All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
What do you want in a firewall?
We have all seen the "Cloud Firewall" products offered with bigger VPS providers (Vultr, DigitalOcean, AWS etc), from my experience these are pretty useless for anything but the most basic applications.
For the past 2 years I've been working on a way to scale custom mitigation and firewall rules (at Layer 3-5) to the scales we operate. It looks like this year we will finally achieve the scalability required to offer it.
What remains to be ascertained is the priority for implementation (at customer level) various match parameters, I want this to be as useful as possible. What would you like to see available for either match parameters, or target types in Layer 4 firewall?
Currently Available:
- Full BPF (cBPF) expression matching (anything you could select with tcpdump)
- IP ban lists
- DROP target
- Evaluate either for new connections, or on every packet
Planned:
- RateLimit (white & black) target
- BAN target
- API support for adding/removing IPs from ban lists (i.e so people can take control on their own servers and have us do the heavy lifting)
Possible:
- IP whitelist
- Paired Ports (accept only where connected to another port)
- DNS match
- TLS match
- String match ( performance )
What would you prioritize?
Comments
block by country like CSF does.
I would think IP whitelisting is a pretty basic feature...but then, I've never used a "cloud" firewall.
I would like it to be able to run without refueling. Hate it when you have to go topup gasoline to keep the fire wall up. But at least it keeps the zombies out.
So poorly? I'm not keen on perpetuating GeoIP db inaccuracy to be honest.
This is coming from someone who according to Maxmind is located in PNG currently on my home ISP.