I suggest you...

← Product Feedback

Create EC2-like security groups, so you don't have to configure iptables for each instance.

For instance, I would like each of my webserver instances to share the same iptables configuration, and furthermore to be communicate between each other without having to reconfigure each server's iptables every time an instance is added or removed.

83 votes
Vote 0 votes Vote Vote
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Forgot password?
    Create a password
    I agree to the terms of service

    You'll receive a confirmation email with a link to create a password (optional).

    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    intrepidwebintrepidweb shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    Roy MartinRoy Martin shared a merged idea: Virtual Firewall / Security Groups  ·   ·  Show description

    6 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Forgot password?
      Create a password
      I agree to the terms of service

      You'll receive a confirmation email with a link to create a password (optional).

      Signed in as (Sign out)
      Close
      Close
      Submitting...
      • DougieDougie commented  ·   ·  Flag as inappropriate

        Not that I don't agree that Rackspace could (and should) make this better/easier for customers, but this is not all that big of a deal compared to the other glaring areas they're lacking in.

        Hows about use your config management app (chef, puppet, BladeLogic, whatever) to push out /etc/sysconfig/iptables and write a template that generates the ruleset on demand? Works fine for me and took about 2 minutes to write a recipe for my rulesets.

      • Sukrit KheraSukrit Khera commented  ·   ·  Flag as inappropriate

        I have been using EC2 and now moving to Rackspace. This is really a must have especially if you have auto scaling array (cluster). With iptables alone , you have to write so many script and handle situations :
        1. Server in the cluster goes down
        2. New server is added
        etc.

      • Matt SolnitMatt Solnit commented  ·   ·  Flag as inappropriate

        This would be great. I would love it if I could make firewall changes without SSH'ing to every running server and making the same iptables change. Also, I would no longer need to create a new server image if I want a firewall change for future servers.

      • Mike ConigliaroMike Conigliaro commented  ·   ·  Flag as inappropriate

        Additionally, messing with iptables rules on cloud instances can be really dangerous, because there is a very real chance that you could accidentally lock yourself out (remember, there's no such thing as console access in the cloud!). Security groups are much safer, because if you ever actually did make a mistake, it's trivial to just edit/delete the rule.

      • Matt JuszczakMatt Juszczak commented  ·   ·  Flag as inappropriate

        I personally feel that Rackspace Cloud shouldn't do this. Primarily because security groups are (mostly) iptables setups - just on the host box and not on the guest. It'll just add another layer to the mix of an implementation that I feel is already better than EC2 because of simplicity. If you use something like puppet, you can pretty easily automate iptables rules.

      Product Feedback: Cloud Servers

      Knowledge Base and Helpdesk

      (thinking…)
      Reset
      Rackspace
      Managed Hosting
      Cloud Hosting
      Email & Apps
      Contact Us
      Sales
      1-800-961-2888
      Support
      1-800-961-4454

      Connect With Us
      ©2011 Rackspace, US Inc. About Rackspace | Fanatical Support® | Hosting Solutions | Investors | Careers | Privacy Statement | Website Terms | Sitemap