As our postgresql is listening on public IP, I have manually restricted it to our servers using iptables + ip6tables <div><br></div><div><div>We should generate this in puppet using the list of nodes IPs, and probably have other servers to protect.</div>

</div>