Hello everybody is it any Firewall and UTM SIG based on IPTables and web interface in CentOS project? I would like to start this if is not exist. what's your idea?
I'd be interested in such a SIG. I manage a farm of a couple dozen CentOS boxes using Shorewall as an iptables generator, but the lack of a graphical interface is driving some of my clients to dedicated boxes, mostly Fortinet's.
I can help with some basic scripting and a looooooooot of QA and case testing.
On Fri, Mar 21, 2014 at 2:37 PM, Shafiee Roozbeh roozbeh.shafiee@gmail.com wrote:
Hello everybody is it any Firewall and UTM SIG based on IPTables and web interface in CentOS project? I would like to start this if is not exist. what's your idea?
-- Roozbeh Shafiee Linux/BSD System Administrator and Python Developer RoozbehShafiee.Com
CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
On 03/21/2014 06:55 PM, Eduardo Kaftanski wrote:
I'd be interested in such a SIG. I manage a farm of a couple dozen CentOS boxes using Shorewall as an iptables generator, but the lack of a graphical interface is driving some of my clients to dedicated boxes, mostly Fortinet's.
If you want a GUI check out http://fwbuilder.org EPEL has packages for Fedora but not for EL6. Fortunately the project offers (S)RPMs for EL6: http://sourceforge.net/projects/fwbuilder/files/Current_Packages/5.1.0/
The idea is to create firewall rules with the GUI and let the app validate them and finally push them via ssh/scp to your box(es).
HTH, Patrick
the goal is not a firewall rules generator like fwbuilder. I mentioned this before.
On Sat, Mar 22, 2014 at 6:53 PM, Patrick Laimbock patrick@laimbock.comwrote:
On 03/21/2014 06:55 PM, Eduardo Kaftanski wrote:
I'd be interested in such a SIG. I manage a farm of a couple dozen CentOS boxes using Shorewall as an iptables generator, but the lack of a graphical interface is driving some of my clients to dedicated
boxes,
mostly Fortinet's.
If you want a GUI check out http://fwbuilder.org EPEL has packages for Fedora but not for EL6. Fortunately the project offers (S)RPMs for EL6: http://sourceforge.net/projects/fwbuilder/files/Current_Packages/5.1.0/
The idea is to create firewall rules with the GUI and let the app validate them and finally push them via ssh/scp to your box(es).
HTH, Patrick _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
On 22 martie 2014 16:46:26 EET, Shafiee Roozbeh roozbeh.shafiee@gmail.com wrote:
the goal is not a firewall rules generator like fwbuilder. I mentioned this before.
And you still did not offer a comprehensive explanation of the real goal which you wish to achieve. BTW, everybody here knows the OSI layers as well as their mapping to the real world. There is no need to teach us what iptables does and which layer(s) see(s) its actions.
If you want real traction you should start with a set of scopes. For instance: a set of packages which on top of a CentOS installation would integrate - an antivirus module - an antispam module - a way to dinamically react to attacks and block them. Ideally this module should be able to imteract with remote sensors and trigger remote actions (mind that on purpose I said "trigger remote actions" and not "influence remote firewalls" or even "create iptables rules") - a module to monitor the activity of all other installed and activated modules - a teport module - a web based command and control interface which can interact with all the other modules. It should be able to install,remove,enable, disable and configure all the other modules.
So, can we move past "the goal is not" step and find out "what the complete goal is" ?
OK I explain it:
My goal is a Unified Treath Management (UTM) based on CentOS (Security SIG). this SIG has an ISO installation media (i686/x86_64) with both web and cli interface, but cli interface is for common tasks. for back-end we will use python and django web framework and we need a light web server like nginx and for front-end we will use HTML5/CSS3/jQuery
The features for this SIG will be: - basic and advanced wizard to initial configuration - HA and cluster feature - SNMP for monitoring - Management Network like Interfaces, Gateway, Static Route, DHCP, DNS, ARP, NAT, NameServers, Hostname &... - Accounting and Access users based on OpenLDAP integrated with Microsoft Active Directory - Access policies for each users - IPS/IDS firewalling based on mixed of IPTables, Snorby, Snort, Suricata, PulledPork and Pigsty - VPN to access users based on OpenVPN, PPTP, IPSec, L2TP - Filtering for Web/URL, Applications, IM and File Transfer - Defence System such as antivirus and antispam - Graphical Monitoring System for each part of system
of cource these are some of all features and they can change or add in future. but I have these in my mind right now. For set of packages there are too many option and we can discuss about it.
