Once we started using CentOS for our Couchbase instances here at RecordSetter, I have been looking for a better system for managing the firewalls.
Rackspace, our cloud provider provides public NICs that are open to the Internet at large and obviously need to have a proper firewall. I managed to hack my way through iptables once, but my configuration got wiped by a “yum update” and I really didn’t want to go through that again.
Rackspace has this thing called the Cloud Tools Marketplace where services can register and integrate pretty easily. And that is where I found Dome9.
I found the service to be exactly what I hoped it would be. Installing the agent was extremely easy and was zero config from the console side. Using the web admin to write rules was super easy too. I would have probably preferred to write rules on a NIC by NIC basis, but their model right now is more about whitelisting IP addresses since that works better across a logical group of machines and I’m okay with that.