Is there an Apache tool to manage firewalld on a headless server?
I am looking forward to my next Centos project which is to replace my Juniper SSG5 firewall...
And along that line, what overlap, if any between firewalld and Suricata?
thank you
I recently converted my employer's firewall from pure iptabes to firewalld and looked for something similar, more along the lines of webmin, etc. I didn't find anything close to a match. In the end, it all came down to getting comfortable with "firewall-cmd" in the shell.
Haven't used suricata, so nothing to add there.
On Mon, Mar 27, 2017 at 3:03 PM, Robert Moskowitz rgm@htt-consult.com wrote:
Is there an Apache tool to manage firewalld on a headless server?
I am looking forward to my next Centos project which is to replace my Juniper SSG5 firewall...
And along that line, what overlap, if any between firewalld and Suricata?
thank you
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On 03/27/2017 03:24 PM, Mike wrote:
I recently converted my employer's firewall from pure iptabes to firewalld and looked for something similar, more along the lines of webmin, etc. I didn't find anything close to a match. In the end, it all came down to getting comfortable with "firewall-cmd" in the shell.
I have been digging and found that Fedora includes Cockpit, but I don't know all it supports. Probably should ask over on Fedora list...
Haven't used suricata, so nothing to add there.
On Mon, Mar 27, 2017 at 3:03 PM, Robert Moskowitz rgm@htt-consult.com wrote:
Is there an Apache tool to manage firewalld on a headless server?
I am looking forward to my next Centos project which is to replace my Juniper SSG5 firewall...
And along that line, what overlap, if any between firewalld and Suricata?
thank you
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
I don't think it's going to give you a web-based firewall configuration tool. It does allow you to control/configure networking hardware and devices via NetworkManager, but I don't believe it goes further than that for networking. Ironically, it does provide a an ssh-like session terminal where you can get directly logged in and use firewall-cmd. :-) http://cockpit-project.org/guide/latest/feature-terminal.html
On Mon, Mar 27, 2017 at 4:46 PM, Robert Moskowitz rgm@htt-consult.com wrote:
On 03/27/2017 03:24 PM, Mike wrote:
I recently converted my employer's firewall from pure iptabes to firewalld and looked for something similar, more along the lines of webmin, etc. I didn't find anything close to a match. In the end, it all came down to getting comfortable with "firewall-cmd" in the shell.
I have been digging and found that Fedora includes Cockpit, but I don't know all it supports. Probably should ask over on Fedora list...
Haven't used suricata, so nothing to add there.
On Mon, Mar 27, 2017 at 3:03 PM, Robert Moskowitz rgm@htt-consult.com wrote:
Is there an Apache tool to manage firewalld on a headless server?
I am looking forward to my next Centos project which is to replace my Juniper SSG5 firewall...
And along that line, what overlap, if any between firewalld and Suricata?
thank you
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On Mon, March 27, 2017 3:58 pm, Mike wrote:
I don't think it's going to give you a web-based firewall configuration tool.
Firewall/router system I use is pfSense:
It has nice web interface for configuration of everything, based on FreeBSD (very slim, lightweight, small footprint). Has a lot what you may want to have in router box, including VPN,... If OP is not married to what he currently uses I would recommend to try pfSense.
Good luck!
Valeri
It does allow you to control/configure networking hardware and devices via NetworkManager, but I don't believe it goes further than that for networking. Ironically, it does provide a an ssh-like session terminal where you can get directly logged in and use firewall-cmd. :-) http://cockpit-project.org/guide/latest/feature-terminal.html
On Mon, Mar 27, 2017 at 4:46 PM, Robert Moskowitz rgm@htt-consult.com wrote:
On 03/27/2017 03:24 PM, Mike wrote:
I recently converted my employer's firewall from pure iptabes to firewalld and looked for something similar, more along the lines of webmin, etc. I didn't find anything close to a match. In the end, it all came down to getting comfortable with "firewall-cmd" in the shell.
I have been digging and found that Fedora includes Cockpit, but I don't know all it supports. Probably should ask over on Fedora list...
