iceberg icon indicating copy to clipboard operation
iceberg copied to clipboard

Published 20 hours ago verified publisher icon linkedin

Restrict access to Jenkins Server by default

Open PaulDuvall opened this issue 8 years ago • 4 comments

Restrict access to a non-existent IP Address by default and require the user to enter their /32 IP as a parameter.

PaulDuvall avatar May 17 '16 14:05 PaulDuvall

255.255.255.255/32 is a good IP for this (never matches, doesn't throw errors in APIs)

jeffb-stell avatar May 17 '16 15:05 jeffb-stell

FWIW, AWS suggest 127.0.0.1/32 when you need to limit egress on security groups defined in CloudFormation. If, for whatever reason, AWS were to allow broadcast traffic in a VPC, 255.255.255.255/32 would match it. Where as the loopback netblock should never be seen outside of the loopback device.

PS: Hope all is well over at Stelligent. ;)

vrivellino avatar May 23 '16 11:05 vrivellino

I created a pull request that fixes this issue. It restricts all inbound SSH rules to only the creator's IP Address at the /32 range. Should web access on port 8080 be restricted as well? That's an easy change.

akuma12 avatar Jan 06 '17 20:01 akuma12

@akuma12 Yes, thanks. Btw, I'll be creating a new issue to remove the need for Jenkins and use CodeBuild, but we'll get to it when we can :-)

PaulDuvall avatar Jan 06 '17 21:01 PaulDuvall