Excellent Linodians,

Would it be possible to consider having a web-based Linode firewall for a given Linode?

Nothing too fancy, something more of just port/udp/tcp allow in/out like pixxa has:

I don't see why you couldn't install it on the linode; anything you can do with a dedicated server, you can do on a linode. I can't suggest any web-based firewall interfaces, though, as I've never used any. Webmin has some interface to that stuff, I think, but webmin is often thought of as a security risk.

Anything is possible but it doesn't sound like it would be sensible.

Most people use iptables and tell their daemons to only bind an internet IP if they expect incoming connections.

I'm not looking for insults or advice from the peanut gallery on how to run my own linode, but rather making a feature request to Linode staff.

I'm well aware of how to use iptables.

A VPS provider offering a firewall is not a bizarre thing.


http://www.gogrid.com/cloud-hosting/har ... ewalls.php

By 'web-based' I mean you login to your linode.com account, and configure a firewall the same way you do DNS. All in the Linode Manager.

Thanks,

Right, but it's perfectly legitimate for us to question the utility of such a feature. What value is there in a web interface to manage a host-side firewall? There is no performance advantage there, since the filtering will still be happening on the same hardware. There's no usability advantage there, since you can do the web interface directly on the linode just as easily.

DNS makes sense; you can't get the high availability from your one linode as you can from Linode's cluster of them, for one thing. But a firewall on the host doesn't have that same advantage.

You're asking Linode to spend time and effort in a feature that I suspect most of the Linode community thinks is useless. Just as much as you should have the opportunity to request a feature be implemented, we should have the opportunity to request that a feature *not* be implemented.

< facepalm.jpg >

No - NOT a web-interface to manage a HOST-SIDE firewall.

I am referring to a completely _separate_ firewall entirely independent to your host.

I understand this is a concept completely foreign to Linode users.

Ex: AWS security groups!

While that is certainly interesting, for $200/month it would take pretty odd circumstances to warrant it.

_________________
--
Chris Bryant

Yes imagine you are a customer using linode as your cloud datacenter.

Scenario:

You have 30-50 linode servers, all behind ONE mega border firewall which you easily manage firewall rules via the Linode Manager.


(You could of course have host firewalls in place as well.)

This is what the bigger VPS companies like gogrid are offering.

Linode doesn't have to be that huge at the get go. Just a simple firewall to start would be awesome.

Then login to Linode Manager, create firewall rules for your group of Linodes (your datacenter in the cloud), and save.

I really don't see gogrid as a VPS provider, and I would simply run all of the traffic through a dedicated 'node acting as a firewall, but...
I can see that the hardware solution would be good for some- I'm sure if there is enough interest, Linode would do it, I just don't see the demand (wouldn't be the first or last time I was wrong, though)

_________________
--

Chris Bryant

I'm not seeing how that is different from putting a dedicated firewall linode in front of a a bunch of server linodes connected together over the private network. What advantage is there to Linode doing this for you instead of doing it yourself?

gogrid is VPS hosting - their operations run xen on centos. They hosted reddit before reddit moved to amazon, for example.

Gogrid was just one random example.

If a small startup like pixxa.co can incorporate a fairly useful firewall (for free), I assume that it is well within the ability of Linode.

Agree to disagree I guess.

We get peanuts?

Linode just keeps getting better and better.

He said there's a galley so there must be peanuts!

Peanuts? Where?

If you pee nuts, see a doctor!

_________________
Rgds
Stephen
(Linux user since kernel version 0.11)