Status: IN
The catbeez production deployment restricts SSH access to `136.56.0.0/16` via firewalld; HTTP/HTTPS are open to all.
Source: entries/2026/05/11/deployments-catbeez-deploy-prod.md
# From catbeez-arcade/deploy-prod.py — firewalld rich rule for SSH source IP restriction
await ftl["catbeez-prod"].shell(
cmd="firewall-cmd --permanent --zone=drop "
"--add-rich-rule='rule family=\"ipv4\" source address=\"136.56.0.0/16\" "
"service name=\"ssh\" accept' && firewall-cmd --reload"
)