DO Ideas 2

Name firewall rules

I use the firewalls to block SSH from all but our employee IPs. However, those IPs change weekly, and I end up having to maintain a map and it's really confusing. I'd like to have a way to name them so I can easily update them.

Different ways I've done this with traditional firewalls:
• Create one SSH rule per person and name the rule
• Create a named machine with an IP for each person, and add all those machines to the SSH rule

Please please please let me know if this is something you can accommodate in the future.

  • Samuel Dillow
  • Sep 11 2018
  • Attach files
  • Jason Huggins commented
    September 11, 2018 16:02

    An approach I've seen elsewhere is to allow tags at the rule level.
    Also, a description box at the firewall level would be helpful as well.

  • J Heasley commented
    September 11, 2018 16:02

    You should probably use the api.

  • Jim Smith commented
    September 11, 2018 16:02

    I agree with this, maybe allow named address lists (which contains IP addresses that you can easily update) , so that you can reference an address list by name in your DO FW rule.

    Even better, allow us to specify DNS entries as "IPs" (and maybe DO resolves them every 30m or something) . alot of HW firewalls support this (and i use it often).

    Something has to be done as the current method of entering IP addresses is really bad and slow (and awkward, you cant copy / paste, you cant enter IPs or ranges quickly either).