[Labs-l] Security groups & outside access
Ryan Lane
rlane at wikimedia.org
Wed Jun 27 10:47:05 UTC 2012
This is a bug, likely due to the multi-host network node changes we
attempted the other day.
On Wed, Jun 27, 2012 at 2:38 AM, Andrew Bogott <abogott at wikimedia.org> wrote:
> I'm moving this discussion from IRC to email in hopes of spanning a few
> more timezones.
>
> A few people (me included) have noticed that some instances which
> recently had access to the outside Internet no longer have this access. For
> example, my swiss-army-instance 'utils-abogott' used to chat with freenode
> and can no longer. The same change in access has happened to
> etherpad.wmflabs.org, and presumably many other instances.
>
> I'm assuming this is on purpose, due to a new policy that increases
> enforcement of security groups. True?
>
> If yes, I still have two questions:
>
> 1) In the default security group for that project I see this rule: 22, 22,
> 0.0.0.0/0 which I would take to mean 'ssh allowed to/from anywhere.' And
> yet, best I can tell I cannot initiate an ssh connection to anywhere from
> that system. Am I making a dumb mistake?
>
> 2) The help page about security groups
> (https://labsconsole.wikimedia.org/wiki/Help:Security) suggests that
> security settings cannot be changed for existing instances. Doesn't that
> pose quite a serious problem for people who are invested in instances that
> existed before the (presumed) new security policy?
>
> Thanks!
>
> -Andrew
>
>
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l
>
More information about the Labs-l
mailing list