Currently ssh access to the firewall is open to the public internet. This is fine for most scenarios, but someone could argue that this is more than required, "need to know principle".
To achieve this we can extend the firewall crd to a list of allowed source networks from which direct ssh access is allowed. If none is given, all networks are allowed (0.0.0.0/0)
Currently ssh access to the firewall is open to the public internet. This is fine for most scenarios, but someone could argue that this is more than required, "need to know principle".
To achieve this we can extend the firewall crd to a list of allowed source networks from which direct ssh access is allowed. If none is given, all networks are allowed (0.0.0.0/0)