On Sat, Mar 22, 2014 at 7:44 PM, Manuel Wolfshant wolfy@nobugconsulting.rowrote:
On 22 martie 2014 16:46:26 EET, Shafiee Roozbeh roozbeh.shafiee@gmail.com wrote:
the goal is not a firewall rules generator like fwbuilder. I mentioned this before.
And you still did not offer a comprehensive explanation of the real goal which you wish to achieve. BTW, everybody here knows the OSI layers as well as their mapping to the real world. There is no need to teach us what iptables does and which layer(s) see(s) its actions.
If you want real traction you should start with a set of scopes. For instance: a set of packages which on top of a CentOS installation would integrate
- an antivirus module
- an antispam module
- a way to dinamically react to attacks and block them. Ideally this
module should be able to imteract with remote sensors and trigger remote actions (mind that on purpose I said "trigger remote actions" and not "influence remote firewalls" or even "create iptables rules")
- a module to monitor the activity of all other installed and activated
modules
- a teport module
- a web based command and control interface which can interact with all
the other modules. It should be able to install,remove,enable, disable and configure all the other modules.
So, can we move past "the goal is not" step and find out "what the complete goal is" ? _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
My goal is a Unified Treath Management (UTM) based on CentOS (Security SIG).
...
The features for this SIG will be:
I can see a bit of overlap with the SME/SLS (Simplified Linux Server) SIG regarding the user interface. The Security SIG could focus on best practices and proven configurations, suggesting good behavior and effective user interfaces to other SIGs.
I'd like to have a chat in #centos-devel IRC channel. Who'd be interested?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 03/24/2014 08:41 AM, Filippo Carletti wrote:
I'd like to have a chat in #centos-devel IRC channel. Who'd be interested?
When you have that meeting, could you use 'centbot' to log the meeting, ideas, information, and decisions?
http://libflow.com/d/qqzcb216/IRC-MEETBOT_Syntax_Cheat_Sheet https://wiki.debian.org/MeetBot
- - Karsten - -- Karsten 'quaid' Wade .^\ CentOS Doer of Stuff http://TheOpenSourceWay.org \ http://community.redhat.com @quaid (identi.ca/twitter/IRC) \v' gpg: AD0E0C41
OK Filippo when do we can have a meeting in IRC channel? my nickname is: RoozbehShafiee and I'll be glad to talk to you
:)
On Mon, Mar 24, 2014 at 8:11 PM, Filippo Carletti < filippo.carletti@gmail.com> wrote:
My goal is a Unified Treath Management (UTM) based on CentOS (Security
SIG). ...
The features for this SIG will be:
I can see a bit of overlap with the SME/SLS (Simplified Linux Server) SIG regarding the user interface. The Security SIG could focus on best practices and proven configurations, suggesting good behavior and effective user interfaces to other SIGs.
I'd like to have a chat in #centos-devel IRC channel. Who'd be interested?
-- Ciao, Filippo _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
Sorry to re-open this long and old thread, but, even if there's still no agreement on a potential Firewall SIG, I'd like to receive comments from experienced CentOS developers about the work we did trying to simplify (if possible) a firewall interface. Those interested could quickly try a demo (hosted or using docker): http://www.nethserver.org/demo-running-on-docker/
After log in, head to Firewall rules (and objects).
Known problems: leaving the page without firewall rules ask to confirm (it's a problem of the docker demo)
Please, let me know your opinions.
As you can see, I'm still interested in creating a SIG centered around using CentOS as a firewall. :-)
is it any Firewall and UTM SIG based on IPTables and web interface in CentOS project? I would like to start this if is not exist. what's your idea?
I'd join you. I'm already working on NethServer (www.nethserver.org), the UTM firewall module is still in beta but we'll release something next week. We already have a gui for port forwarding and a web proxy based on squid with tproxy and optional port 443 transparent interception. I'm already using alpha versions of snort ips and wan failover. We use shorewall as "mid layer" above iptables.
