On 5/4/22 05:30, Tom Browder wrote:
From what I've seen of HAProxy's configuration, it seems it may be able to be used as an easy-to-configure firewall immediately downstream from my ISP's router and inside a small Debian computer feeding another router.

Does that sound feasible? Or is there a physical router available that incorporates HAProxy?

While this could theoretically be a possible use case for haproxy, it is not something I would try.  Haproxy is designed to be a proxy server and load balancer.  In those capacities, it is good enough for mission-critical deployment.

But haproxy is not designed to fill the role of a firewall.  I mean no disrespect to Willy or the other people that spend their valuable time working on haproxy when I say this.  I love haproxy .... it is one of the best pieces of software in my problem-solving toolkit.  But for a software firewall, I will look elsewhere, for something that is designed for that role.

Some things that I can think of that I don't think haproxy can do that you'd expect from a firewall:

* Permit or deny any traffic other than TCP or UDP.
** Examples:  ICMP, IGMP, GRE, ESP.
* Examine certain application protocols to track and automatically allow related connections.
** FTP and RPC are the examples that come to mind.

TL;DR: While I am not part of the development team for this project, I am part of the development team for Apache Solr. Something that we are very often telling people on the Solr users list:  Solr is a search engine.  It is not a database.  It's a discussion similar to your question.  The response is:  When you have a software need, find software that is designed for the role.


Reply via email to