I honestly blame DigitalOcean a bit for not providing a VPC and/or a centralized firewall. It is tedious to configure iptables rules on each server and easy to overlook and make mistakes.
Furthermore, it should be the job of the firewall to limit access to server interfaces/ports, not the services inside of servers. Binding on 0.0.0.0 seems perfectly acceptable, especially for cluster/distributed services that talk amoung themselves.
Furthermore, it should be the job of the firewall to limit access to server interfaces/ports, not the services inside of servers. Binding on 0.0.0.0 seems perfectly acceptable, especially for cluster/distributed services that talk amoung themselves.