mending firewall

February 6, 2023

Something there is that doesn't love a firewall,

That deletes hotfixes by unexpectedly power-cycling it

And provokes responders to whitelist vast IP ranges

At increasingly high priority.

The work of task-oriented developers is something different

I have come after them and made repair

Where they have bypassed the firewall altogether

To do a demo hosted on their laptop,

To please their yapping PMs. But on the other thing

Rebooting unexpectedly--the logs are noncommittal;

Some months or years of periodic stats and then restart.

The audit task comes up when it comes up,

I pull config repos, dig up ancient keys

And for a sprint, in screen, I ping and ssh

And make the deployed config and git agree.

When there's a difference either could be right.

I ask around, teams justify, we choose.

To each a threat-model appropriate to each.

Some systems so old we have to set custom baud

And remember the implementors liked initialisms

"wr" is "write," those letters unambiguous.

We test the limits of slack search for readmes.

Oh, just another kind of semantic game,

Allow and deny. It comes to little more:

There where it is we do not need the firewall:

It's an internal boundary between divisions.

The firmware team and database team aren't enemies.

The Director says, "Shareholders expect best practices."

CIDR notation makes me salty, and I wonder

If I could put a notion in his head:

"Whose best practices specify this? Isn't this from

When these were separate companies? It's different now."

Before I set up a firewall I'd ask to know

What I was walling in or walling out

And which executive's daytrading platform I was like to block.

Something there is that doesn't love a firewall,

That wants it down. I could say "gremlins" to the Director,

But it's not gremlins exactly, and I'd rather

He interest himself in someone else’s business. I see him there

Gazing at the IP addresses in an acl

Remembering where the gateway was back when.

He probably still has keys to these boxes somewhere,

And contingency plans for every kind of betrayal.

He will not go behind his boardroom saying

And he likes having thought of it so well

He says again, "Shareholders expect best practices."