On Fri, Mar 21, 2014 at 07:06:03PM +0100, Filippo Carletti wrote:
is it any Firewall and UTM SIG based on IPTables and web interface in CentOS project? I would like to start this if is not exist. what's your idea?
I'd join you. I'm already working on NethServer (www.nethserver.org), the UTM firewall module is still in beta but we'll release something next week. We already have a gui for port forwarding and a web proxy based on squid with tproxy and optional port 443 transparent interception. I'm already using alpha versions of snort ips and wan failover. We use shorewall as "mid layer" above iptables.
It would be really cool to have something like pfsense built on top of linux/CentOS!
Im so happy with this other buddies reaction. in 10 minutes 4 developer and administrator announce their contribution in this project.
@Bryan yes I inspired this project from pfsense and some of my projects based on FreeBSD/NanoBSD in previous company which I worked for. now our plan is based on Linux and CentOS
@Filipo we will use your experiences and your source (if your license let us) for this project
@Eduardo yes , you are right ! lack of an interface for iptables is problem of most server administrators and users. our goal in this project and SIG is providing an integrated solution for firewalling and security.
On Fri, Mar 21, 2014 at 9:41 PM, Bryan Seitz seitz@bsd-unix.net wrote:
On Fri, Mar 21, 2014 at 07:06:03PM +0100, Filippo Carletti wrote:
is it any Firewall and UTM SIG based on IPTables and web interface in
CentOS
project? I would like to start this if is not exist. what's your idea?
I'd join you. I'm already working on NethServer (www.nethserver.org), the UTM firewall module is still in beta but we'll release something next week. We already have a gui for port forwarding and a web proxy based on squid with tproxy and optional port 443 transparent interception. I'm already using alpha versions of snort ips and wan failover. We use shorewall as "mid layer" above iptables.
It would be really cool to have something like pfsense built on top of linux/CentOS!
--
Bryan G. Seitz _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
we will use your experiences and your source (if your license let us) for this project
All NethServer code is GPL licensed. Development is open, discussion is public, decisions are taken openly.
We started discussing the firewall last year, but we didn't progress a lot: https://groups.google.com/d/msg/nethserver/uaeSXPTwa14/B0xazB9IkH0J
Some documentation on what we have now is here: http://dev.nethserver.org/projects/nethserver/wiki/Gateway_Design
If you want to test something, adding the gui to CentOS is explained here: http://docs.nethserver.org/installation.html#install-on-centos
@Filippo seems good, at least we can imagine that we have a base for this SIG Before everything, we need our base tools that CentOS project can give us to keeping go on our discusses and start the project I think that a separate mailing list and a Git repository can help us in this phase and join other guys to us there.
@CentOS-Core-Team is there anybody from core-team here ? can you hear us? :)
On Fri, Mar 21, 2014 at 10:30 PM, Filippo Carletti < filippo.carletti@gmail.com> wrote:
we will use your experiences and your source (if your license let us) for this project
All NethServer code is GPL licensed. Development is open, discussion is public, decisions are taken openly.
We started discussing the firewall last year, but we didn't progress a lot: https://groups.google.com/d/msg/nethserver/uaeSXPTwa14/B0xazB9IkH0J
Some documentation on what we have now is here: http://dev.nethserver.org/projects/nethserver/wiki/Gateway_Design
If you want to test something, adding the gui to CentOS is explained here: http://docs.nethserver.org/installation.html#install-on-centos
-- Ciao, Filippo _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
Just as a suggestion - I don't know about the licensing, but would it be worth a look to bring new live to fwbuilder from netcitadel? The core developer left there some time ago, and the tool is really good. http://www.fwbuilder.org/
It could be worth the inquiry ...
cheers Christoph
Am 21.03.2014 18:37, schrieb Shafiee Roozbeh:
Hello everybody is it any Firewall and UTM SIG based on IPTables and web interface in CentOS project? I would like to start this if is not exist. what's your idea?
