Temporarily add opsguide

Tobias Fuhrimann · Tobias Fuhrimann · commit d19e71018384 · 2017-05-01T13:17:16.000+02:00
diff --git a/opsguide/_default_asg.html.md.erb b/opsguide/_default_asg.html.md.erb
@@ -0,0 +1,41 @@
+Cloud Foundry preconfigures two ASGs: `public_networks` and `dns`.
+
+Unless you modify these before your initial deployment, these ASGs are applied by default to all containers in your deployment.
+
+- `public_networks`: This group allows access to public networks, and blocks access to private networks and link-local addresses.
+  Cloud Foundry blocks outgoing traffic to the following IP address ranges by specifically allowing traffic to all other addresses.
+
+    - 10.0.0.0 - 10.255.255.255
+    - 169.254.0.0 - 169.254.255.255
+    - 172.16.0.0 - 172.31.255.255
+    - 192.168.0.0 - 192.168.255.255
+
+- `dns`: This group allows access to DNS on port 53 for any IP address.
+
+The default ASGs are defined in the [cf.yml](https://github.com/cloudfoundry/cf-release/blob/master/templates/cf.yml) file as follows:
+
+<pre>
+  default_security_group_definitions:
+  - name: public_networks
+    rules:
+    - protocol: all
+      destination: 0.0.0.0-9.255.255.255
+    - protocol: all
+      destination: 11.0.0.0-169.253.255.255
+    - protocol: all
+      destination:  169.255.0.0-172.15.255.255
+    - protocol: all
+      destination: 172.32.0.0-192.167.255.255
+    - protocol: all
+      destination: 192.169.0.0-255.255.255.255
+  - name: dns
+    rules:
+    - protocol: tcp
+      destination: 0.0.0.0/0
+      ports: '53'
+    - protocol: udp
+      destination: 0.0.0.0/0
+      ports: '53'
+</pre>
+
+You should modify the default ASGs to block outbound traffic as necessary for your installation.
