What do you want in a firewall?
We have all seen the "Cloud Firewall" products offered with bigger VPS providers (Vultr, DigitalOcean, AWS etc), from my experience these are pretty useless for anything but the most basic applications.
For the past 2 years I've been working on a way to scale custom mitigation and firewall rules (at Layer 3-5) to the scales we operate. It looks like this year we will finally achieve the scalability required to offer it.
What remains to be ascertained is the priority for implementation (at customer level) various match parameters, I want this to be as useful as possible. What would you like to see available for either match parameters, or target types in Layer 4 firewall?
- Full BPF (cBPF) expression matching (anything you could select with tcpdump)
- IP ban lists
- DROP target
- Evaluate either for new connections, or on every packet
- RateLimit (white & black) target
- BAN target
- API support for adding/removing IPs from ban lists (i.e so people can take control on their own servers and have us do the heavy lifting)
- IP whitelist
- Paired Ports (accept only where connected to another port)
- DNS match
- TLS match
- String match ( performance )
What would you prioritize?