On 03/29/2017 07:38 AM, Leon Fauster wrote:> Am 27.03.2017 um 21:03 schrieb Robert Moskowitz <rgm at htt-consult.com>: >> Is there an Apache tool to manage firewalld on a headless server? >> >> I am looking forward to my next Centos project which is to replace my Juniper SSG5 firewall... >> >> And along that line, what overlap, if any between firewalld and Suricata? > > We have good results with http://www.shorewall.net/ an iptables "abstraction". > Despite its not a GUI, the streamlined configuration helps to be effective.From what I can determine, it is still iptables. Not firewalld.
On Wed, 29 Mar 2017, Robert Moskowitz wrote:>On 03/29/2017 07:38 AM, Leon Fauster wrote:>>We have good results with http://www.shorewall.net/ an iptables >>"abstraction". >>Despite its not a GUI, the streamlined configuration helps to be effective. > >From what I can determine, it is still iptables. Not firewalld.That's what Leon said, shorewall is an iptables abstraction, and iptables is a command that manipulates netfilter. FirewallD is similar in that it abstracts and simplifies using netfilter without using the iptables command. Which has a GUI that can be used remotely but it is not web based as requested. Fedora's CoPilot probably has a module for it, but I don't know that it can be used with a CentOS based server. Webmin likely has a module for it by now. /mark
On 30 March 2017 at 19:47, Mark Milhollan <mlm at pixelgate.net> wrote:> On Wed, 29 Mar 2017, Robert Moskowitz wrote: >>On 03/29/2017 07:38 AM, Leon Fauster wrote: > >>>We have good results with http://www.shorewall.net/ an iptables >>>"abstraction". >>>Despite its not a GUI, the streamlined configuration helps to be effective. >> > >From what I can determine, it is still iptables. Not firewalld. > > That's what Leon said, shorewall is an iptables abstraction, and > iptables is a command that manipulates netfilter. > > FirewallD is similar in that it abstracts and simplifies using netfilter > without using the iptables command. Which has a GUI that can be used > remotely but it is not web based as requested. Fedora's CoPilot > probably has a module for it, but I don't know that it can be used with > a CentOS based server. Webmin likely has a module for it by now. > >Minor correction here ... firewalld is an iptables abstraction like shorewall and it doesn't link into netfilter directly. You can see that here: https://github.com/t-woerner/firewalld/blob/master/src/firewall/core/ipXtables.py