OK I explain it: My goal is a Unified Treath Management (UTM) based on CentOS (Security SIG). this SIG has an ISO installation media (i686/x86_64) with both web and cli interface, but cli interface is for common tasks. for back-end we will use python and django web framework and we need a light web server like nginx and for front-end we will use HTML5/CSS3/jQuery The features for this SIG will be: - basic and advanced wizard to initial configuration - HA and cluster feature - SNMP for monitoring - Management Network like Interfaces, Gateway, Static Route, DHCP, DNS, ARP, NAT, NameServers, Hostname &... - Accounting and Access users based on OpenLDAP integrated with Microsoft Active Directory - Access policies for each users - IPS/IDS firewalling based on mixed of IPTables, Snorby, Snort, Suricata, PulledPork and Pigsty - VPN to access users based on OpenVPN, PPTP, IPSec, L2TP - Filtering for Web/URL, Applications, IM and File Transfer - Defence System such as antivirus and antispam - Graphical Monitoring System for each part of system of cource these are some of all features and they can change or add in future. but I have these in my mind right now. For set of packages there are too many option and we can discuss about it. On Sat, Mar 22, 2014 at 7:44 PM, Manuel Wolfshant <wolfy at nobugconsulting.ro>wrote: > > > On 22 martie 2014 16:46:26 EET, Shafiee Roozbeh <roozbeh.shafiee at gmail.com> > wrote: > >the goal is not a firewall rules generator like fwbuilder. > >I mentioned this before. > > And you still did not offer a comprehensive explanation of the real goal > which you wish to achieve. > BTW, everybody here knows the OSI layers as well as their mapping to the > real world. There is no need to teach us what iptables does and which > layer(s) see(s) its actions. > > If you want real traction you should start with a set of scopes. For > instance: a set of packages which on top of a CentOS installation would > integrate > - an antivirus module > - an antispam module > - a way to dinamically react to attacks and block them. Ideally this > module should be able to imteract with remote sensors and trigger remote > actions (mind that on purpose I said "trigger remote actions" and not > "influence remote firewalls" or even "create iptables rules") > - a module to monitor the activity of all other installed and activated > modules > - a teport module > - a web based command and control interface which can interact with all > the other modules. It should be able to install,remove,enable, disable and > configure all the other modules. > > > So, can we move past "the goal is not" step and find out "what the > complete goal is" ? > _______________________________________________ > CentOS-devel mailing list > CentOS-devel at centos.org > http://lists.centos.org/mailman/listinfo/centos-devel > -- Roozbeh Shafiee Linux/BSD System Administrator and Python Developer RoozbehShafiee.Com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140322/981888ae/attachment-0005.html>