Allow a global CIDR list source managed by third party

[synergiator]

ISSUE TYPE

• Feature Idea (possibly a plugin?)

COMPONENT NAME

possibly VR, API and UI

SUMMARY

Imagine that you have your firewall ACL configuration being dependent upon a third party, that is, they would publish at least one a day a list of networks your users need to reuse across many accounts.

That is, this proposed feature would allow:

• introducing a global proxy CIDR source in some standard fashion (URL gives you a JSON) and a refresh rate
• referencing the proxy source instead explicit field entry of CIDRs
• pull-based automatic propagation/injection of changes to all linked VRs similar to a cron job

Note: from high-level user perspective, they want to use the third party CIDR lists in any context where you might need them.

@rhtyd what do you think?

[bwsw]

@1605200517 why external firewall appliance doesn't fit the purpose. Why you need CS for that?

[synergiator]

@bwsw then I'd still need to sync data between firewall and CS taking also access rights in account.

This CS feature would enable users to manage firewalling of their accounts themselves and being independent from currently used firewall product (which can still then apply additional global protection logic).

[synergiator]

current workaround is to use tags and external cron