Closed mdhedley closed 5 years ago
Misunderstood purpose of fireall rule.
The current system creates a firewall rule that allows port 22 from 0.0.0.0 on the network provided. In most cases where --no-public-ip is used these are secure environments where users want to limit the attack surface of the environment. So creating an open port 22 in this case does not make sense.
Additionally the existing firewall rule creation opens port 22 for all instances in the network which could create unexpected security issues for users.
Expected behavior for --beta-no-external-ip would be to prevent the use of an external IP address, and also to not make adjustments to the external firewall rules of the associated network.
However even though the flag does prevent the creation of an external IP address it still attempts to modify firewall rules to allow external access. This is not the desired behavior.