[Labs-l] Security groups & outside access

[Andrew Bogott]

     I'm moving this discussion from IRC to email in hopes of spanning a 
few more timezones.

     A few people (me included) have noticed that some instances which 
recently had access to the outside Internet no longer have this access.  
For example, my swiss-army-instance 'utils-abogott' used to chat with 
freenode and can no longer.  The same change in access has happened to 
etherpad.wmflabs.org, and presumably many other instances.

     I'm assuming this is on purpose, due to a new policy that increases 
enforcement of security groups.  True?

     If yes, I still have two questions:

1)  In the default security group for that project I see this rule: 22, 
22, 0.0.0.0/0 which I would take to mean 'ssh allowed to/from 
anywhere.'  And yet, best I can tell I cannot initiate an ssh connection 
to anywhere from that system.  Am I making a dumb mistake?

2)  The help page about security groups 
(https://labsconsole.wikimedia.org/wiki/Help:Security) suggests that 
security settings cannot be changed for existing instances.  Doesn't 
that pose quite a serious problem for people who are invested in 
instances that existed before the (presumed) new security policy?

Thanks!

-Andrew

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/labs-l/attachments/20120626/eb9e7d31/attachment.html>