-- Roozbeh Shafiee Linux/BSD System Administrator and Python Developer RoozbehShafiee.Com http://RoozbehShafiee.Com
CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
On 21 martie 2014 22:24:02 EET, Christoph Galuschka tigalch@tigalch.org wrote:
Just as a suggestion - I don't know about the licensing, but would it be worth a look to bring new live to fwbuilder from netcitadel? The core developer left there some time ago, and the tool is really good. http://www.fwbuilder.org/
It could be worth the inquiry ...
Especially as it has the best GUI I have seen ...
cheers Christoph
Am 21.03.2014 18:37, schrieb Shafiee Roozbeh:
Hello everybody is it any Firewall and UTM SIG based on IPTables and web interface in CentOS project? I would like to start this if is not exist. what's your idea?
-- Roozbeh Shafiee Linux/BSD System Administrator and Python Developer RoozbehShafiee.Com http://RoozbehShafiee.Com
CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
Am 21.03.2014 21:35, schrieb Manuel Wolfshant:
On 21 martie 2014 22:24:02 EET, Christoph Galuschka tigalch@tigalch.org wrote:
Just as a suggestion - I don't know about the licensing, but would it be worth a look to bring new live to fwbuilder from netcitadel? The core developer left there some time ago, and the tool is really good. http://www.fwbuilder.org/
It could be worth the inquiry ...
Especially as it has the best GUI I have seen ...
and it is proven to allready work on C6, as there allready is an RPM available.
--- Diese E-Mail ist frei von Viren und Malware, denn der avast! Antivirus Schutz ist aktiv. http://www.avast.com
@Christoph Yes, I worked with this tool sometimes ago but I think that a web GUI is better for an administrator and our project because:
- An administrator maybe doesn't access to a Linux desktop to work with fwbuilder but with his/her tablet or smartphone or even a Microsoft Windows OS can work with web GUI
- Designing and development of web GUI with HTML/CSS is faster and easier that using a framework like Qt or GTK
- The world is going to web ! On Mar 22, 2014 1:05 AM, "Manuel Wolfshant" wolfy@nobugconsulting.ro wrote:
On 21 martie 2014 22:24:02 EET, Christoph Galuschka tigalch@tigalch.org wrote:
Just as a suggestion - I don't know about the licensing, but would it be worth a look to bring new live to fwbuilder from netcitadel? The core developer left there some time ago, and the tool is really good. http://www.fwbuilder.org/
It could be worth the inquiry ...
Especially as it has the best GUI I have seen ...
cheers Christoph
Am 21.03.2014 18:37, schrieb Shafiee Roozbeh:
Hello everybody is it any Firewall and UTM SIG based on IPTables and web interface in CentOS project? I would like to start this if is not exist. what's your idea?
-- Roozbeh Shafiee Linux/BSD System Administrator and Python Developer RoozbehShafiee.Com http://RoozbehShafiee.Com
CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
On Sat, Mar 22, 2014 at 01:20:39AM +0430, Shafiee Roozbeh wrote:
@Christoph Yes, I worked with this tool sometimes ago but I think that a web GUI is better for an administrator and our project because:
- An administrator maybe doesn't access to a Linux desktop to work with
fwbuilder but with his/her tablet or smartphone or even a Microsoft Windows OS can work with web GUI
- Designing and development of web GUI with HTML/CSS is faster and easier that
using a framework like Qt or GTK
- The world is going to web !
Yes, 100% agree having a linux GUI is about worthless. A web ui provides multi platform admin support.
On 21 martie 2014 22:50:39 EET, Shafiee Roozbeh roozbeh.shafiee@gmail.com wrote:
@Christoph Yes, I worked with this tool sometimes ago but I think that a web GUI is better for an administrator and our project because:
- An administrator maybe doesn't access to a Linux desktop to work
with fwbuilder but with his/her tablet or smartphone or even a Microsoft Windows OS can work with web GUI
If you can expose a web interface, you can expose ssh /VNC/VPN whatever to a machine where fwbuilder can run. Google Play provides apps for all of those and then some more
- Designing and development of web GUI with HTML/CSS is faster and
easier that using a framework like Qt or GTK
- The world is going to web !
