[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: web interface?

Peter Harmsen said:
> On Friday 11 June 2004 11:26, Per-Olov Sjöholm wrote:
> What about a webmin plugin for pf?
> A good gui would "pay off" in a fair size company with lots of rulez to
> conquer.
>> James Cammarata said:
>> > Is there any interest in this?  I am currently writing one in
>> Python/Zope
>> > to manage the PF rules.  It's in the very early stages of planning so
>> > there
>> > isn't much to it yet, so I thought I'd ask people what they thought of
>> > the idea / Zope.  I personally love Zope for web development (use it
>> for
>> > our Intranet at my company), so that's why I'm using it.  I could
>> break
>> > out of it without too much pain now, and just have to rewrite the
>> > low-level CGI stuff myself.
>> >
>> > Also, in the future I would like to write a daemon that allowed a
>> single
>> > web interface to manage multiple firewalls.  This of course has many
>> > inherent risks so it's definitely just a thought right now, but Cisco
>> > does it and I'll be damned if they do something we can't do ;)
>> >
>> > Anyway, any thoughts are appreciated.
>> >
>> > James Cammarata
>> > [email protected]
>> > www.sngx.net
>> > home: 314-966-5976
>> > work: 314-872-2426
>> > cell: 314-409-0583
>> > ______________________________________________________________
>> > Out the Ethernet, through the router,
>> > down the fiber, off another router,
>> > down the T1, past the fire-wall
>> > ..nothing but Net
>> Yes! I think it's nice.
>> I have installed many OpenBSD firewalls at customer sites. No matter
>> what
>> I and the OpenBSD community think... they really want a good gui. Or we
>> can say it like this.. The install base for PF will go like a rocket if
>> you can find a good gui.
>> A  good gui is fwbuilder at fwbuilder.org. That gui is not web based but
>> can handle multiple firewalls. But I think they must lack developers or
>> have low priority on OpenBSD. This as they always lack the latest
>> features. Because of this I have the whole customer install base running
>> "vi" when managing pf.conf. They still miss important features from Open
>> BSD 3.4. But the gui is very nice.
>> I also know there already exist a web based gui to manage PF (don't
>> remember the link). But that interface miss to much to be usable for me
>> and/or my customers.
>> A web based gui that can handle most of the important features of PF
>> that
>> will continue to evolve during new OpenBSD releases would be really
>> great!
>> If it can handle multiple firewalls it will be even better...
>> Personally I actually don't care what tools this stuff is developed
>> with.
>> For me and my customer it is more important to support the important
>> features as altq, synproxy, adaptive timeouts etc. Otherwise the tools
>> is
>> useless as you have to manually edit the rulesets anyway.
>> So, from my and my customers point of view it is more important with the
>> features and stability of the ruleset compiler that the tool it is
>> developed with.
>> /Per-Olov
// In reply to the top posting.... //
Well... A webmin module should be ok I think. Then the admin framework is
already built.
I think there actually existed an old PF webmin module for and older
OpenBSD release. But I think it is outdated. But as said... I don't really
care. The most important thing for me is that the the "new" gui supports
the important features, continue to evolve with new OpenBSD releases, and
that the rule compiler is stable and correct.
But a gui should not be to simple either. If you still have to understand
the syntax completly, the rule order and all options, you can continue to
use "vi" on pf.conf instead. I think the "rule understanding level" should
be something like fwbuilder but without "drag and drop".