| ▲ | stormbeard 2 hours ago | |||||||
I can't believe people are paying these crazy amounts for what is basically a fleet of firewalls. What is the difficulty in running VMs with nftables rules? | ||||||||
| ▲ | notatoad 34 minutes ago | parent | next [-] | |||||||
running a VM where? on an ec2 instance? who's going to keep that updated for me? who's going to reprovision it when aws retires the underlying hardware? who's going to monitor it for PCI compliance for me? i don't want to deal with all that. i could dump it on fargate, but at that point it's barely cheaper than just using the official version. i've had to look at my nat gateway zero times since i set it up a couple years ago. i can't say that about any VM host i've got. to me, that's easily worth the few dollars a month that aws charges for it. it's cheaper than hiring somebody, and it's cheaper than me. | ||||||||
| ||||||||
| ▲ | gerdesj an hour ago | parent | prev | next [-] | |||||||
Or if nft is too complicated (firewalld) then do ufw. | ||||||||
| ▲ | Nextgrid an hour ago | parent | prev [-] | |||||||
1) You can't `npm install` it, which is a huge barrier to entry to the modern breed of "engineers". 2) Companies will happily pay thousands in recurring fees for the built-in NAT gateway, but if an engineer asks for even half that as a one-off sum to motivate them to learn Linux networking/firewalling, they'd get a hard no, so why should they bother? | ||||||||