openmicroservices.org icon indicating copy to clipboard operation
openmicroservices.org copied to clipboard

Published 20 hours ago verified publisher icon microservices

Feature: Add explicit firewall whitelisting

Open stevepeak opened this issue 6 years ago • 1 comments

Services should be prevented from external/internal internet connections, therefore explicitly listing dns locations they need to communicate with.

whitelist:
  - api.slack.com

The above yaml will only allow the service to communicate with api.slack.com. All other internet connections will be blocked.

stevepeak avatar Jul 19 '19 13:07 stevepeak

Nice idea, but it probably also needs to be able to express more:

  • port (maybe port-ranges and port shorthands like http for 80)
  • hostname regex (e.g. (api*.slack.com)
  • protocol (HTTP, SMTP, ...)
  • package types (TCP, UDP, ...)
  • package direction: incoming/outgoing
  • IPv4, IPv6 addresses (with subnet groups)

Also, this needs to be applied with the local omg CLI too.

wilzbach avatar Jul 19 '19 14:07 wilzbach