Random: Firewall VPSs?

I was talking with a friend tonight, and complaining about the firewalls I find myself behind. I've always thought an ISP's job was to give me unfettered Internet access. I run NAT, which is essentially them same as a firewall that denies all incoming traffic. (Except for a couple port forwarding rules.)

He pointed out that an ISP had an obligation to configure their firewalls to try to throttle viruses and the like.

Which got me thinking... I've always thought it'd be neat to let each user configure firewall rules how they wanted. (Well, select certain configurations, at least.) If I want a fully-open connection, I think it's my right. If you want *nothing* open, that's your right.

I think having a web-based interface to dynamically re-configure a firewall, though, is a terrible idea. Which got me thinking about a crazy idea.

Suppose a 'firewall' box was actually a whole network of VPS hosts that just featured as a firewall. A whole network of IPs would enter the physical host, and the VPS with the appropriate IP would take it from there. People would have access to configure their firewall rules on that box however they pleased. From there, packets would go out the other NIC of the box, and continue onwards.

Now, there's the obvious issue of dozens of VPSs begging to be rooted; some sort of tight security would be important. (A very carefully-written web interface or something of the sort being the only access mechanism?) And the firewall would have certain rules it required, filtering out garbage that could never be legitimate. (ie, private IPs entering the Net, blatant ping flooding, known attack fingerprints...) But after the basic rules, you could configure it.

I can't honestly say I have a use for this, I'm just wondering if it sounds like a horrific idea, or if there's actually any merit to it? I think it'd be nifty for a small ISP to try offering to clients.

 

 

 

 

Top