How do I secure a CoreOS machine?
When I run a CoreOS machine but default there are no iptables rules set up to block inbound connections. Looking through the tutorials nothing seems to mention this, am I missing something here?
FWIW I’ve googled around and found a few examples of cloud-config that are supposed to lock things down but they don’t seem to work - as soon as I bring up a test nginx container it’s available externally on the public IP on whichever port I’ve bound the containers port 80 to on the host.
Any good examples of how this is supposed to be done (noting that the CoreOS site itself says it’s recommended to use a physical firewall, EC2 security groups or similar) - is it possible to achieve this with iptables on the machine itself?