From: Jason Dillaman <dillaman@redhat.com>
Date: Mon, 24 Sep 2018 14:32:25 +0000 (-0400)
Subject: doc: ceph-iscsi-api ports should not be public facing
X-Git-Tag: v14.0.1~189^2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=24beceef6412010589252de0884addc363d7bf05;p=ceph.git

doc: ceph-iscsi-api ports should not be public facing

Signed-off-by: Jason Dillaman <dillaman@redhat.com>
---

diff --git a/doc/rbd/iscsi-target-cli.rst b/doc/rbd/iscsi-target-cli.rst
index 28a1d9af05a19..faba494121352 100644
--- a/doc/rbd/iscsi-target-cli.rst
+++ b/doc/rbd/iscsi-target-cli.rst
@@ -43,6 +43,11 @@ to the *Installing* section:
 
 #. If needed, open TCP ports 3260 and 5000 on the firewall.
 
+   .. note::
+      Access to port 5000 should be restricted to a trusted internal network or
+      only the individual hosts where ``gwcli`` is used or ``ceph-mgr`` daemons
+      are running.
+
 #. Create a new or use an existing RADOS Block Device (RBD).
 
 **Installing:**