Can I elaborate a bit on what I would like this SIG to provide?
-An integrated web console for object oriented (objects being servers, pc-workstations and people) network access manager. This console would get installed in a centralized server (maybe a small VM on whatever virtualization system you have)
-A small dedicated CentOS server that you can install over comodity hardware. This would be an 'almost zero config' server. You only need to specify the IP for the admin interface and the IP for the central admin-server
-This small servers can act as firewalls, mail proxys, antiviruses, web proxies, DNS, etc.
-Small network? One small VM for the adminserver + one box doing firewall, proxy, mx, snort, etc.
-Growing up? install a second box. Select proxy off for box 1 on the admin console, select proxy on on the second box. Select 'transparent on'. Select antivirus on. Click apply. Box one is no longer your proxy but transparently redirects proxy traffic to box two, now your proxy.
yes, I am a crazy dreamer, but its like Asterisk... if you want a very small cheap PBX you can buy a Panasonic for US$500. You need Asterisk when you want the strange and crazy features.
you dont install a CentOS firewall for a tiny network. A small WRT box works better is more stable and its way cheaper. You need a CentOS box when you are doing strange things, like balancinh, HA, multiview DNS, multiple ISP links, openvpn servers, ipsec, etc..
Ah... at least down here customers place MUCH more weight on the ability to selectively block access to their own people than protecting from outside attacks and 90% of the configurations I make have no external access at all. All they care is to be able to allow and block youtube and facebook with a mouse click.
On Fri, Mar 21, 2014 at 6:36 PM, Shafiee Roozbeh roozbeh.shafiee@gmail.com wrote:
@Manuel Our goal is not IPtables rule generator ! We are talking about a version of CentOS that provide unified threat management which will be install on a device or server. On this machine except iptables we need proxy and caching service like squid and some tools else. Firewalling is one of our goal... :-)
On Mar 22, 2014 1:51 AM, "Manuel Wolfshant" wolfy@nobugconsulting.ro wrote:
On 21 martie 2014 22:50:39 EET, Shafiee Roozbeh roozbeh.shafiee@gmail.com wrote:
@Christoph Yes, I worked with this tool sometimes ago but I think that a web GUI is better for an administrator and our project because:
- An administrator maybe doesn't access to a Linux desktop to work
with fwbuilder but with his/her tablet or smartphone or even a Microsoft Windows OS can work with web GUI
If you can expose a web interface, you can expose ssh /VNC/VPN whatever to a machine where fwbuilder can run. Google Play provides apps for all of those and then some more
- Designing and development of web GUI with HTML/CSS is faster and
easier that using a framework like Qt or GTK
- The world is going to web !
And fwbuilder can run on your management workstation and push the rules to ANY server. Including the web server that you mentioned :)
CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel