Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: jonaskellens on August 12, 2009, 11:19:18 AM
-
Like with Endian Firewall, is there a GUI to define and control the outgoing and incoming traffic, based on IP-address / IP-range or portnumber / port-range ??
As an alternative, can one install CSF/LFD onto the SMEserver ??
-
hi
you don't need any gui to manage firewall rules on SME because they are dinamically generated.
for this reason you can't install any gui/utility, because it will break your server.
I strongly suggest you to search in the forums for more info: this question (and, generally, firewall management) has been posted many times.
if you want to know how firewalling works on SME, please read the documentation.
btw, SME is a firewall but packet filtering is not its main target.. if you really need a more configurable firewall, you can use any distro/appliance in front of your SME
hth
ciao
Stefano
-
Is it then possible to "extract" the firewall-function from SMEserver so it no longer edits the iptables-file ? When SMEserver no longer edits iptables, then another program may. Then there are no conflicts.
As SMEserver is built in a modular way, is then possible to "extract" the firewall-module ?
-
hi
the short answer: no
the long one: every time you enable/disable a service via server-manager or db command, firewall rules are automagically adapted..
so, no, it's not possible to extract the firewall module/functionality
I repeat, search the forums.. there are many 3ads about this topic..
Ciao
Stefano
-
Like with Endian Firewall, is there a GUI to define and control the outgoing and incoming traffic, based on IP-address / IP-range or portnumber / port-range ??
SME does not block or restrict outgoing traffic, but does force mail (SMTP) to be proxied through the local MTA and web access (HTTP) through the local squid proxy.
Incoming traffic is restricted by server-manager access settings for the various services (e.g. imap/pop/imaps/imap). Most incoming traffic is dropped.
-
jonaskellens
There is no seperate firewall specific GUI and it is recommended that you do not install any additional GUI control panels.
Firewall control is integrated into server manager GUI.
As you enable & disable services etc, then appropriate ports are opened or closed.
You can do more specific control with db commands and custom templates using the tips indicated in the Firewall FAQ
http://wiki.contribs.org/SME_Server:Documentation:FAQ#Firewall
Please understand that the Firewall functionality is tightly integrated into the design of sme server and if you "wipe out" all firewall iptables rules you are likely to create a serious mess and an insecure server unless you really really know what you are doing.
It will be much better for you to learn to use sme server "as is" and limit your manipulation of the firewall to the tips shown in the FAQ.
Note there is also a port opening and forwarding panel in server manager if you have specific requirements for port management.
For more sophisticated control of the firewall, you will be better off putting a seperate firewall in front of sme server and changing sme to server only mode.