[Labs-l] Security groups & outside access
Jens Ohlig
jens.ohlig at wikimedia.de
Wed Jun 27 10:31:46 UTC 2012
We seem to have related problems at Wikidata. I have filed a bug that looks related: https://bugzilla.wikimedia.org/show_bug.cgi?id=37985
Am Mittwoch, 27. Juni 2012 um 02:38 schrieb Andrew Bogott:
> I'm moving this discussion from IRC to email in hopes of spanning a few more timezones.
>
> A few people (me included) have noticed that some instances which recently had access to the outside Internet no longer have this access. For example, my swiss-army-instance 'utils-abogott' used to chat with freenode and can no longer. The same change in access has happened to etherpad.wmflabs.org (http://etherpad.wmflabs.org), and presumably many other instances.
>
> I'm assuming this is on purpose, due to a new policy that increases enforcement of security groups. True?
>
> If yes, I still have two questions:
>
> 1) In the default security group for that project I see this rule: 22, 22, 0.0.0.0/0 which I would take to mean 'ssh allowed to/from anywhere.' And yet, best I can tell I cannot initiate an ssh connection to anywhere from that system. Am I making a dumb mistake?
>
> 2) The help page about security groups (https://labsconsole.wikimedia.org/wiki/Help:Security) suggests that security settings cannot be changed for existing instances. Doesn't that pose quite a serious problem for people who are invested in instances that existed before the (presumed) new security policy?
>
> Thanks!
>
> -Andrew
>
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org (mailto:Labs-l at lists.wikimedia.org)
> https://lists.wikimedia.org/mailman/listinfo/labs-l
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/labs-l/attachments/20120627/afcab925/attachment.html>
More information about the Labs-l
mailing list