IPTables works at OSI layer 3/4. It only deals with IP addresses, port numbers, protocols. In layer 7, the application layer to filter contents and URLs we need to use a proxy server like squid. Also for caching contents in a network, squid will be used.

Also in a UTM antivirus and antispam are the tools which will be use. VPN, IPS/IDS &... Are the other features that a standard UTM should support.

In this topic we are talking about main subjects of CentOS Security SIG, not about technical features.

:-)

On Mar 22, 2014 2:30 AM, "Manuel Wolfshant" <wolfy@nobugconsulting.ro> wrote:
On 03/21/2014 11:36 PM, Shafiee Roozbeh wrote:

@Manuel
Our goal is not IPtables rule generator ! We are talking about a version of CentOS that provide unified threat management which will be install on a device or server.

And so far - except for the yet incomplete module from NethServer - all the talk was around various rules generators.
Could you please explain in more words what you wish to accomplish ? UTM is a great buzzword and integrating under the same umbrella firewall management and UTM is not trivial. Especially in a clustered world where part of the firewalling is done via appliances from various providers such as Cisco, Juniper, Vyatta, Sonicwall and Bluecoat



On this machine except iptables we need proxy and caching service like squid and some tools else.

Exactly my point. What other tools do you have in mind ? And WHY do you need proxy / caching on this machine ? My main proxy for instance is quite far from some of the border firewalls. Up to 5000 km away. And being able to maintain the firewall rules in a single place and push them as needed is handy


Firewalling is one of our goal...
:-)

All right. And what other goals are there ?




On Mar 22, 2014 1:51 AM, "Manuel Wolfshant" <wolfy@nobugconsulting.ro> wrote:


On 21 martie 2014 22:50:39 EET, Shafiee Roozbeh <roozbeh.shafiee@gmail.com> wrote:
>@Christoph
>Yes, I worked with this tool sometimes ago but I think that a web GUI
>is
>better for an administrator and our project because:
>
>- An administrator maybe doesn't access to a Linux  desktop to work
>with
>fwbuilder but with his/her tablet or smartphone or even a Microsoft
>Windows
>OS can work with web GUI
>
If you can expose a web interface, you can expose ssh /VNC/VPN whatever to a machine where fwbuilder can run. Google Play provides apps for all of those and then some more

>- Designing and development of web GUI with HTML/CSS is faster and
>easier
>that using a framework like Qt or GTK
>
>- The world is going to web !
And fwbuilder can run on your management workstation and push the rules to ANY server. Including the web server that you mentioned :)


_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel