Last Update: Jan 27th, 2026
Update Reason: FurrIX Spinoff
PREFACE
Our Network Management Policy states and explains how we operate the networking services that we obtain through FurrIX.
As with all of our policies that govern the operation of Marbled Fennec Networks, this is a living document and will be updated from time to time as our sponsoring board of project members advances, alters and makes changes to both projects. As such, project members, project guest and end users should refer back to this policy often and make note of any changes that have occurred. Failure of a project member or guest to read these policies does not excuse them from following the policies set for both projects by the sponsoring board of Marbled Fennec Networks. Failure to be aware and follow all policies can lead to service and/or account termination.
SCOPE
All communications that take place via Marbled Fennec Networks traverse over network services that we obtain through FurrIX and operate ourselves, whether physical or virtual. The routing and switching gear is operated by the FurrIX vIX and deploy according to the specifications that we provide them in order to provide acceptable networking to our servers and websites. While we maintain our specific networks and endpoints, our upstream provider handles most of the networking for us. Marbled Fennec Networks provides network connectivity for game servers, websites and occasionally VPS instances that we may opt to host.
Our Network Management Policy applies to any communications that traverse our network endpoints. This includes, but is not limited to, any ingress or egress from and to our networks and any interfaces operated by our volunteers. This policy covers all network protocols, internet protocols, applications and services provided by, operated through, or maintained by Marbled Fennec Networks and our volunteers.
THE HUMAN ELEMENT
Our volunteers are responsible for the maintenance and day to day operation of our hosted services. Maintaining our network and services require skill, attention to detail and a fair amount of time dedication from our Volunteer Techs. The Sponsoring Board of Marbled Fennec Networks selects Volunteer Techs for various operational task and positions within our project. Our Volunteer Techs are equipped with the tools, network mappings, access tokens, documentation and internal support required to perform their duties. Most, if not all, of our techs are volunteers who are Information Technology and Computer Networking amateurs that take on their respective roles within Marbled Fennec Networks for the fun of doing such and the expansion and refinement of their skills. No Volunteer Tech may perform their respective duties above any other function of their daily lives. Participation in the maintenance and upkeep of Marbled Fennec Networks is done on a purely amateur basis, for the love of the hobby, and without pecuniary interest.
Marbled Fennec Networks does not apply, condone or otherwise imply the existence or adherence to any service level agreement. Project members who are expecting complete uptime or a perfectly usable virtualized environment are encouraged to look for a commercial provider to meet their needs, as such is outside the scope of Marbled Fennec Networks. Our Volunteer Techs will not pushed into placing Marbled Fennec Networks above any other aspect of their daily and personal lives, what so ever. Any project member or guest that is found to be placing undue pressure of our Volunteer Techs will have their service(s) and account(s) terminated and will receive an email stating that their behavior was unacceptable and they should go look into a commercial provider.
PATCH SCHEDULE
Marbled Fennec Networks aims to apply OS patches and support software updates to our systems each week on Wednesday and Saturday. The patching window is from one to three AM EST. Project members should expect to see little to no interruption during this process, not including any patches that require equipment reboots. In the event that a patch or update fails, our network and servers are setup with nightly offsite backups and we hold a rolling window of the last sixteen images and our Volunteer Techs will work as quickly as their schedule allows for the restoring of systems that experience a failed patch or update.
All updates and configuration changes are logged to an internal discord channels that all of our Volunteer Techs have access to. This allows for the coordination of updates and for our Volunteer Techs to work together to keep updates as smooth as possible. When major updates or updates that have a possibility of breakage are to happen, Marbled Fennec Networks will make a post on our website detailing what service(s) are affected and a rough guess of how long things will be offline. We will also make post on our website(s) detailing outages, changes to the network core or changes to our offered services.
BACKUP INFORMATION
Marbled Fennec Networks provides an internal service to itself and FurrIX that automatically handles the nightly backup imaging of all services and routers. These backups happen every night of the week at midnight and take roughly an hour to complete. We are setup to keep sixteen images of all project related routers, VMs and services on hand at all times. When updating a router, VM or in house service; the last backup image is locked to prevent data loss and to provide our Volunteer Techs with a known, working image to restore to if things go wrong.
Marbled Fennec Networks does not provide our project members and guest with any form of backup service nor access to our backup service. Project members and guest are expected to take reasonable measures themselves to protect their data. Marbled Fennec Networks is not responsible for data loss.
All backup images are stored on a separate physical server in a different part of the data center. The machine that handles the backup images (backup.furrix.zone) exist as a virtual machine on the secondary physical host (aedon.furrix.zone) and has firewall rules in place that only allow access from our internal /64 subnet. Only the lead network engineer and tier two support have access to this server.
