[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: web interface?
James Cammarata said:
> Is there any interest in this? I am currently writing one in Python/Zope
> to manage the PF rules. It's in the very early stages of planning so
> isn't much to it yet, so I thought I'd ask people what they thought of the
> idea / Zope. I personally love Zope for web development (use it for our
> Intranet at my company), so that's why I'm using it. I could break out of
> it without too much pain now, and just have to rewrite the low-level CGI
> stuff myself.
> Also, in the future I would like to write a daemon that allowed a single
> web interface to manage multiple firewalls. This of course has many
> inherent risks so it's definitely just a thought right now, but Cisco does
> it and I'll be damned if they do something we can't do ;)
> Anyway, any thoughts are appreciated.
> James Cammarata
> [email protected]
> home: 314-966-5976
> work: 314-872-2426
> cell: 314-409-0583
> Out the Ethernet, through the router,
> down the fiber, off another router,
> down the T1, past the fire-wall
> ..nothing but Net
Yes! I think it's nice.
I have installed many OpenBSD firewalls at customer sites. No matter what
I and the OpenBSD community think... they really want a good gui. Or we
can say it like this.. The install base for PF will go like a rocket if
you can find a good gui.
A good gui is fwbuilder at fwbuilder.org. That gui is not web based but
can handle multiple firewalls. But I think they must lack developers or
have low priority on OpenBSD. This as they always lack the latest
features. Because of this I have the whole customer install base running
"vi" when managing pf.conf. They still miss important features from Open
BSD 3.4. But the gui is very nice.
I also know there already exist a web based gui to manage PF (don't
remember the link). But that interface miss to much to be usable for me
and/or my customers.
A web based gui that can handle most of the important features of PF that
will continue to evolve during new OpenBSD releases would be really great!
If it can handle multiple firewalls it will be even better...
Personally I actually don't care what tools this stuff is developed with.
For me and my customer it is more important to support the important
features as altq, synproxy, adaptive timeouts etc. Otherwise the tools is
useless as you have to manually edit the rulesets anyway.
So, from my and my customers point of view it is more important with the
features and stability of the ruleset compiler that the tool it is