
 good-first-issue
Good for newcomers
 help-wanted
Extra attention needed
 needs-board-sync
New issue needs to be added to project board
 operations
priority
critical
Emergency — immediate attention required
priority
high
Important — address soon
priority
low
Nice to have, not urgent
priority
medium
Normal priority
status
backlog
Not yet started, in backlog
status
blocked
Cannot proceed, blocked by dependency
status
done
Completed and closed
status
in-progress
Currently being worked on
status
review
Work complete, awaiting review
status
to-do
Ready to start, in queue
type
bug
Something isn't working
type
docs
Documentation improvements or additions
type
feature
New feature or enhancement request
type
infrastructure
Infrastructure, deployment, or DevOps work
type
refactor
Code refactoring or technical debt
type
task
General task or work item
wont-do
This will not be worked on
No Label area/billing area/email area/networking for/holly
priority
critical
status
blocked
type
infrastructure
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Gingerfury Unicorn20089 mkrause612
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: firefrost-gaming/firefrost-operations-manual#175
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?