tfgrid/circle_engineering
24
0
Fork 0
Code Issues 45 Pull Requests Packages Projects Releases Wiki Activity

restricted network traffic on zos #98

New Issue
Open
opened 2024-09-19 13:27:13 +00:00 by thabeta · 2 comments
thabeta commented 2024-09-19 13:27:13 +00:00
Member
Copy Link

continuation of #82

  • restricted outgoing network, only traffic to router is allowed (we get router info over DHCP, auto config)
  • default whitelisted outgoing web traffic (can be turned off by farmer), which means VM's can only go to whitelisted services (https) and web domains (can be with filter e.g. *.ubuntu.com), this to make sure people cannot use our VM's for e.g. hacking
  • the whitelists for outgoing traffic come from a github repo which is signed by us, this gets reloaded every hour
continuation of https://git.ourworld.tf/tfgrid/circle_engineering/issues/82 - [ ] restricted outgoing network, only traffic to router is allowed (we get router info over DHCP, auto config) - [ ] default whitelisted outgoing web traffic (can be turned off by farmer), which means VM's can only go to whitelisted services (https) and web domains (can be with filter e.g. *.ubuntu.com), this to make sure people cannot use our VM's for e.g. hacking - [ ] the whitelists for outgoing traffic come from a github repo which is signed by us, this gets reloaded every hour
thabeta commented 2024-09-19 13:28:18 +00:00
Author
Member
Copy Link

as this is requiring a GEP it's moved on its own also still blocked on jan's input

https://github.com/threefoldtech/zos4/pull/6
https://github.com/threefoldtech/zos4/pull/7

as this is requiring a GEP it's moved on its own also still blocked on jan's input https://github.com/threefoldtech/zos4/pull/6 https://github.com/threefoldtech/zos4/pull/7
thabeta added this to the tfgrid_3_15 project 2024-09-19 13:28:23 +00:00
mik-tf commented 2024-09-30 17:02:43 +00:00
Owner
Copy Link

Update

  • We are syncing with comms circle to make sure the info is properly communicated, only when it is ready to be communicated

Related Issue

Status

  • The GEP can happen after the token-based GEP is passed
  • @delandtj once it's unblocked on your end, comms circle can write the GEP + ops can create it.

@gosam (comms) @sabrinasadik (ops)

# Update - We are syncing with comms circle to make sure the info is properly communicated, only when it is ready to be communicated # Related Issue - Comms circle: https://git.ourworld.tf/tfgrid/circle_promotion/issues/291 # Status - The GEP can happen after the token-based GEP is passed - @delandtj once it's unblocked on your end, comms circle can write the GEP + ops can create it. @gosam (comms) @sabrinasadik (ops)
mik-tf added the
Story
 label 2024-09-30 17:55:56 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
  
Issue

   
Question

   
Roadmap

   
Story

   
Task

   
Urgent
No Label
Issue
Question
Roadmap
Story
Task
Urgent
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
tfgrid_3_15
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: tfgrid/circle_engineering#98
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?