{"id":"catbeez-prod-ssh-restricted-to-source-ip","text":"The catbeez production deployment restricts SSH access to `136.56.0.0/16` via firewalld; HTTP/HTTPS are open to all.","truth_value":"IN","source":"entries/2026/05/11/deployments-catbeez-deploy-prod.md","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{"example":"# From catbeez-arcade/deploy-prod.py — firewalld rich rule for SSH source IP restriction\nawait ftl[\"catbeez-prod\"].shell(\n    cmd=\"firewall-cmd --permanent --zone=drop \"\n        \"--add-rich-rule='rule family=\\\"ipv4\\\" source address=\\\"136.56.0.0/16\\\" \"\n        \"service name=\\\"ssh\\\" accept' && firewall-cmd --reload\"\n)"},"explanation":{"steps":[{"node":"catbeez-prod-ssh-restricted-to-source-ip","truth_value":"IN","reason":"premise"}]}}