Happy New Year everybody!
After finding out the hard way before Christmas that DPM drain was
broken for us because my pool nodes couldn't freely talk using RFIO I
have come back from my holiday refreshed and ready to fix my drains,
which is a matter of fixing my shift.conf (easy) and my firewalls. I
was just wondering though - is there a strong argument against opening
up the rfio port to the world rather then just the subnets my pools
are on (other then the rule of thumb that one endevours to keep ones
firewalls as tight as possible). Is there an argument in favour of
opening the port to the world - a use case where this is useful
(currently or in the near future)? What do others have going on in
their iptable rules?
Cheers all,
Matt
|