[CLUG] Web-based iptables administration
Peter Flynn
peter at silmaril.ie
Wed Feb 9 21:16:45 GMT 2005
On Wed, 2005-02-09 at 17:22, adam beecher wrote:
> I'm pretty sure I've asked for this before, and I've searched Freshmeat
> (eww) and SourceForge to no avail, so rather than asking - again - if the
> Holy Grail exists, I'll wonder aloud: How come no-one's come up with a
> web-based iptables configurator as simple as Plesk's?
I've wanted this for ages because try as I may, I can't grok the
fullness of iptables. What's needed is an interface that lets the
admin say "I need to allow machine a.b.c.d receive NetMeeting calls"
or "the machine a.b.c.d must be able to poll out to a timeserver",
and not have to work out the port and the pathway by hand. Plus it
should pop up a warning that "doing this will open you up to attack
through port X, so I'll log all attempts to the console" or sumpn.
It doesn't need to be cunning (that would be nice but inessential):
it needs to be *sensible*. And it needs to know *all* the ports
that assorted weirdo software uses, so it needs to access a central
repository of "program:port" data where authorised admins can add
"hey I've found neato utility Foo which uses port 31415", so that
dumb admins like me don't have to spend 42 days grepping weblogs
for references to Foo to try and find what ports it uses. Or better,
let the admin run a new program and the system will monitor the line
for sudden new ports hits so you can see what's being requested.
Etc.
///Peter
More information about the Cork
mailing list