Hi everybody,

as part of T198623 the Analytics and Traffic team worked on a better set of firewall rules for ipv4/ipv6 traffic generated within the Analytics VLAN and going towards Production. For example, we are now enforcing the usage of https://wikitech.wikimedia.org/wiki/HTTP_proxy for all the http/https connections originated from the Analytics VLAN, so if you have any important cron job that runs periodically on any Analytics host (most likely the stat boxes) please check that it complies to this policy as soon as possible. Please note that the policy itself is not new (https://wikitech.wikimedia.org/wiki/Analytics/Data_access#Stats_machines) but it will be enforced very soon during the next couple of days. We have run several tcpdump sessions to check the current traffic (we are reasonably sure that nothing will break), but better safe than sorry :)

For any comment/suggestion/question/etc.. please follow up in the task or with me in the #wikimedia-analytics IRC channel.

Thanks in advance!

Luca (on behalf of the Analytics team)