implement full explicit ingress filtering on non-Local provider bootstrapping node
Bug #966590 reported by
Jamie Strandboge
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
juju (Ubuntu) |
Triaged
|
High
|
Unassigned | ||
Precise |
Won't Fix
|
High
|
Unassigned |
Bug Description
This is a tracking bug for a dependency of the juju MIR (bug #912861).
This is different from bug #966558 in that this bug implements explicit full ingress filtering on the bootstrapping node. This helps ensure that services started on the bootstrapping node can't be trampolined to more privileged juju access. Access might be something like:
* allow ping and 22/tcp from anywhere
* allow only ping, 22/tcp and 2181/tcp (zookeeper) from deployed nodes
Changed in juju (Ubuntu Precise): | |
importance: | Undecided → High |
Changed in juju (Ubuntu): | |
milestone: | precise-updates → none |
tags: | removed: rls-p-tracking |
To post a comment you must log in.
The Precise Pangolin has reached end of life, so this bug will not be fixed for that release