Haven't used suricata, so nothing to add there.
On Mon, Mar 27, 2017 at 3:03 PM, Robert Moskowitz rgm@htt-consult.com wrote:
Is there an Apache tool to manage firewalld on a headless server?
I am looking forward to my next Centos project which is to replace my Juniper SSG5 firewall...
And along that line, what overlap, if any between firewalld and Suricata?
thank you
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On 27/03/17 22:43, Valeri Galtsev wrote:
On Mon, March 27, 2017 3:58 pm, Mike wrote:
I don't think it's going to give you a web-based firewall configuration tool.
Firewall/router system I use is pfSense:
It has nice web interface for configuration of everything, based on FreeBSD (very slim, lightweight, small footprint). Has a lot what you may want to have in router box, including VPN,... If OP is not married to what he currently uses I would recommend to try pfSense.
Good luck!
Valeri
Or just buy a dedicated router/firewall box. The Ubiquiti EdgeRouter Lite 3 is a true gigabit router/firewall that runs iptables and has a very nice web interface, all for under $100. Also highly recommended.
-----Original Message----- From: CentOS [mailto:centos-bounces@centos.org] On Behalf Of Valeri Galtsev Sent: den 27 mars 2017 23:43 To: CentOS mailing list centos@centos.org Subject: Re: [CentOS] firewalld management on a headless server
On Mon, March 27, 2017 3:58 pm, Mike wrote:
I don't think it's going to give you a web-based firewall configuration tool.
Firewall/router system I use is pfSense:
It has nice web interface for configuration of everything, based on FreeBSD (very slim, lightweight, small footprint). Has a lot what you may want to have in router box, including VPN,... If OP is not married to what he currently uses I would recommend to try pfSense.
That reminded me about Smoothwall I used to use a few years back. Wasn't pfsense related to Smoothwall, maybe even a fork?
On 3/27/2017 10:20 PM, Sorin Srbu wrote:
That reminded me about Smoothwall I used to use a few years back. Wasn't pfsense related to Smoothwall, maybe even a fork?
smoothwall is linux based.
m0n0wall was a BSD firewall that pfSense forked from back in 2004.
-----Original Message----- From: CentOS [mailto:centos-bounces@centos.org] On Behalf Of John R Pierce Sent: den 28 mars 2017 09:28 To: centos@centos.org Subject: Re: [CentOS] firewalld management on a headless server
On 3/27/2017 10:20 PM, Sorin Srbu wrote:
That reminded me about Smoothwall I used to use a few years back. Wasn't pfsense related to Smoothwall, maybe even a fork?
smoothwall is linux based.
m0n0wall was a BSD firewall that pfSense forked from back in 2004.
Ah, my mistake. Thanks for the heads up.
Hi,
I recently converted my employer's firewall from pure iptabes to firewalld and looked for something similar, more along the lines of webmin, etc.
funny, my webmin installation on a banana-pi has webmin 1.831, which has support for firewalld.
I am not sure, but I believe I got it directly from www.webmin.com.
best regards --- Michael Schumacher
Nice catch, Mr. Schumacher ---> The following modules are included as standard with release 1.831 of Webmin. FirewallD firewalld.wbm.gz Configure a Linux firewall using FirewallD, by editing allowed services and ports.
This is likely the right tool for the job.
On Mon, Mar 27, 2017 at 5:00 PM, Michael Schumacher michael.schumacher@pamas.de wrote:
Hi,
I recently converted my employer's firewall from pure iptabes to firewalld and looked for something similar, more along the lines of webmin, etc.
funny, my webmin installation on a banana-pi has webmin 1.831, which has support for firewalld.
I am not sure, but I believe I got it directly from www.webmin.com.
best regards
Michael Schumacher
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
yum (CentOS/RedHat/Fedora)
By adding the Webmin repository and Jamie Cameron's key, it is possible to install & maintain the latest Webmin/Usermin versions.
The following will install the latest Webmin version by adding the webmin-repo and corresponding GPG key. Yum will resolve all the necessary dependancies.
