Comment 2 for bug 1842006
Revision history for this message
| John A Meinel (jameinel) wrote Re: [Bug 1842006] [NEW] Restrict ingress port 17070 to the controllers | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0f7b58d
(Get the code!)
Note that the Juju client also talks on 17070. So while you could certainly
firewall it, you'd have to include places where you want to run 'juju
status'.
I think having both "expose Endpoint to Space/CIDR" and "model controller
as an app" would give us a good experience here.
John
=:->
On Fri, Aug 30, 2019, 03:25 Andrea Ieri <email address hidden> wrote:
> Public bug reported:
>
> The default security groups deployed by Juju allow ingress traffic on port
> 17070 from any source.
> A customer of ours has recently raised the concern that this is too open,
> and I think this could be restricted to the set of controllers, at least
> for local deployments (I imagine it might get tricky for JAAS setups).
>
> ** Affects: juju
> Importance: Undecided
> Status: New
>
> ** Information type changed from Private Security to Public
>
> --
> You received this bug notification because you are subscribed to juju.
> Matching subscriptions: juju bugs
> https:/
>
> Title:
> Restrict ingress port 17070 to the controllers
>
> To manage notifications about this bug go to:
> https:/
>