UFW / Firewall management
in progress
A
Arni from Webdock
Opening / closing ports directly from the dashboard as well as adding pre/post route advanced rules
Log In
A
Arni from Webdock
in progress
This is now in progress
A
Arni from Webdock
planned
Moving this to planned as there is clearly a lot of interest in this feature. We will update once we know where this fits into our development pipeline.
C
Cezar
Not ufw. This must be in front of the servers, not at the OS level.
This is so critical considering the servers are publicly available on the internet.
If you run docker, you’re completely exposed as docker manages iptables rules to allow container networking to work.
You can place a Palo Alto or a large host with SDN in front of the VMs and manage FW rules from the web interface for each VM using REST.
A
Arni from Webdock
Cezar: Hello Cezar - one thing doesn't exclude the other. We want to allow for easy UFW management in our Dashboard and then probably in the future we would consider DC-level firewalling as an add-on to your server (like most other providers do it)
I will add this as a seperate feature request here shortly.
A
Arni from Webdock
Cezar: I added it just now, here: https://webdockio.canny.io/feature-requests/p/datacenter-level-firewall-option
E
Epsilon PS _ Paul Schiffer
Arni from Webdock: Is it the backend that is generating the "wrong" URL for you? I think it should be the feedback.webdock.io URL, not a subdomain of canny.io.
A
Arni from Webdock
Epsilon PS _ Paul Schiffer: Yes when logged in as admin I get that URL forced upon me - sorry I didn't notice. It's the same page so not a big deal. Thanks for flagging it :)
E
Epsilon PS _ Paul Schiffer
Cezar: I am with Arni on this one. At the moment, to increase security without major hardware and/or programmatical investment, we need a way to seamlessly control UFW from the dashboard, more so if you use a tunneling / Zero Trust solution in combination with the VPS' since then you can just close all incoming ports.
E
Epsilon PS _ Paul Schiffer
Arni from Webdock: No worries :) Maybe Canny can implement a 302 redirect to the customers URL when you call an x.canny.io subdomain, so a main / second domain implementation. The mail notifications also come from notifications@canny.io, is that brandable to Webdock as well?
A
Arni from Webdock
Epsilon PS _ Paul Schiffer: No unfortunately we have exhausted all branding options with Canny - there are more things than what you mention we'd like to be able to do (like, link the header logo back to our main website), but for now this is what we get with Canny.
C
Cezar
Epsilon PS _ Paul Schiffer: tunneling is an option, yes.
Ufw / firewalld doesn’t work in a docker scenario though. You’ll need complete iptables control and disable docker’s ability to manipulate it.
E
Epsilon PS _ Paul Schiffer
Cezar: Indeed that is a problem. However I believe that could be scripted when opening the UFW/Firewall management blade in the dashboard and Docker gets detected.
C
Cezar
count me in for testing when you’ll have something.
E
Epsilon PS _ Paul Schiffer
Arni from Webdock: I have another finding on the Canny branding (I know this is the wrong thread but we started the discussion here): All links within emails point to webdockio.canny.io instead of feedback.webdock.io.
A
Arni from Webdock
Epsilon PS _ Paul Schiffer: Got it. We are scheduling a call with the folks at Canny soon where I will bring up these details. Thanks.!
A
Arni from Webdock
under review
We would like to see how many upvotes this feature gets before committing to it.