Show Posts
1
General Discussion / How to manage thousands of firewall rules
« on: February 21, 2019, 04:01:26 pm »
Hi,
we are in a process of choosing a replacement for our old Linux firewall. We currently use Shorewall framework to control IP tables. Currently we have something around 5000 rules. Our environment is restrictive, so when an user wants to connect to a production server, we need to add a rule for it. Now we have a config file per user, so using zone based approach allows us to easily see where any user can connect - so auditing is somehow easy.
We like OPNsense but we cant find any reasonable method how to migrate this number of rules into it. Is anyone using OPNsense with this high amount of rules? How to manage it? We dont want to list through hundreds of rules on one page until we find the correct ones - this will be a place for making a lot of mistakes.
Thanks for any ideas.
we are in a process of choosing a replacement for our old Linux firewall. We currently use Shorewall framework to control IP tables. Currently we have something around 5000 rules. Our environment is restrictive, so when an user wants to connect to a production server, we need to add a rule for it. Now we have a config file per user, so using zone based approach allows us to easily see where any user can connect - so auditing is somehow easy.
We like OPNsense but we cant find any reasonable method how to migrate this number of rules into it. Is anyone using OPNsense with this high amount of rules? How to manage it? We dont want to list through hundreds of rules on one page until we find the correct ones - this will be a place for making a lot of mistakes.
Thanks for any ideas.