We routinely get questions in the OpenShift forums and on IRC about "permission denied" errors on attempts to connect to an external service from an OpenShift gear. Port 8081 has come up multiple times, but others have been requested. I have not seen a clear list of which ports we allow, or an explanation of what we are achieving by blocking ports. For malicious users, working around this is trivial, while for legitimate users, it only causes confusion and frustration when they hit it. Please consider lifting this restriction entirely, or switching to a publicly defined blacklist with some explanation for the blocked ports.
The Red Hat security team feels unrestricted outbound connections is too dangerous. The OpenShift Operations team has agreed with them.
So how can I allow outgoing connection from Openshift app to external service on non-standard port for legitimate purposes?
Hi, +1 for Peter's question. I really would like to understand what is the difference between outgoing port 8081 and 8082 ? Outgoing port 8082 is wide open but 8081 is closed, for example : # telnet 81.218.41.96 8082 Trying 81.218.41.96... Connected to 81.218.41.96. Escape character is '^]'. GET /index.html HTTP/1.1 200 OK X-Powered-By: Servlet/3.1 JSP/2.3 (GlassFish Server Open Source Edition 4.0 Java/Oracle Corporation/1.7) Server: GlassFish Server Open Source Edition 4.0 Accept-Ranges: bytes but telnet to the same ip on port 8081 : # telnet 81.218.41.96 8081 Trying 81.218.41.96... telnet: connect to address 81.218.41.96: Permission denied Thanks.
If you won't open outbound ports by default, please provide a way we can request outbound ports to be open. I want telnet port 23 outbound open please.