Locking down the Instance Metadata Service: Announcing imds-filterd

I investigated writing something like this about 5 years ago for the same reason but settled on just using the iptables owner module instead. It says there is a perf penalty for local firewalls, hence this tool, but I’d rather keep things simple and native over adding more tools and complexity myself. (and I’m not so sure on the real world perf impact of a single DENY rule in iptables, I think it would be negligible in almost all circumstances)

Thanks to the Courtesy of :

https://www.reddit.com/r/netsec/comments/euli42/locking_down_the_instance_metadata_service/

Leave a Reply