<p dir="ltr">IPTables works at OSI layer 3/4. It only deals with IP addresses, port numbers, protocols. In layer 7, the application layer to filter contents and URLs we need to use a proxy server like squid. Also for caching contents in a network, squid will be used.</p>
<p dir="ltr">Also in a UTM antivirus and antispam are the tools which will be use. VPN, IPS/IDS &... Are the other features that a standard UTM should support.</p>
<p dir="ltr">In this topic we are talking about main subjects of CentOS Security SIG, not about technical features.</p>
<p dir="ltr">:-) </p>
<div class="gmail_quote">On Mar 22, 2014 2:30 AM, "Manuel Wolfshant" <<a href="mailto:wolfy@nobugconsulting.ro">wolfy@nobugconsulting.ro</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>On 03/21/2014 11:36 PM, Shafiee Roozbeh
wrote:<br>
</div>
<blockquote type="cite">
<p dir="ltr">@Manuel<br>
Our goal is not IPtables rule generator ! We are talking about a
version of CentOS that provide unified threat management which
will be install on a device or server.</p>
</blockquote>
And so far - except for the yet incomplete module from NethServer -
all the talk was around various rules generators.<br>
<pre>Could you please explain in more words what you wish to accomplish ? UTM is a great buzzword and integrating under the same umbrella firewall management and UTM is not trivial. Especially in a clustered world where part of the firewalling is done via appliances from various providers such as Cisco, Juniper, Vyatta, Sonicwall and Bluecoat
</pre>
<br>
<br>
<br>
<blockquote type="cite">
<p dir="ltr"> On this machine except iptables we need proxy and
caching service like squid and some tools else.<br>
</p>
</blockquote>
Exactly my point. What other tools do you have in mind ? And WHY do
you need proxy / caching on this machine ? My main proxy for
instance is quite far from some of the border firewalls. Up to 5000
km away. And being able to maintain the firewall rules in a single
place and push them as needed is handy<br>
<br>
<br>
<blockquote type="cite">
<p dir="ltr">
Firewalling is one of our goal...<br>
:-) </p>
</blockquote>
All right. And what other goals are there ?<br>
<br>
<br>
<br>
<br>
<blockquote type="cite">
<div class="gmail_quote">On Mar 22, 2014 1:51 AM, "Manuel
Wolfshant" <<a href="mailto:wolfy@nobugconsulting.ro" target="_blank">wolfy@nobugconsulting.ro</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
<br>
On 21 martie 2014 22:50:39 EET, Shafiee Roozbeh <<a href="mailto:roozbeh.shafiee@gmail.com" target="_blank">roozbeh.shafiee@gmail.com</a>>
wrote:<br>
>@Christoph<br>
>Yes, I worked with this tool sometimes ago but I think
that a web GUI<br>
>is<br>
>better for an administrator and our project because:<br>
><br>
>- An administrator maybe doesn't access to a Linux
desktop to work<br>
>with<br>
>fwbuilder but with his/her tablet or smartphone or even a
Microsoft<br>
>Windows<br>
>OS can work with web GUI<br>
><br>
If you can expose a web interface, you can expose ssh /VNC/VPN
whatever to a machine where fwbuilder can run. Google Play
provides apps for all of those and then some more<br>
<br>
>- Designing and development of web GUI with HTML/CSS is
faster and<br>
>easier<br>
>that using a framework like Qt or GTK<br>
><br>
>- The world is going to web !<br>
And fwbuilder can run on your management workstation and push
the rules to ANY server. Including the web server that you
mentioned :)<br>
<br>
</blockquote>
</div>
</blockquote>
</div>
<br>_______________________________________________<br>
CentOS-devel mailing list<br>
<a href="mailto:CentOS-devel@centos.org">CentOS-devel@centos.org</a><br>
<a href="http://lists.centos.org/mailman/listinfo/centos-devel" target="_blank">http://lists.centos.org/mailman/listinfo/centos-devel</a><br>
<br></blockquote></div>