You are here

AFW: Automating host-based firewalls with Chef

Submitted by ahf on Thu, 03/07/2013 - 22:30

Virtualized web infrastructures often means having a bunch of web applications talking HTTP to each other all over your network. REST APIs everywhere, VMs appearing and disappearing every day, without any sort of ACL or passwords between them. From a firewall standpoint, manually managing the rules between those VMs is unrealistic, and often results in opening tcp/80 (and more) everywhere by default. This is obviously not ideal. Some have tried to deploy web application firewall, but few have survived to testify. AFW ( is a Chef cookbook that solves these problems by controlling host-based Netfilter/iptables firewalls on each system of a Chef provisioned environment. I will demonstrate how host-to-host rules can be created and kept up to date by using a set of generic rules expanded dynamically.

About the speaker

Julien is a Security Engineer at He specializes in Web Architecture’s Systems and Security, Networking and Cryptography. He build infrastructures from the ground up, in datacenters or in the cloud, and from the front firewall to the backend database.

Schedule info
Julien Vehent