IPTables works at OSI layer 3/4. It only deals with IP addresses, port numbers, protocols. In layer 7, the application layer to filter contents and URLs we need to use a proxy server like squid. Also for caching contents in a network, squid will be used. Also in a UTM antivirus and antispam are the tools which will be use. VPN, IPS/IDS &... Are the other features that a standard UTM should support. In this topic we are talking about main subjects of CentOS Security SIG, not about technical features. :-) On Mar 22, 2014 2:30 AM, "Manuel Wolfshant" <wolfy at nobugconsulting.ro> wrote: > On 03/21/2014 11:36 PM, Shafiee Roozbeh wrote: > > @Manuel > Our goal is not IPtables rule generator ! We are talking about a version > of CentOS that provide unified threat management which will be install on a > device or server. > > And so far - except for the yet incomplete module from NethServer - all > the talk was around various rules generators. > > Could you please explain in more words what you wish to accomplish ? UTM is a great buzzword and integrating under the same umbrella firewall management and UTM is not trivial. Especially in a clustered world where part of the firewalling is done via appliances from various providers such as Cisco, Juniper, Vyatta, Sonicwall and Bluecoat > > > > > On this machine except iptables we need proxy and caching service like > squid and some tools else. > > Exactly my point. What other tools do you have in mind ? And WHY do you > need proxy / caching on this machine ? My main proxy for instance is quite > far from some of the border firewalls. Up to 5000 km away. And being able > to maintain the firewall rules in a single place and push them as needed is > handy > > > Firewalling is one of our goal... > :-) > > All right. And what other goals are there ? > > > > > On Mar 22, 2014 1:51 AM, "Manuel Wolfshant" <wolfy at nobugconsulting.ro> > wrote: > >> >> >> On 21 martie 2014 22:50:39 EET, Shafiee Roozbeh < >> roozbeh.shafiee at gmail.com> wrote: >> >@Christoph >> >Yes, I worked with this tool sometimes ago but I think that a web GUI >> >is >> >better for an administrator and our project because: >> > >> >- An administrator maybe doesn't access to a Linux desktop to work >> >with >> >fwbuilder but with his/her tablet or smartphone or even a Microsoft >> >Windows >> >OS can work with web GUI >> > >> If you can expose a web interface, you can expose ssh /VNC/VPN whatever >> to a machine where fwbuilder can run. Google Play provides apps for all of >> those and then some more >> >> >- Designing and development of web GUI with HTML/CSS is faster and >> >easier >> >that using a framework like Qt or GTK >> > >> >- The world is going to web ! >> And fwbuilder can run on your management workstation and push the rules >> to ANY server. Including the web server that you mentioned :) >> >> > _______________________________________________ > CentOS-devel mailing list > CentOS-devel at centos.org > http://lists.centos.org/mailman/listinfo/centos-devel > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140322/8a4edf59/attachment-0007.html>