Currently we are using a set of security groups:
| Security Group | Description | Ports | Notes | Temp rule notes |
|---|---|---|---|---|
| CHF-Access-Web | CHF internal web access | 80, 443 | IT has the list of addresses, may need to be updated for California offices? | |
Management-Access | worldwide ssh access | 22 | All machines MUST have this group to allow ssh access. | |
Public-Access-Web | Public web access | 80, 443 | Open worldwide | |
Temp-Development | short term dev firewall rules | ?? | Please use this for short term access, rules in here may be cleared off | |
Temp-Production | short term production firewall rules | ?? | Please use this for short term access, rules in here may be cleared off | Will be adding Cat and Sarah to Hydra for off-site access in case of Septa strike. Roger Turner has his address (75.75.165.67) added for offsite access to Hydra. |
Temp-Staging | short term staging firewall rules | ?? | Please use this for short term access, rules in here may be cleared off |
When a machine has multiple security groups, as long as any one of the groups allows access the connection will work through the firewall. Anything not covered will be rejected however.