By setting the attribute CONFIGURE_FIREWALL to $True (default), a new
configure_firewall function will be run during the "post-boot" phase,
making sure that instances can be accessed only by the Orchestrator
node and instances that are part of the same AI. The main use case for
it is public clouds where instances get a directly accessible public IP.
While an experimenter can (and should) configure the cloud-specific
controls for "virtual networking security groups", at a small cost in
terms of code, we can provide a cloud-agnostic solution that should
protect everything out of the box.
By setting the attribute CONFIGURE_FIREWALL to $True (default), a new configure_firewall function will be run during the "post-boot" phase, making sure that instances can be accessed only by the Orchestrator node and instances that are part of the same AI. The main use case for it is public clouds where instances get a directly accessible public IP. While an experimenter can (and should) configure the cloud-specific controls for "virtual networking security groups", at a small cost in terms of code, we can provide a cloud-agnostic solution that should protect everything out of the box.