View Single Post
Old 8th June 2014
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by tetra_user View Post
I am strictly against any type of GUI as vulnerabilities emerge once in a while though but this is something that might help with work and stuff.
...which is part of the legacy of Webmin. As I recall, there were exploits specific to Webmin many year ago. As you allude, it is more prudent to simply stay away from these types of tools layered on top of tools which are more important/fundamental.
Quote:
Or perhaps an easy to use shell script to create / modify PF rules??
It appears that you are looking for some intermediate layer which will save you from learning the underlying firewall technology. Unfortunately, all software has issues, & your hope is that this layer will always create rules which both do as you want, & translate to the underlying technology correctly.

This can't be guaranteed. When this GUI layer fails, users still need to have the knowledge to fix the rulesets the tool fails to create and/or maintain.

Why now simply learn the syntax & grammar of PF? You have mentioned your consultancy a number of times which indicates that you may or may not be responsible for day-to-day maintenance. Yet if an organization is to be responsive to ever changing needs & requirements, learning how to write firewall rules ultimately is a job requirement -- whether it is you or someone else doing the work. I am not convinced that having the expectation for tools to absolve you from developing such knowledge is realistic.
Reply With Quote