Skip to content

Disable creation of ipv6 bastion security group inbound rule #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
chapitos opened this issue Feb 5, 2020 · 1 comment
Open

Disable creation of ipv6 bastion security group inbound rule #60

chapitos opened this issue Feb 5, 2020 · 1 comment

Comments

@chapitos
Copy link

chapitos commented Feb 5, 2020

Currently the bastion security group will have at least 2 inbound rules: one ipv4 and one ipv6. There is no way to, for example, exclude the ipv6 inbound rule. In the case where there is no ipv6 address for the source defined for the ipv4 inbound rule, one can only workaround this by, for example, providing a ipv6 private address range (fc00::/7).
It seems to me this is a use case that should be addressed by either controlling creation of ipv6 inbound rule with an additional parameter, or changing the default behaviour of the allowed_ipv6_cidr parameter. The latter does not feel right, as it will not be consistent any more with allowed_ipv4_cidr parameter.
@wilson
Copy link

wilson commented Jul 15, 2022

Do we still want this? I could make a PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wilson @chapitos