New ask Hacker News story: Ask HN: In light of Log4J why don’t we use outbound firewalls?

Ask HN: In light of Log4J why don’t we use outbound firewalls?
2 by samwillis | 1 comments on Hacker News.
With the Log4J vulnerability it got me thinking out how to secure my apps from similar problems in the future. I already use a WAF such as CloudFlare as an inbound firewall, but what I want is an outbound firewall, like Little Snitch. Also, when building with un-curated package managers such as NPM and PyPi, it’s virtually impossible to audit all dependencies. We now regularly hear news of packages being replaced with backdoored versions makes me very nervous. These could make outbound connections to exfiltrate data with not outside input. I would love it if PAASs (with I prefer) such as Heroku and Fly.io had configurable outbound firewalls. Being able to whitelist what outbound connections were aloud would help enormously, even though it would not solve all potential exploits. Does anyone know of one (I can’t find one)? Why do PAAS (and to some extent IAAS) not have this functionality built in? (Obviously with your own infrastructure this is possible with normal firewalls)