Harsh J has posted comments on this change. Change subject: KUDU-1875: Refuse unauthenticated connections from publicly routable IP addrs ......................................................................
Patch Set 1: (1 comment) http://gerrit.cloudera.org:8080/#/c/6514/1/src/kudu/rpc/negotiation.cc File src/kudu/rpc/negotiation.cc: Line 68: DEFINE_bool(allow_unauthenticated_public_connections, false, > So looks like we all agree to enable it by default but give users a choice I re-ran the checks with testing public connectivity to some of their used ports, and all of them failed in a ~250 clusters run, so they appear to be fire-walled correctly or are internally used. I'm ok with this being enabled by default as a safe-than-sorry thing, but would it be possible to have better exposure for new installers? Or if that's a Management UI thing we could probably discuss it elsewhere. -- To view, visit http://gerrit.cloudera.org:8080/6514 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I6c3fbb5491785874c5701d6c9d866949cfac905e Gerrit-PatchSet: 1 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Hao Hao <hao....@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Hao Hao <hao....@cloudera.com> Gerrit-Reviewer: Harsh J <ha...@harshj.com> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon <t...@apache.org> Gerrit-HasComments: Yes