On Fri, Jul 13, 2018 at 07:47:17AM -0600, Alex Schultz wrote:
> I think we should update the default rule to allow access over the
> control plane but there must be at least 1 rule that we're enforcing
> exist so the deployment and update processes will continue to
> function.
That's makes sense.
On Thu, Jul 12, 2018 at 8:17 PM, Lars Kellogg-Stedman wrote:
> I've had a few operators complain about the permissive rule tripleo
> creates for ssh. The current alternatives seems to be to either disable
> tripleo firewall management completely, or move from the default-deny
> model to a set of
I've had a few operators complain about the permissive rule tripleo
creates for ssh. The current alternatives seems to be to either disable
tripleo firewall management completely, or move from the default-deny
model to a set of rules that include higher-priority blacklist rules
for ssh traffic.
I