Skip to content

/ saltfs

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow ICMP packets #336

Closed
aneeshusa opened this issue Apr 22, 2016 · 2 comments
Closed

Allow ICMP packets #336

aneeshusa opened this issue Apr 22, 2016 · 2 comments

Comments

@aneeshusa
Copy link
Member

@aneeshusa aneeshusa commented Apr 22, 2016

Currently, the (AWS?) firewall settings disallow ICMP packets, which makes us bad network citizens. ICMP is useful not only for debugging (ping, traceroute), but is also necessary for features such as path MTU discovery, and blocking ICMP doesn't add any security since we list these IP addresses in DNS anyways.

I would still recommend ICMP rate-limiting to prevent reflection attacks, if it's not too complicated to set up.

cc @edunham
@edunham
Copy link
Contributor

@edunham edunham commented May 5, 2016

@larsbergstrom I've moved all slaves to the 'default' group, deleted the spurious 'launch-wizard-x' groups, and allowed ICMP on the default and servo-master groups. When creating new slaves, please put them in the 'default' security group rather than creating a new one.
@edunham edunham closed this May 5, 2016
@larsbergstrom
Copy link
Contributor

@larsbergstrom larsbergstrom commented May 5, 2016

@edunham Thanks, will do!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
@larsbergstrom @edunham @aneeshusa
You can’t perform that action at this time.