Hi, I am working on Juju topics to be presented to my collagues . One important topic is security. I know, that Ubuntu images have (for example) enable unintended upgrades for security patches. That’s nice.
How about automatic firewall rules? I was under impression, that iptables are automatically applied for each machine/application upon deployment. But on my lab environment (LXD cluster) I can’t see any rules on deployed machines nor on controller.
Is possible to manage iptables automatically using Juju/charms? And expose just ports needed for application functionality (Prometheus port 9090…) and machine access (ssh)?
I can see that there are options on juju cli:
juju list-firewall-rules juju set-firewall-rule
But I am not sure about how it exactly works especially across different clouds.
I didn’t find anything in docs (I probably missed something). Could you please explain me how (if at all) is this functionality implemented and limited?
Thanks for your explanation/ help in advance.