linode
Proposal: Interactive firewall rule editor
This relates to #293
After discussing with the firewall team, it seems like automated inserting of individual firewall rules isn't a great idea; the rules are applied immediately as changes are made, and since these rules are applied in order, with the first matching rule being acted on, it's easy to accidentally set up an insecure configuration. To make matters worse, there is no good way to identify a single rule from the response; labels are not required and don't have to be unique, and no other reasonable choice for an identifier is present. As such, automated systems that manage firewall rules should, for that reason, regenerate the entire ruleset for each update; for applications that want to modify the existing rules, they should follow a fetch-update-publish model.
This PR is an attempt at the latter for the CLI; a plugin that allows interactive editing of firewall rules. This is by no means perfect - there are still several TODOs in the code, and it could generally be cleaner - but it should serve as an example of what we might want.o
The interface looks this like:
Firewall: example Status: enabled
Inbound Policy: DROP Outbound Policy: DROP
Inbound Rules:
ind | label | protocol | action | ports | addresses
-----+-------+----------+--------+-------+-------------------
0 | | TCP | ACCEPT | 80 | 192.168.12.34/32
1 | | TCP | ACCEPT | | 12.34.56.0/24
Outbound Rules:
ind | label | protocol | action | ports | addresses
-----+-------+----------+--------+-------+---------------
2 | test | UDP | ACCEPT | | 12.34.56.0/24
Global: Toggle [I]nbound or [O]utbound Policy
Rules: [A]dd, [R]emove, or [S]wap
[W]rtie settings or [Q]uit
Saving..
Rules updated successfully!
Feedback appreciated
