This PR further limits the set of allowed ports between the BOSH director and the IST VMs. Traffic on ports like NATs is allowed but all other traffic between the IST VMs and the infrastructure subnet is denied.
We also added comments to our previous firewall rules to indicate why the rule is necessary and a big warning to remember to update docs if you have to change any of the firewall rules.
This PR further limits the set of allowed ports between the BOSH director and the IST VMs. Traffic on ports like NATs is allowed but all other traffic between the IST VMs and the
infrastructuresubnet is denied.We also added comments to our previous firewall rules to indicate why the rule is necessary and a big warning to remember to update docs if you have to change any of the firewall rules.