And fwbuilder can run on your management workstation and push the rules to ANY server. Including the web server that you mentioned :)
@Manuel Our goal is not IPtables rule generator ! We are talking about a version of CentOS that provide unified threat management which will be install on a device or server. On this machine except iptables we need proxy and caching service like squid and some tools else. Firewalling is one of our goal... :-) On Mar 22, 2014 1:51 AM, "Manuel Wolfshant" wolfy@nobugconsulting.ro wrote:
On 21 martie 2014 22:50:39 EET, Shafiee Roozbeh roozbeh.shafiee@gmail.com wrote:
@Christoph Yes, I worked with this tool sometimes ago but I think that a web GUI is better for an administrator and our project because:
- An administrator maybe doesn't access to a Linux desktop to work
with fwbuilder but with his/her tablet or smartphone or even a Microsoft Windows OS can work with web GUI
If you can expose a web interface, you can expose ssh /VNC/VPN whatever to a machine where fwbuilder can run. Google Play provides apps for all of those and then some more
- Designing and development of web GUI with HTML/CSS is faster and
easier that using a framework like Qt or GTK
- The world is going to web !
And fwbuilder can run on your management workstation and push the rules to ANY server. Including the web server that you mentioned :)
On 03/21/2014 11:36 PM, Shafiee Roozbeh wrote:
@Manuel Our goal is not IPtables rule generator ! We are talking about a version of CentOS that provide unified threat management which will be install on a device or server.
And so far - except for the yet incomplete module from NethServer - all the talk was around various rules generators.
Could you please explain in more words what you wish to accomplish ? UTM is a great buzzword and integrating under the same umbrella firewall management and UTM is not trivial. Especially in a clustered world where part of the firewalling is done via appliances from various providers such as Cisco, Juniper, Vyatta, Sonicwall and Bluecoat
On this machine except iptables we need proxy and caching service like squid and some tools else.
Exactly my point. What other tools do you have in mind ? And WHY do you need proxy / caching on this machine ? My main proxy for instance is quite far from some of the border firewalls. Up to 5000 km away. And being able to maintain the firewall rules in a single place and push them as needed is handy
Firewalling is one of our goal... :-)
All right. And what other goals are there ?
On Mar 22, 2014 1:51 AM, "Manuel Wolfshant" <wolfy@nobugconsulting.ro mailto:wolfy@nobugconsulting.ro> wrote:
On 21 martie 2014 22:50:39 EET, Shafiee Roozbeh <roozbeh.shafiee@gmail.com <mailto:roozbeh.shafiee@gmail.com>> wrote: >@Christoph >Yes, I worked with this tool sometimes ago but I think that a web GUI >is >better for an administrator and our project because: > >- An administrator maybe doesn't access to a Linux desktop to work >with >fwbuilder but with his/her tablet or smartphone or even a Microsoft >Windows >OS can work with web GUI > If you can expose a web interface, you can expose ssh /VNC/VPN whatever to a machine where fwbuilder can run. Google Play provides apps for all of those and then some more >- Designing and development of web GUI with HTML/CSS is faster and >easier >that using a framework like Qt or GTK > >- The world is going to web ! And fwbuilder can run on your management workstation and push the rules to ANY server. Including the web server that you mentioned :)
IPTables works at OSI layer 3/4. It only deals with IP addresses, port numbers, protocols. In layer 7, the application layer to filter contents and URLs we need to use a proxy server like squid. Also for caching contents in a network, squid will be used.
Also in a UTM antivirus and antispam are the tools which will be use. VPN, IPS/IDS &... Are the other features that a standard UTM should support.
In this topic we are talking about main subjects of CentOS Security SIG, not about technical features.
:-) On Mar 22, 2014 2:30 AM, "Manuel Wolfshant" wolfy@nobugconsulting.ro wrote:
On 03/21/2014 11:36 PM, Shafiee Roozbeh wrote:
@Manuel Our goal is not IPtables rule generator ! We are talking about a version of CentOS that provide unified threat management which will be install on a device or server.
And so far - except for the yet incomplete module from NethServer - all the talk was around various rules generators.
Could you please explain in more words what you wish to accomplish ? UTM is a great buzzword and integrating under the same umbrella firewall management and UTM is not trivial. Especially in a clustered world where part of the firewalling is done via appliances from various providers such as Cisco, Juniper, Vyatta, Sonicwall and Bluecoat
On this machine except iptables we need proxy and caching service like squid and some tools else.
