Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Suggestions
  4. Topic: Interface for firewall rules
« previous next »
Pages: [1]   Go Down

Interface for firewall rules

  • 4 Replies
  • 1601 Views

Johan Wolhuter

Interface for firewall rules
« on: November 21, 2003, 09:33:19 AM »
The one side of the SME server that I have found lacking, was the possibility to customise firewall rules to open custom ports use by certain software.  If this interface could be integrated into the standard web management interface it could be a great addition
Logged

boris

Re: Interface for firewall rules
« Reply #1 on: November 22, 2003, 02:10:32 AM »
Have you looked at Ver 6 (beta)
Port forwarding is in where "out of the box"
Logged

Nick Ramsay

Re: Interface for firewall rules
« Reply #2 on: December 20, 2003, 09:17:48 PM »
boris wrote:

> Have you looked at Ver 6 (beta)
> Port forwarding is in where "out of the box"

Port forwarding is a very small sub-set of configuring a firewall.  I'm in two minds about this question.  On the one hand, a fully configurable firewall would be very handy.  On the other hand, the possibility of screwing it up and causing a security breach is not insignificant, and could impact negatively on the reputation of the SME as a very secure platform.  IP tables is not trivial to set up in a secure manner whilst also allowing all the possible SME services to run properly.

If I need this sort of level of control, I'd be thinking more in terms of a seperate hardware firewall such as Firebox, or even IP Cop in a pinch.

[%sig%]
Logged

erwan

Re: Interface for firewall rules
« Reply #3 on: January 02, 2004, 01:05:22 AM »
I had a problem like that with the hlds server (counter strike), and i solved it in 3h after a long reading of online documentations.

I created 2 script files: 1 to open 27015 port in tcp and udp and one to close them.

now, the starting of the hlds server automaticly open the good ports and the ending of the server close them.

I prefer this solution to a permanent way whith a panel because my hlds is not (for secure reasons), always on.
Logged

Sean

Re: Interface for firewall rules
« Reply #4 on: January 08, 2004, 06:44:09 AM »
Probably the best web-based firewall rules editor that I have seen is the one that comes with NetMAX (www.netmax.com). It is very flexible and very powerful.

The caveat there is that you can also do horrendous things to your firewall with that power and flexibility, so you *need to know what you are doing*.

I do not believe that the vast majority of SME users out there know, or indeed want to know, exactly how their firewall works or how the rules should be crafted for maximum security. It should be left as white-man magic.

Having said that, the _option_ of crafting the rules with the specific granularity that the NetMAX model provides is very tempting. Having it as a separate server-manager contrib option, which would have a biiig warning at the top of it, would be good.

Sean
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Suggestions
  4. Topic: Interface for firewall rules