Network Addressing
Due to the nature of the services offered by FurrIX, and thus by Marbled Fennec Networks, and the very real possibility for abuse; we statically assign all routes and internet protocol addresses to game servers, websites and VPS instances on our servers. The addresses you are given access to is attached to your account and is noted on your service(s), as well as a PTR record is attached to the virtual interface that operates your service(s). This is done to make troubleshooting and identification of bad actors and improper network use easier for our Volunteer Techs to handle.
PTR RECORD ASSIGNMENT
FurrIX requires that the network interfaces address in any assigned subnet must have its PTR record set upon activation for the identification of the project member or guest responsible for the network traffic on that interface and its subnet range. Currently, PTR records for game server and VPS interfaces will be placed into the “.marbledfennec.net” namespaces. This properly identifies network traffic to our Volunteer Techs, members and external network admins as belonging to our project as well as the member operating the service.
Project members and guest who do not consent to having a PTR record set will not receive service(s) from our project. This is not optional and is a rule made for traffic accounting and member accountability reasons.
The code phrase for our NMP (Network Management Policy) is Coconut Sugar.
NETWORK SECURITY AND INTRUSION DETECTION SYSTEM
Project members should be aware their traffic traversing the network operated by Marbled Fennec Networks may pass through various firewalls, routers and intrusion detection systems operated by our upstream provider that may automatically inspect and drop traffic on a temporary basis. These automated actions alert our Volunteer Techs and the FurrIX NOC of potential problems. Our Volunteer Techs can look into the network to inspect what is causing the alerts and make adjustments as needed or reach out to our upstream NOC for assistance. None of our Volunteer Techs are allowed to disclose any of the traffic they may see to anyone outside of our other Volunteer Techs, our upstream provider’s Network Operations Center (NOC) or law enforcement who may be doing an investigation for network abuse.
Name Server Management
In agreement with FurrIX, Marbled Fennec Networks operates two public name servers that anyone may make use of for general DNS queries. Both servers are setup to resolve both OpenNIC and ICANN domains. Both servers provide IPv4 and IPv6 service with options for DoH and DoT features. Logs are removed at 2300EST daily. FurrIX has applied rate limits and bandwidth limits to each server to help prevent abuse.
While we strive to remain an unbiased and neutral network operator, there will be times in which our Volunteer Techs must moderate the name servers to prevent abuse. To date, there are roughly 491 domains which are dropped using RPZ configurations. Request arriving at our servers containing these domains are answered with an NXDOMAIN response. We will not unblock known command and control domains.
Volunteer Tech Management
Marbled Fennec Networks takes the operation and security of our hosted services and network seriously. When on boarded, Volunteer Techs are provided with a WireGuard profile that attaches them to our internal management network and grants them only the level of access they need for their roles. Being VPN’d into our IMN is a requirement in order to perform their duties. No management interface of any service operated by Marbled Fennec Networks may be exposed to the internet. All management interfaces must be placed behind our IMN and must have appropriate firewall rules in place at all times.
Volunteer Techs who are found to be misconfiguring administrative endpoints, and thus exposing them to the internet, will be removed from their position and possibly banned from the projects all together. Network and server management integrity is the top priority for our services and routing gear.
Volunteer Techs are forbidden from sharing their access tokens, network profiles or any other secure project data. Pretty much all of our documentation may requested by our Volunteer Techs and project members, though certain data sets are not to be shared under any circumstance as they are critical to the security and operational status of our network and services.
PROJECT MEMBER ACCOUNTS AND SERVICES
Project members are not allowed to share their account(s) details with anyone not listed on their request for service(s) and the email of approval for their request. Your account(s) and service(s) are intended for your own personal use only and shall not be shared outside of your homelab or personal devices. You are fully responsible for all communications and data that traverse our network in relation to your account(s), service(s) and network access profile(s).
In the event that Marbled Fennec Networks receives any complaints about project member activities, our Volunteer Techs will begin an investigation that may involve the temporary monitoring of said network traffic and data, with or without assistance from our upstream providers. If said project member is found to be in violation of our policies, their access to service(s) and account(s) will be restricted while we try to contact them for a resolution. Failing contact, said project member service(s) and account(s) will be terminated.
OUTRIGHT BANNED COMMUNICATIONS
Marbled Fennec Networks does not allow project members or guest to operate TOR nodes of any type, mail servers or relays, public proxies or torrent services. If a project member is found to be operating such, their access to the network and service(s) will be terminated without notice and said individual will be banned from requesting future account(s) or service(s).
