I've been doing a lot of devstack deployments to cloud instances, and someone managed to compromise a box (I recevied an email from Rackspace Abuse). I wasn't locking my boxes down, and so I assume that someone used the default devstack credentials to get into the box.
So from now on, I'm going to load the following iptables script into every box (output with iptables-save
).
http://www.cyberciti.biz/faq/how-do-i-save-iptables-rules-or-settings/
Read more on creating the perfect iptables ruleset.