@eduardo Yes you are right. You are not crazy dreamer ! A midrange UTM and uper should support this features and another... The technical topic will open later, for now we are talking about general subjects ! Are goal is CentOS Security SIG ! A version of CentOS that provide features for network security and my topics to discuss are: - Do we need this SIG in CentOS ecosystem? - Is it any parallel project in CentOS right now? - Is CentOS a suitable base to provide and create this project? - and anything you think... :-) On Mar 22, 2014 3:15 AM, "Eduardo Kaftanski" <ekaftan at gmail.com> wrote: Can I elaborate a bit on what I would like this SIG to provide? -An integrated web console for object oriented (objects being servers, pc-workstations and people) network access manager. This console would get installed in a centralized server (maybe a small VM on whatever virtualization system you have) -A small dedicated CentOS server that you can install over comodity hardware. This would be an 'almost zero config' server. You only need to specify the IP for the admin interface and the IP for the central admin-server -This small servers can act as firewalls, mail proxys, antiviruses, web proxies, DNS, etc. -Small network? One small VM for the adminserver + one box doing firewall, proxy, mx, snort, etc. -Growing up? install a second box. Select proxy off for box 1 on the admin console, select proxy on on the second box. Select 'transparent on'. Select antivirus on. Click apply. Box one is no longer your proxy but transparently redirects proxy traffic to box two, now your proxy. yes, I am a crazy dreamer, but its like Asterisk... if you want a very small cheap PBX you can buy a Panasonic for US$500. You need Asterisk when you want the strange and crazy features. you dont install a CentOS firewall for a tiny network. A small WRT box works better is more stable and its way cheaper. You need a CentOS box when you are doing strange things, like balancinh, HA, multiview DNS, multiple ISP links, openvpn servers, ipsec, etc.. Ah... at least down here customers place MUCH more weight on the ability to selectively block access to their own people than protecting from outside attacks and 90% of the configurations I make have no external access at all. All they care is to be able to allow and block youtube and facebook with a mouse click. On Fri, Mar 21, 2014 at 6:36 PM, Shafiee Roozbeh <roozbeh.shafiee at gmail.com> wrote: > @Manuel > Our goal is not IPtables rule generator ! We are talking about a version of > CentOS that provide unified threat management which will be install on a > device or server. On this machine except iptables we need proxy and caching > service like squid and some tools else. > Firewalling is one of our goal... > :-) > > On Mar 22, 2014 1:51 AM, "Manuel Wolfshant" <wolfy at nobugconsulting.ro> > wrote: >> >> >> >> On 21 martie 2014 22:50:39 EET, Shafiee Roozbeh >> <roozbeh.shafiee at gmail.com> wrote: >> >@Christoph >> >Yes, I worked with this tool sometimes ago but I think that a web GUI >> >is >> >better for an administrator and our project because: >> > >> >- An administrator maybe doesn't access to a Linux desktop to work >> >with >> >fwbuilder but with his/her tablet or smartphone or even a Microsoft >> >Windows >> >OS can work with web GUI >> > >> If you can expose a web interface, you can expose ssh /VNC/VPN whatever to >> a machine where fwbuilder can run. Google Play provides apps for all of >> those and then some more >> >> >- Designing and development of web GUI with HTML/CSS is faster and >> >easier >> >that using a framework like Qt or GTK >> > >> >- The world is going to web ! >> And fwbuilder can run on your management workstation and push the rules to >> ANY server. Including the web server that you mentioned :) >> > > _______________________________________________ > CentOS-devel mailing list > CentOS-devel at centos.org > http://lists.centos.org/mailman/listinfo/centos-devel > -- Eduardo Kaftanski eduardo at kdi.cl ekaftan at gmail.com _______________________________________________ CentOS-devel mailing list CentOS-devel at centos.org http://lists.centos.org/mailman/listinfo/centos-devel -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140322/ffef74b3/attachment-0007.html>