[CentOS-devel] CentOS Firewall and UTM SIG

Fri Mar 21 22:45:12 UTC 2014
Eduardo Kaftanski <ekaftan at gmail.com>

Can I elaborate a bit on what I would like this SIG to provide?

-An integrated web console for object oriented (objects being servers,
pc-workstations and people) network access manager. This
console would get installed in a centralized server (maybe a
small VM on whatever virtualization system you have)

-A small dedicated CentOS server that you can install over comodity
hardware. This would be an 'almost zero config' server. You only need
to specify the IP for the admin interface and the IP for the central

-This small servers can act as firewalls, mail proxys, antiviruses,
web proxies, DNS, etc.

-Small network? One small VM for the adminserver + one box doing
firewall, proxy, mx, snort, etc.

-Growing up? install a second box. Select proxy off for box 1 on the admin
console, select proxy on on the second box. Select 'transparent on'. Select
antivirus on. Click apply. Box one is no longer your proxy but transparently
redirects proxy traffic to box two, now your proxy.

yes, I am a crazy dreamer, but its like Asterisk... if you want a very small
cheap PBX you can buy a Panasonic for US$500. You need Asterisk when you
want the strange and crazy features.

you dont install a CentOS firewall for a tiny network. A small WRT box
works better
is more stable and its way cheaper. You need a CentOS box when you are doing
strange things, like balancinh, HA, multiview DNS, multiple ISP links,
openvpn servers,
ipsec, etc..

Ah... at least down here customers place MUCH more weight on the ability to
selectively block access to their own people than protecting from
outside attacks
and 90% of the configurations I make have no external access at all. All they
care is to be able to allow and block youtube and facebook with a mouse click.

On Fri, Mar 21, 2014 at 6:36 PM, Shafiee Roozbeh
<roozbeh.shafiee at gmail.com> wrote:
> @Manuel
> Our goal is not IPtables rule generator ! We are talking about a version of
> CentOS that provide unified threat management which will be install on a
> device or server. On this machine except iptables we need proxy and caching
> service like squid and some tools else.
> Firewalling is one of our goal...
> :-)
> On Mar 22, 2014 1:51 AM, "Manuel Wolfshant" <wolfy at nobugconsulting.ro>
> wrote:
>> On 21 martie 2014 22:50:39 EET, Shafiee Roozbeh
>> <roozbeh.shafiee at gmail.com> wrote:
>> >@Christoph
>> >Yes, I worked with this tool sometimes ago but I think that a web GUI
>> >is
>> >better for an administrator and our project because:
>> >
>> >- An administrator maybe doesn't access to a Linux  desktop to work
>> >with
>> >fwbuilder but with his/her tablet or smartphone or even a Microsoft
>> >Windows
>> >OS can work with web GUI
>> >
>> If you can expose a web interface, you can expose ssh /VNC/VPN whatever to
>> a machine where fwbuilder can run. Google Play provides apps for all of
>> those and then some more
>> >- Designing and development of web GUI with HTML/CSS is faster and
>> >easier
>> >that using a framework like Qt or GTK
>> >
>> >- The world is going to web !
>> And fwbuilder can run on your management workstation and push the rules to
>> ANY server. Including the web server that you mentioned :)
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> http://lists.centos.org/mailman/listinfo/centos-devel

Eduardo Kaftanski
eduardo at kdi.cl
ekaftan at gmail.com