[CentOS-devel] CentOS Firewall and UTM SIG

Fri Mar 21 22:41:49 UTC 2014
Shafiee Roozbeh <roozbeh.shafiee at gmail.com>

IPTables works at OSI layer 3/4. It only deals with IP addresses, port
numbers, protocols. In layer 7, the application layer to filter contents
and URLs we need to use a proxy server like squid. Also for caching
contents in a network, squid will be used.

Also in a UTM antivirus and antispam are the tools which will be use. VPN,
IPS/IDS &... Are the other features that a standard UTM should support.

In this topic we are talking about main subjects of CentOS Security SIG,
not about technical features.

On Mar 22, 2014 2:30 AM, "Manuel Wolfshant" <wolfy at nobugconsulting.ro>

>  On 03/21/2014 11:36 PM, Shafiee Roozbeh wrote:
> @Manuel
> Our goal is not IPtables rule generator ! We are talking about a version
> of CentOS that provide unified threat management which will be install on a
> device or server.
> And so far - except for the yet incomplete module from NethServer - all
> the talk was around various rules generators.
> Could you please explain in more words what you wish to accomplish ? UTM is a great buzzword and integrating under the same umbrella firewall management and UTM is not trivial. Especially in a clustered world where part of the firewalling is done via appliances from various providers such as Cisco, Juniper, Vyatta, Sonicwall and Bluecoat
>  On this machine except iptables we need proxy and caching service like
> squid and some tools else.
> Exactly my point. What other tools do you have in mind ? And WHY do you
> need proxy / caching on this machine ? My main proxy for instance is quite
> far from some of the border firewalls. Up to 5000 km away. And being able
> to maintain the firewall rules in a single place and push them as needed is
> handy
>  Firewalling is one of our goal...
> :-)
> All right. And what other goals are there ?
>  On Mar 22, 2014 1:51 AM, "Manuel Wolfshant" <wolfy at nobugconsulting.ro>
> wrote:
>> On 21 martie 2014 22:50:39 EET, Shafiee Roozbeh <
>> roozbeh.shafiee at gmail.com> wrote:
>> >@Christoph
>> >Yes, I worked with this tool sometimes ago but I think that a web GUI
>> >is
>> >better for an administrator and our project because:
>> >
>> >- An administrator maybe doesn't access to a Linux  desktop to work
>> >with
>> >fwbuilder but with his/her tablet or smartphone or even a Microsoft
>> >Windows
>> >OS can work with web GUI
>> >
>> If you can expose a web interface, you can expose ssh /VNC/VPN whatever
>> to a machine where fwbuilder can run. Google Play provides apps for all of
>> those and then some more
>> >- Designing and development of web GUI with HTML/CSS is faster and
>> >easier
>> >that using a framework like Qt or GTK
>> >
>> >- The world is going to web !
>> And fwbuilder can run on your management workstation and push the rules
>> to ANY server. Including the web server that you mentioned :)
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> http://lists.centos.org/mailman/listinfo/centos-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140322/8a4edf59/attachment-0005.html>