Skip to content

Refactor External Firewall Rules to be more graceful and clearer

Follow up from #829 (closed)

The External Firewall rules GET configures are secure but can do with a refresh to be more graceful in private network scenarios as well as have clearer naming schemes. A docs update to be clearer will also be needed.

Task in more detail is as follows:

  • Only create FW rules if either public access is enabled or if the user has passed through specific CIDR blocks. In some cases benign FW rules were being created needlessly that caused no risk but should be handled better.
  • Rename rules and variables relating specifically to GitLab SSH (git clones) to be clearer
  • Refresh docs to call the above out clearer.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information