[CentOS-devel] CentOS Firewall and UTM SIG

Fri Mar 21 22:00:47 UTC 2014
Manuel Wolfshant <wolfy at nobugconsulting.ro>

On 03/21/2014 11:36 PM, Shafiee Roozbeh wrote:
> @Manuel
> Our goal is not IPtables rule generator ! We are talking about a 
> version of CentOS that provide unified threat management which will be 
> install on a device or server.
And so far - except for the yet incomplete module from NethServer - all 
the talk was around various rules generators.

Could you please explain in more words what you wish to accomplish ? UTM is a great buzzword and integrating under the same umbrella firewall management and UTM is not trivial. Especially in a clustered world where part of the firewalling is done via appliances from various providers such as Cisco, Juniper, Vyatta, Sonicwall and Bluecoat

> On this machine except iptables we need proxy and caching service like 
> squid and some tools else.
Exactly my point. What other tools do you have in mind ? And WHY do you 
need proxy / caching on this machine ? My main proxy for instance is 
quite far from some of the border firewalls. Up to 5000 km away. And 
being able to maintain the firewall rules in a single place and push 
them as needed is handy

> Firewalling is one of our goal...
> :-)
All right. And what other goals are there ?

> On Mar 22, 2014 1:51 AM, "Manuel Wolfshant" <wolfy at nobugconsulting.ro 
> <mailto:wolfy at nobugconsulting.ro>> wrote:
>     On 21 martie 2014 22:50:39 EET, Shafiee Roozbeh
>     <roozbeh.shafiee at gmail.com <mailto:roozbeh.shafiee at gmail.com>> wrote:
>     >@Christoph
>     >Yes, I worked with this tool sometimes ago but I think that a web GUI
>     >is
>     >better for an administrator and our project because:
>     >
>     >- An administrator maybe doesn't access to a Linux  desktop to work
>     >with
>     >fwbuilder but with his/her tablet or smartphone or even a Microsoft
>     >Windows
>     >OS can work with web GUI
>     >
>     If you can expose a web interface, you can expose ssh /VNC/VPN
>     whatever to a machine where fwbuilder can run. Google Play
>     provides apps for all of those and then some more
>     >- Designing and development of web GUI with HTML/CSS is faster and
>     >easier
>     >that using a framework like Qt or GTK
>     >
>     >- The world is going to web !
>     And fwbuilder can run on your management workstation and push the
>     rules to ANY server. Including the web server that you mentioned :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140322/a7423168/attachment-0005.html>