Just Cut&Paste the entire text below and hit enter/return:
(echo "[Webmin] name=Webmin Distribution Neutral baseurl=http://download.webmin.com/download/yum enabled=1 gpgcheck=1 gpgkey=http://www.webmin.com/jcameron-key.asc" >/etc/yum.repos.d/webmin.repo; yum -y install webmin)
Mike wrote:
Nice catch, Mr. Schumacher ---> The following modules are included as standard with release 1.831 of Webmin. FirewallD firewalld.wbm.gz Configure a Linux firewall using FirewallD, by editing allowed services and ports.
This is likely the right tool for the job.
Webmin used to be considered insecure, and people would scream and yell if you suggested using it. Has that changed?
mark
On 03/27/2017 02:31 PM, m.roth@5-cent.us wrote:
Has that changed?
That answer is probably subjective. I'll probably never trust it, but the number of recent known critical exploits isn't as high as it used to be:
https://www.cvedetails.com/vulnerability-list/vendor_id-358/Webmin.html
Am 27.03.2017 um 21:03 schrieb Robert Moskowitz rgm@htt-consult.com:
Is there an Apache tool to manage firewalld on a headless server?
I am looking forward to my next Centos project which is to replace my Juniper SSG5 firewall...
And along that line, what overlap, if any between firewalld and Suricata?
We have good results with http://www.shorewall.net/ an iptables "abstraction". Despite its not a GUI, the streamlined configuration helps to be effective.
-- LF
On 03/29/2017 07:38 AM, Leon Fauster wrote:
Am 27.03.2017 um 21:03 schrieb Robert Moskowitz rgm@htt-consult.com:
Is there an Apache tool to manage firewalld on a headless server?
I am looking forward to my next Centos project which is to replace my Juniper SSG5 firewall...
And along that line, what overlap, if any between firewalld and Suricata?
We have good results with http://www.shorewall.net/ an iptables "abstraction". Despite its not a GUI, the streamlined configuration helps to be effective.
From what I can determine, it is still iptables. Not firewalld.
On Wed, 29 Mar 2017, Robert Moskowitz wrote:
On 03/29/2017 07:38 AM, Leon Fauster wrote:
We have good results with http://www.shorewall.net/ an iptables "abstraction". Despite its not a GUI, the streamlined configuration helps to be effective.
From what I can determine, it is still iptables. Not firewalld.
That's what Leon said, shorewall is an iptables abstraction, and iptables is a command that manipulates netfilter.
FirewallD is similar in that it abstracts and simplifies using netfilter without using the iptables command. Which has a GUI that can be used remotely but it is not web based as requested. Fedora's CoPilot probably has a module for it, but I don't know that it can be used with a CentOS based server. Webmin likely has a module for it by now.
/mark
On 30 March 2017 at 19:47, Mark Milhollan mlm@pixelgate.net wrote:
On Wed, 29 Mar 2017, Robert Moskowitz wrote:
On 03/29/2017 07:38 AM, Leon Fauster wrote:
We have good results with http://www.shorewall.net/ an iptables "abstraction". Despite its not a GUI, the streamlined configuration helps to be effective.
From what I can determine, it is still iptables. Not firewalld.
That's what Leon said, shorewall is an iptables abstraction, and iptables is a command that manipulates netfilter.
FirewallD is similar in that it abstracts and simplifies using netfilter without using the iptables command. Which has a GUI that can be used remotely but it is not web based as requested. Fedora's CoPilot probably has a module for it, but I don't know that it can be used with a CentOS based server. Webmin likely has a module for it by now.
Minor correction here ... firewalld is an iptables abstraction like shorewall and it doesn't link into netfilter directly.
You can see that here:
https://github.com/t-woerner/firewalld/blob/master/src/firewall/core/ipXtabl...
-
Gordon Messmer -
James Hogarth -
John R Pierce -
Leon Fauster -
m.roth@5-cent.us -
Mark Milhollan -
Michael Schumacher -
Mike -
Ned Slider -
Robert Moskowitz -
Sorin Srbu -
Valeri Galtsev