Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

If SG egress rules are present, check if they interfere with active transfers #1

Open
Castaglia opened this issue Mar 5, 2016 · 1 comment
Open

If SG egress rules are present, check if they interfere with active transfers #1

Castaglia opened this issue Mar 5, 2016 · 1 comment
Assignees
@Castaglia
Labels
enhancement

Comments

@Castaglia
Copy link
Owner

If any of the security groups (SGs) for the instance have egress rules, then mod_aws should check them on startup, just as it does for ingress rules, to see the egress rules would prevent/interfere with active data transfers. The check should encompass both restricted ports and restricted addresses; if the instance cannot connect back to the allowed ingress addresses, that would prevent active transfers from working as expected.
@Castaglia Castaglia self-assigned this Mar 5, 2016
@Castaglia
Copy link
Owner Author

If the egress rules are configured such that they match the ingress addresses, and no where else, this can help prevent the "FTP bounce" attack. Something to mention in the module docs, at least.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Castaglia Castaglia

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Castaglia