Exactly my point. What other tools do you have in mind ? And WHY do you need proxy / caching on this machine ? My main proxy for instance is quite far from some of the border firewalls. Up to 5000 km away. And being able to maintain the firewall rules in a single place and push them as needed is handy
Firewalling is one of our goal... :-)
All right. And what other goals are there ?
On Mar 22, 2014 1:51 AM, "Manuel Wolfshant" wolfy@nobugconsulting.ro wrote:
On 21 martie 2014 22:50:39 EET, Shafiee Roozbeh < roozbeh.shafiee@gmail.com> wrote:
@Christoph Yes, I worked with this tool sometimes ago but I think that a web GUI is better for an administrator and our project because:
- An administrator maybe doesn't access to a Linux desktop to work
with fwbuilder but with his/her tablet or smartphone or even a Microsoft Windows OS can work with web GUI
If you can expose a web interface, you can expose ssh /VNC/VPN whatever to a machine where fwbuilder can run. Google Play provides apps for all of those and then some more
- Designing and development of web GUI with HTML/CSS is faster and
easier that using a framework like Qt or GTK
- The world is going to web !
And fwbuilder can run on your management workstation and push the rules to ANY server. Including the web server that you mentioned :)
CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
Can I elaborate a bit on what I would like this SIG to provide?
-An integrated web console for object oriented (objects being servers, pc-workstations and people) network access manager. This console would get installed in a centralized server (maybe a small VM on whatever virtualization system you have)
-A small dedicated CentOS server that you can install over comodity hardware. This would be an 'almost zero config' server. You only need to specify the IP for the admin interface and the IP for the central admin-server
-This small servers can act as firewalls, mail proxys, antiviruses, web proxies, DNS, etc.
-Small network? One small VM for the adminserver + one box doing firewall, proxy, mx, snort, etc.
-Growing up? install a second box. Select proxy off for box 1 on the admin console, select proxy on on the second box. Select 'transparent on'. Select antivirus on. Click apply. Box one is no longer your proxy but transparently redirects proxy traffic to box two, now your proxy.
yes, I am a crazy dreamer, but its like Asterisk... if you want a very small cheap PBX you can buy a Panasonic for US$500. You need Asterisk when you want the strange and crazy features.
you dont install a CentOS firewall for a tiny network. A small WRT box works better is more stable and its way cheaper. You need a CentOS box when you are doing strange things, like balancinh, HA, multiview DNS, multiple ISP links, openvpn servers, ipsec, etc..
Ah... at least down here customers place MUCH more weight on the ability to selectively block access to their own people than protecting from outside attacks and 90% of the configurations I make have no external access at all. All they care is to be able to allow and block youtube and facebook with a mouse click.
On Fri, Mar 21, 2014 at 6:36 PM, Shafiee Roozbeh roozbeh.shafiee@gmail.com wrote:
@Manuel Our goal is not IPtables rule generator ! We are talking about a version of CentOS that provide unified threat management which will be install on a device or server. On this machine except iptables we need proxy and caching service like squid and some tools else. Firewalling is one of our goal... :-)
On Mar 22, 2014 1:51 AM, "Manuel Wolfshant" wolfy@nobugconsulting.ro wrote:
On 21 martie 2014 22:50:39 EET, Shafiee Roozbeh roozbeh.shafiee@gmail.com wrote:
@Christoph Yes, I worked with this tool sometimes ago but I think that a web GUI is better for an administrator and our project because:
- An administrator maybe doesn't access to a Linux desktop to work
with fwbuilder but with his/her tablet or smartphone or even a Microsoft Windows OS can work with web GUI
If you can expose a web interface, you can expose ssh /VNC/VPN whatever to a machine where fwbuilder can run. Google Play provides apps for all of those and then some more
- Designing and development of web GUI with HTML/CSS is faster and
easier that using a framework like Qt or GTK
- The world is going to web !
And fwbuilder can run on your management workstation and push the rules to ANY server. Including the web server that you mentioned :)
CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
-
Bryan Seitz -
Christoph Galuschka -
Eduardo Kaftanski -
Filippo Carletti -
Karsten Wade -
Manuel Wolfshant -
Patrick Laimbock -
Shafiee Roozbeh