jeffb-stell
commented
8 years ago 255.255.255.255/32 is a good IP for this (never matches, doesn't throw errors in APIs)
Open PaulDuvall opened 8 years ago
jeffb-stell
commented
8 years ago 255.255.255.255/32 is a good IP for this (never matches, doesn't throw errors in APIs)
vrivellino
commented
8 years ago FWIW, AWS suggest 127.0.0.1/32 when you need to limit egress on security groups defined in CloudFormation. If, for whatever reason, AWS were to allow broadcast traffic in a VPC, 255.255.255.255/32 would match it. Where as the loopback netblock should never be seen outside of the loopback device.
PS: Hope all is well over at Stelligent. ;)
akuma12
commented
7 years ago I created a pull request that fixes this issue. It restricts all inbound SSH rules to only the creator's IP Address at the /32 range. Should web access on port 8080 be restricted as well? That's an easy change.
PaulDuvall
commented
7 years ago @akuma12 Yes, thanks. Btw, I'll be creating a new issue to remove the need for Jenkins and use CodeBuild, but we'll get to it when we can :-)
Restrict access to a non-existent IP Address by default and require the user to enter their /32 IP as a parameter.