Comment 2 for bug 1842008

I had forgotten that we had done this, but I also don't see where it is
actually wired into the firewaller. At least JujuControllerRule doesn't
seem referenced outside of the API, and I didn't see any references to it
in worker/firewaller.

On Fri, Aug 30, 2019 at 6:15 AM Ian Booth <email address hidden> wrote:

> We have the basis for this functionality in the agent already, but it's
> not (yet) used when creating security groups, ie it just needs to be
> wired up.
>
> eg
> $ juju set-firewall-rule ssh --whitelist 192.168.1.0/8,10.10.1.0/8
>
> The other options are "juju-controller" and "juju-application-offer"
>
> eg
> juju set-firewall-rule juju-controller --whitelist 192.168.1.0/8
> juju set-firewall-rule juju-application-offer --whitelist 192.168.1.0/8
>
> The "juju-controller" rule is meant to limit client connections to the
> controller.
>
> The "juju-application-offer" rule is the only one currently supported
> fully - it is used to limit cross model consumer connections to offered
> applications.
>
>
> ** Changed in: juju
> Milestone: None => 2.7-beta1
>
> ** Changed in: juju
> Status: New => Triaged
>
> ** Changed in: juju
> Importance: Undecided => High
>
> --
> You received this bug notification because you are subscribed to juju.
> Matching subscriptions: juju bugs
> https://bugs.launchpad.net/bugs/1842008
>
> Title:
> Restrict unit ssh access via security groups
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/juju/+bug/1842008/+subscriptions
>