DigitalOcean home
  • Droplets
  • Spaces
  • Kubernetes
  • Tools & Integrations
  • One-click Apps
  • API Documentation
  • Community
  • Tutorials
  • Q&A
  • Projects
  • Meetups
  • Customers
  • Pricing
  • Docs
  • Support
  • DigitalOcean home
  • Products

    • Droplets

      Scalable compute services.

    • Spaces

      Simple object storage.

    • Kubernetes

      Run managed Kubernetes clusters.

    • Tools & Integrations

      Automate your infrastructure.

    • One-click Apps

      Deploy pre-built applications.

    • API Documentation
  • Customers
  • Community

    • Community Overview

      Connect, share and learn

    • Tutorials

      DevOps and development guides

    • Questions & Answers

      Development and systems Q&A

    • Projects

      Community-built integrations

    Get Involved
    Write for DOnations
    Join us at a Meetup
    Featured Post
    An Introduction to Kubernetes

    by Justin Ellingwood

  • Pricing
  • Docs
  • Support

    • Documentation

    • Contact Support

    • Network Status

  • Home /
  • DO-I-422 /
  • New idea
28 VOTE

Name firewall rules

I use the firewalls to block SSH from all but our employee IPs. However, those IPs change weekly, and I end up having to maintain a map and it's really confusing. I'd like to have a way to name them so I can easily update them.

Different ways I've done this with traditional firewalls:
• Create one SSH rule per person and name the rule
• Create a named machine with an IP for each person, and add all those machines to the SSH rule

Please please please let me know if this is something you can accommodate in the future.

  • Samuel Dillow
  • Sep 11 2018
Cloud Firewalls
  • Comments (3)
  • Votes (28)
  • Attach files
  • Jim Smith commented
    11 Sep, 2018 04:02pm

    I agree with this, maybe allow named address lists (which contains IP addresses that you can easily update) , so that you can reference an address list by name in your DO FW rule.

    Even better, allow us to specify DNS entries as "IPs" (and maybe DO resolves them every 30m or something) . alot of HW firewalls support this (and i use it often).

    Something has to be done as the current method of entering IP addresses is really bad and slow (and awkward, you cant copy / paste, you cant enter IPs or ranges quickly either).

    thanks

    ×

    Attachments Open full size

  • J Heasley commented
    11 Sep, 2018 04:02pm

    You should probably use the api.

    ×

    Attachments Open full size

  • Jason Huggins commented
    11 Sep, 2018 04:02pm

    An approach I've seen elsewhere is to allow tags at the rule level.
    Also, a description box at the firewall level would be helpful as well.

    ×

    Attachments Open full size

Log in / Sign up

Identify yourself with your email address

Subscribe

You won't be notified about changes to this idea.

Related ideas

Busy.b7e3690b94c43e444483fbc7927a6a9a
DigitalOcean home

© 2018 DigitalOcean, LLC. All rights reserved.
Proudly made in NY

  • Twitter
  • Facebook
  • Instagram
  • YouTube
  • LinkedIn
  • Glassdoor
Company
About
Leadership
Blog
Careers
Partner Network
Referral Program
Events
Press
Legal & Security
Products
Droplets
Spaces
Kubernetes
Tools & Integrations
One-click Apps
API
Pricing
Documentation
Release Notes
Community
Tutorials
Meetups
Q&A
Write for DOnations
Droplets for Demos
Hatch
Shop Swag
Research Program
Currents Research
Open Source
Support
Contact Support
FAQ
Network Status