FurrIX, our upstream network provider, does not permit the operation of SMTP (email) servers by project members of their virtual internet exchange. Due to the effort they have spent to keep our network ranges clean and off of blocklist, they will not respond to support request to unblock ports 25, 465, and 587. Traffic on these ports is blocked both at the edge and internally in our routing stack.
Due to us recently seeing some traffic from the TOR network, we are now using https://www.dan.me.uk/tornodes exit node list to drop traffic coming from the TOR network. This list is in place on each of our routers.
NETWORK MONITORING SYSTEM
As part of our agreement with FurrIX, Marbled Fennec Networks operates an NMS (Network Monitoring System) that handles various task such as but not limited to: traffic accounting per subnet, interface throughput monitoring, error alerting, uptime and outage tracking as well as all related stats. All routers, bridges and VMs operated by FurrIX are enrolled in the NMS. All services, physical servers and VMs operated by Marbled Fennec Networks are enrolled in the NMS. This is not optional and under the current agreement, both projects are required to enroll all of their project related gear into the NMS for monitoring and alerting. Additionally, to augment the NMS, all of FurrIX’s routers are running NTopNG.
INTENDED USAGE
The network operated by Marbled Fennec Networks is not meant to be a replacement for a commercial services provider. The services on our network are provided by hobbyist who maintain the project out of their own pockets and ask that our project members be mindful of the network and server resources. Abuse of the project resources will not be tolerated. We have hard limits on our transit speeds for the connections to the outside world that we have to be mindful of and work to ensure fair use of, as well as server CPU time, memory and storage limits.
Extended Network and Server Limitations
You may not use our network to invade another person’s privacy; access or attempt to access any internet host which you do not have permission; to hack, crack or otherwise gain access to any other internet host; to share data or software that you do not have the rights to; use or access packet sniffers or similar tools; send unsolicited mail; restrict or inhibit any other member from using or enjoying our network; harass any other persons or groups; impersonate other persons or groups; or use any internet host in a way that is not authorized by its operators.
You may not perform actions that would cause undue burden to our network resources or other users connected to our network. For hosted services, this includes but is not limited to: exploits to bypass service limitations; exceed allocated network speeds or traffic limitations; gaining access to virtual machines not hosted under your account; exploits to make unauthorized changes to our network and systems.
Doing any of the above will result in termination of your account(s) and service(s), as well as you being banned from using our network in the future.
PUBLIC DISPLAY OF STATISTICS
Marbled Fennec Networks will collect, parse and occasionally display on our website(s) information about how the network is used. We are making this known via this policy as information collected and displayed will be in the form of traffic type, traffic amount, protocol, IPv6 subnet, the parties those subnets are provided to and which routed the traffic flowed across. This is solely for allowing users a look into how our network is being utilized and the amounts of traffic we route through our equipment, as well as a tool to help plan changes and modifications to our network in response to changes in usage patterns. Neither Marbled Fennec Networks nor FurrIX will disclose individual IPv6 addresses in the presented information on our website, only entire subnets. If you do not agree with this process, you should contact support immediately to cancel your service(s) and account(s).
As part of our Network Management Policy, the projects both report banned IP addresses to AbuseIPDB on a regular basis. This reporting is handled automatically via various services within our network.
INTERNAL COLLECTION AND PARSING OF NETWORK STATISTICS
Volunteer Techs helping maintain the network and projects will have the ability and tools needed to collect, parse and display network statistics internally that will help our projects see: how the network is utilized; view traffic flows in real time; see where traffic is coming from and going to; which IP addresses are involved; which parties those IP addresses are in use by; endpoint connection IP addresses and estimated geo location; resolved DNS queries and other related network statistics. This information is used internally to assist our Volunteer Techs make decisions related to setting up our routers, providing our users with support, planning maintenance and performing network upgrades.
Volunteer Techs are not allowed to disclose this level of detailed information to the public. The highly detailed internal view is only to be used for day to day upkeep, to respond to queries from our upstream’s NOC or to provide law enforcement with requested information as required by law.
COOPERATION WITH LAW ENFORCEMENT
Both Marbled Fennec Networks aims to keep good relations with our upstream provider(s) and law enforcement agencies. In the event that we are instructed to, and such compliance is legally required, we will work with our upstream providers and/or law enforcement to grant their investigators with network level access on our core bridge. Due to the types of situations that may arise requiring the above provisions, we may be ordered not to disclose any information about the investigation; however, once such is over and done with, we will be as transparent with our members as we are legally allowed to be.