majst01
commented
4 years ago @chbmuc @michaelottofits
Closed majst01 closed 2 years ago
majst01
commented
4 years ago @chbmuc @michaelottofits
Gerrit91
commented
2 years ago Should be obsoleted by MEP-9: https://github.com/metal-stack/docs/pull/99 Can we close?
Currently ssh access to the firewall is open to the public internet. This is fine for most scenarios, but someone could argue that this is more than required, "need to know principle".
To achieve this we can extend the firewall crd to a list of allowed source networks from which direct ssh access is allowed. If none is given, all networks are allowed (0.0.0.0/0)