In T381373: Restrict outbound connectivity from PAWS hosts @cmooney added temporary NFT rules to filter suspicious traffic originating from PAWS workers. The traffic is now blocked directly at the source with Kubernetes Network Policies in the PAWS k8s cluster.
We need to remove these hardcoded rules, otherwise they might end up affecting other unrelated hosts that will reuse those IPs in the future.
| Subject | Repo | Branch | Lines +/- | |
|---|---|---|---|---|
| Revert "Block PAWS workers nodes from all UDP traffic other than DNS & NTP" | operations/puppet | production | +0 -18 |
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | • aborrero | T380882 openstack network problems (November 2024) | |||
| Resolved | • aborrero | T381078 cloudgw: suspected network problems | |||
| Resolved | fnegri | T381373 Restrict outbound connectivity from PAWS hosts | |||
| Resolved | fnegri | T383261 Remove hardcoded NFT rules related to PAWS workers |
Change #1105036 had a related patch set uploaded (by FNegri; author: FNegri):
[operations/puppet@production] Revert "Block PAWS workers nodes from all UDP traffic other than DNS & NTP"
Change #1105036 merged by FNegri:
[operations/puppet@production] Revert "Block PAWS workers nodes from all UDP traffic other than DNS & NTP"