amazonaws.com?
Robert Bonomi
bonomi at mail.r-bonomi.com
Mon May 26 16:38:47 UTC 2008
> From: "Suresh Ramasubramanian" <ops.lists at gmail.com>
> Subject: Re: amazonaws.com?
>
> On Mon, May 26, 2008 at 1:28 PM, Colin Alston <karnaugh at karnaugh.za.net>
> wrote:
[[.. sneck ..]]
> With respect, in such cases, amazon is better off firewalling outbound
> port 25 (or indeed, outbound anything at all) for accounts that dont
> specifically ask for it. Quite a lot of EC2 compute time is for
> number crunching and such - not just hosting, or email, or ..
I'm hard-pressed to think of a single letigimate use for a _compute_ cluster
that requires outgoing access to more than a handful (i.e. an _itemizable_
list) of machines.
Am I missing something obvious?
If not, such a "block all outgoing, except for listed exceptions" policy
could be 'trivially' implemented with an extra list field on the sign-up
form, coupled with automated transformation into firewall rules.
More information about the NANOG
mailing list