-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Blocking external traffic from nodes not on Digital Ocean #20
Comments
I've considered adding support for the |
There are cases where software might explicitly bind to the external interface or not understand how to use the internal interface for tunneling. In my case, it would be a vpn box whose OSS solution only allows public ip usage, and thus wouldn't work as well if we dropped all traffic on the public iface. |
I'm thinking about a flag |
Would I need to run droplan twice in that case? |
@josegonzalez This took a while, but release |
<3 |
I have a use case where I need to have services listening on an external interface so that I can properly reference them across each server. In AWS, you could simply have the interface be
0.0.0.0
and block all traffic that is not within the security group attached to an instance.In the ideal case, we could block all traffic that isn't coming from any of our instances IPs and then just use a jumpbox when attempting to access those servers. Perhaps a second chain like
droplan-external-peers
could be used in this case?The text was updated successfully, but these errors were encountered: