[CentOS-devel] CentOS Firewall and UTM SIG
Manuel Wolfshant
wolfy at nobugconsulting.ro
Fri Mar 21 22:00:47 UTC 2014
On 03/21/2014 11:36 PM, Shafiee Roozbeh wrote:
>
> @Manuel
> Our goal is not IPtables rule generator ! We are talking about a
> version of CentOS that provide unified threat management which will be
> install on a device or server.
>
And so far - except for the yet incomplete module from NethServer - all
the talk was around various rules generators.
Could you please explain in more words what you wish to accomplish ? UTM is a great buzzword and integrating under the same umbrella firewall management and UTM is not trivial. Especially in a clustered world where part of the firewalling is done via appliances from various providers such as Cisco, Juniper, Vyatta, Sonicwall and Bluecoat
> On this machine except iptables we need proxy and caching service like
> squid and some tools else.
>
Exactly my point. What other tools do you have in mind ? And WHY do you
need proxy / caching on this machine ? My main proxy for instance is
quite far from some of the border firewalls. Up to 5000 km away. And
being able to maintain the firewall rules in a single place and push
them as needed is handy
> Firewalling is one of our goal...
> :-)
>
All right. And what other goals are there ?
> On Mar 22, 2014 1:51 AM, "Manuel Wolfshant" <wolfy at nobugconsulting.ro
> <mailto:wolfy at nobugconsulting.ro>> wrote:
>
>
>
> On 21 martie 2014 22:50:39 EET, Shafiee Roozbeh
> <roozbeh.shafiee at gmail.com <mailto:roozbeh.shafiee at gmail.com>> wrote:
> >@Christoph
> >Yes, I worked with this tool sometimes ago but I think that a web GUI
> >is
> >better for an administrator and our project because:
> >
> >- An administrator maybe doesn't access to a Linux desktop to work
> >with
> >fwbuilder but with his/her tablet or smartphone or even a Microsoft
> >Windows
> >OS can work with web GUI
> >
> If you can expose a web interface, you can expose ssh /VNC/VPN
> whatever to a machine where fwbuilder can run. Google Play
> provides apps for all of those and then some more
>
> >- Designing and development of web GUI with HTML/CSS is faster and
> >easier
> >that using a framework like Qt or GTK
> >
> >- The world is going to web !
> And fwbuilder can run on your management workstation and push the
> rules to ANY server. Including the web server that you mentioned :)
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140322/a7423168/attachment.html>
More information about the CentOS-devel
mailing list