Contributed by merdely on from the last-comix-standing dept.
Soner Tari writes about his Internet Security Gateway (ISG) project:
The first public release of ComixWall ISG 4.1b is ready for download.
ComixWall is developed on OpenBSD using ports/packages and other software, and uses only free/open source software licensed under either BSD or GPL. ComixWall is freely available for all. The project goal is to have all the advanced features of many commercial and closed-source (some half open source) ISGs. This is a very serious undertaking, because most of the free and open source firewalls available on the Internet fail to support many of the features available on those commercial and closed-source ISGs.
I have been working on this project for more than a year now. To achieve its current feature set, I had to port a couple of extra software too:
- smtp-gated (which I have submitted to ports@, but I see it is not committed yet),
- p3scan (v2.3.2),
- dansguardian (which has been added to ports tree very recently),
- and fix a bug in snort on amd64.
Perhaps the most important part of ComixWall is its user-friendly web administration and monitoring interface. Here are a couple of its features:
- Basic settings like system hostname, interface IPs, gateway, hosts file, etc. can be configured via the web interface.
- pfw is integrated into the web interface so that pf rules can be managed very easily.
- pf module has a simple AfterHours and privileged/restricted IPs setting, which can be configured using the web interface.
- symon is the tool used for creating most of the monitoring graphics: CPU load/temperature/fan speed, PF and process graphs, etc.
- Host network usages and protocol usage graphics are based on pmacct package.
- Most modules have logs and live logs pages, where users can view and search system and process logs, even the compressed archives!
- IM proxy can log all of the text messages interchanged.
- Log files can be downloaded via the web interface.
- Most modules have statistics and live statistics pages too, where statistics are presented as top lists and bar charts.
- Most of the modules configuration can be done without going into command line. Some advanced settings can be achieved using the web interface too.
- There are two users who can login to the web interface: admin and user. Admin can access all of the pages, while user does not have access rights to configuration pages, thus cannot interfere with system settings, cannot even change user password (i.e. you can safely give the user password to your boss).
- OpenBSD man pages can be accessed and searched via the web interface.
- Doxygen documentation of the web interface itself can be viewed on the web interface too (Doxygen has partial PHP support and no shell script support, so take it as it is).
- It is written in PHP and uses gettext. So the web interface can be translated into other languages very easily (current release has partial Turkish support for example, I am working on finalizing the translation soon).
The todo list of the project (not to mention, of the web interface, which you can view on the doxygen documentation) is very long. At its current state I don't see too many issues, but you can, if you wish, consider this release as the indication of what is to come in the near future. Every help and suggestion is welcome.
ComixWall 4.1b is available as a torrent download. You can find the torrent file on project web site. If you are interested in this project and choose to download the CD iso, I would appreciate if you could seed this torrent.
The following is the description of the torrent file at torrentbox:
Internet Security Gateway developed on OpenBSD, ports/packages, and other open source software. UTM (Unified Threat Management) firewall with packet filter, web filter, anti-virus, anti-spam, misc proxies, and much more. Released under BSD license. Free for all to download and use.
Main services are provided by the following open source projects/software:
- Firewall functions provided by OpenBSD pf, a powerful and flexible packet filter
- DansGuardian: content and virus scanning web filter with default domain/url lists
- Snort: IDS and periodic rule updates by oinkmaster
- ClamAV: anti-virus daemon with periodic signature updates by freshclam
- SpamAssassin: content scanning anti-spam daemon
- IMSpector: IM proxy which supports MSN, IRC, Yahoo, etc.
- P3scan: POP3 anti-virus/anti-spam proxy
- smtp-gated: SMTP anti-virus/anti-spam proxy
- OpenSSH: de-facto standard secure shell
- OpenBSD spamd: spam deferral daemon
- Dante: SOCKS proxy
- Squid: HTTP proxy
- Apache Web Server (OpenBSD httpd)
- OpenBSD ftp-proxy
- DNS server
- DHCP server
Thanks to these FOSS software and its easy-to-use and mature administration and monitoring web interface, ComixWall ISG can compete with many commercial UTM firewalls in the market. Yet, ComixWall ISG is the only open source UTM firewall running on OpenBSD, the most secure operating system in the world, which is freely available for the public to use and reuse.
Various versions of ComixWall have been running on production systems for more than a year now. So it is quite stable. This is the first public release of ComixWall. Please visit the ComixWall website for further details, documentation, and the screenshots of its user-friendly web administration interface.
(Comments are closed)