<p dir="ltr">@eduardo<br>
Yes you are right. You are not crazy dreamer ! A midrange UTM and uper should support this features and another... </p>
<p dir="ltr">The technical topic will open later, for now we are talking about general subjects ! </p>
<p dir="ltr">Are goal is CentOS Security SIG ! A version of CentOS that provide features for network security and my topics to discuss are:</p>
<p dir="ltr">- Do we need this SIG in CentOS ecosystem? <br>
- Is it any parallel project in CentOS right now? <br>
- Is CentOS a suitable base to provide and create this project?<br>
- and anything you think...</p>
<p dir="ltr">:-) </p>
<div class="gmail_quote">On Mar 22, 2014 3:15 AM, "Eduardo Kaftanski" <<a href="mailto:ekaftan@gmail.com">ekaftan@gmail.com</a>> wrote:<br type="attribution"><blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Can I elaborate a bit on what I would like this SIG to provide?<br>
<br>
-An integrated web console for object oriented (objects being servers,<br>
pc-workstations and people) network access manager. This<br>
console would get installed in a centralized server (maybe a<br>
small VM on whatever virtualization system you have)<br>
<br>
-A small dedicated CentOS server that you can install over comodity<br>
hardware. This would be an 'almost zero config' server. You only need<br>
to specify the IP for the admin interface and the IP for the central<br>
admin-server<br>
<br>
-This small servers can act as firewalls, mail proxys, antiviruses,<br>
web proxies, DNS, etc.<br>
<br>
-Small network? One small VM for the adminserver + one box doing<br>
firewall, proxy, mx, snort, etc.<br>
<br>
-Growing up? install a second box. Select proxy off for box 1 on the admin<br>
console, select proxy on on the second box. Select 'transparent on'. Select<br>
antivirus on. Click apply. Box one is no longer your proxy but transparently<br>
redirects proxy traffic to box two, now your proxy.<br>
<br>
yes, I am a crazy dreamer, but its like Asterisk... if you want a very small<br>
cheap PBX you can buy a Panasonic for US$500. You need Asterisk when you<br>
want the strange and crazy features.<br>
<br>
you dont install a CentOS firewall for a tiny network. A small WRT box<br>
works better<br>
is more stable and its way cheaper. You need a CentOS box when you are doing<br>
strange things, like balancinh, HA, multiview DNS, multiple ISP links,<br>
openvpn servers,<br>
ipsec, etc..<br>
<br>
Ah... at least down here customers place MUCH more weight on the ability to<br>
selectively block access to their own people than protecting from<br>
outside attacks<br>
and 90% of the configurations I make have no external access at all. All they<br>
care is to be able to allow and block youtube and facebook with a mouse click.<br>
<div class="elided-text"><br>
<br>
<br>
<br>
<br>
<br>
<br>
On Fri, Mar 21, 2014 at 6:36 PM, Shafiee Roozbeh<br>
<<a href="mailto:roozbeh.shafiee@gmail.com">roozbeh.shafiee@gmail.com</a>> wrote:<br>
> @Manuel<br>
> Our goal is not IPtables rule generator ! We are talking about a version of<br>
> CentOS that provide unified threat management which will be install on a<br>
> device or server. On this machine except iptables we need proxy and caching<br>
> service like squid and some tools else.<br>
> Firewalling is one of our goal...<br>
> :-)<br>
><br>
> On Mar 22, 2014 1:51 AM, "Manuel Wolfshant" <<a href="mailto:wolfy@nobugconsulting.ro">wolfy@nobugconsulting.ro</a>><br>
> wrote:<br>
>><br>
>><br>
>><br>
>> On 21 martie 2014 22:50:39 EET, Shafiee Roozbeh<br>
>> <<a href="mailto:roozbeh.shafiee@gmail.com">roozbeh.shafiee@gmail.com</a>> wrote:<br>
>> >@Christoph<br>
>> >Yes, I worked with this tool sometimes ago but I think that a web GUI<br>
>> >is<br>
>> >better for an administrator and our project because:<br>
>> ><br>
>> >- An administrator maybe doesn't access to a Linux desktop to work<br>
>> >with<br>
>> >fwbuilder but with his/her tablet or smartphone or even a Microsoft<br>
>> >Windows<br>
>> >OS can work with web GUI<br>
>> ><br>
>> If you can expose a web interface, you can expose ssh /VNC/VPN whatever to<br>
>> a machine where fwbuilder can run. Google Play provides apps for all of<br>
>> those and then some more<br>
>><br>
>> >- Designing and development of web GUI with HTML/CSS is faster and<br>
>> >easier<br>
>> >that using a framework like Qt or GTK<br>
>> ><br>
>> >- The world is going to web !<br>
>> And fwbuilder can run on your management workstation and push the rules to<br>
>> ANY server. Including the web server that you mentioned :)<br>
>><br>
><br>
</div><div class="quoted-text">> _______________________________________________<br>
> CentOS-devel mailing list<br>
> <a href="mailto:CentOS-devel@centos.org">CentOS-devel@centos.org</a><br>
> <a href="http://lists.centos.org/mailman/listinfo/centos-devel" target="_blank">http://lists.centos.org/mailman/listinfo/centos-devel</a><br>
><br>
<br>
<br>
<br>
</div><div class="quoted-text">--<br>
Eduardo Kaftanski<br>
<a href="mailto:eduardo@kdi.cl">eduardo@kdi.cl</a><br>
<a href="mailto:ekaftan@gmail.com">ekaftan@gmail.com</a><br>
</div><div class="elided-text">_______________________________________________<br>
CentOS-devel mailing list<br>
<a href="mailto:CentOS-devel@centos.org">CentOS-devel@centos.org</a><br>
<a href="http://lists.centos.org/mailman/listinfo/centos-devel" target="_blank">http://lists.centos.org/mailman/listinfo/centos-devel</a><br>
</div></blockquote></div>