kaazoo
commented
10 years ago At the moment, all traffic first has to pass the OpenStack firewall where only SSH, HTTPS and Riemann to the VM should be allowed. Another firewall inside the VM may also increase security but also complexity. Another firewall in front of the colocation may act as a single pont of failure, decrease usable bandwidth or tamper with packets going in and out.
Right now we don't have a firewall provided by UM, attacks will always already target the VM's firewall.
This is a subtask to #16