I've talked to multiple DSF development team members about these on various ocassions, however nothing changed, therefore I'm now officially opening this as a feature request. I am aware of the fact, that this does not affect all sites. Still this is a real PITA for affected sites.
Related Problem
Keeping Firewall and Proxy-Allowlists current is tedious and by times almost impossible.
The downloadable XLSX files containing the addresses needed for firewall and proxy configuration at some sites are not versioned neither dated. There is no viable chance to review changes on these lists.
Also there is no notification on updates on these lists. While regular allowlist updates are announced via E-Mail. Sites who need Firewall and Proxy configuration regularly run into errors, due to missing notifications on endpoint changes.
Furthermore the lists are missing administrative endpoints like those needed for the AllowList process plugin.
Describe the Solution You’d Like
Bare minimum for usability:
- Introduce Version numbers and dates on the lists.
- Notify sites about changes (optionally via Opt-In)
- Add administrative process plugins endpoint adresses (e.g. AllowList process plugin)
Convenience:
- A version comparison feature in the AllowListManagement would be really nice. I'm imagining something where I can select two versions of the lists and get the differences (i.e. additions and deletions) in a readable view.
- Download of the lists in different formats, especially machine readable, would be nice. XLSX is okayish but not a good solution for automatic processing into iptables rules or similar.
Describe Alternatives You’ve Considered
Currently we are running a sloppily written XLSX-Diff-Script that exports only the needed changes for our IT security. Otherwise they would need to compare their firewall rules and proxy allowlists to the XLSX by hand each time. Still this requires us to keep track of the exact file we have sent our IT department last time in order to compare to this exact version. That process is still tedious and also error-prone. We still need to regularly do a complete re-comparison with the rules because something got lost in the process and if that happens we are regularly missing the endpoint for the AllowList process plugin.
I've talked to multiple DSF development team members about these on various ocassions, however nothing changed, therefore I'm now officially opening this as a feature request. I am aware of the fact, that this does not affect all sites. Still this is a real PITA for affected sites.
Related Problem
Keeping Firewall and Proxy-Allowlists current is tedious and by times almost impossible.
The downloadable XLSX files containing the addresses needed for firewall and proxy configuration at some sites are not versioned neither dated. There is no viable chance to review changes on these lists.
Also there is no notification on updates on these lists. While regular allowlist updates are announced via E-Mail. Sites who need Firewall and Proxy configuration regularly run into errors, due to missing notifications on endpoint changes.
Furthermore the lists are missing administrative endpoints like those needed for the AllowList process plugin.
Describe the Solution You’d Like
Bare minimum for usability:
Convenience:
Describe Alternatives You’ve Considered
Currently we are running a sloppily written XLSX-Diff-Script that exports only the needed changes for our IT security. Otherwise they would need to compare their firewall rules and proxy allowlists to the XLSX by hand each time. Still this requires us to keep track of the exact file we have sent our IT department last time in order to compare to this exact version. That process is still tedious and also error-prone. We still need to regularly do a complete re-comparison with the rules because something got lost in the process and if that happens we are regularly missing the endpoint for the AllowList process plugin.