Last friday I gave a talk at Security Bsides Delaware on building dynamic
firewalls with Chef and Netfilter. It’s essentially a presentation of the AFW
cookbook (https://github.com/jvehent/AFW/) that we have been developing at
AWeber for the past 6 months.
The video is here: https://vimeo.com/53423330
I know from discussions on #chef that some folks are using similar
techniques in their own firewall cookbooks. I would be curious to hear about
what approach people are taking to configure them:
- Do you use static rules ?
- Do you use searches ?
- How do you tell database-B to accept connection from API-A ?
I also had an interesting question from a post-talk discussion: would it be
possible to use Chef to configure a Cisco firewall ? I’m not sure how that
would work… maybe run chef-client on a VM that mimics the Cisco device, and
that pushes the rules to the appliance using tftp ? If you have
ideas/thoughts, I’m definitely interested!
Julien Vehent - http://jve.linuxwall.info