Another frontend for pf: PfPro

Contributed by grey on 2004-07-07 from the yapffe for those who don't like text editors I guess dept.

Adam VanderHook writes in announcing his own front end for PF:

PfPro combines Java and XML to provide a graphical inteface for creating and maintaining firewall configurations for OpenBSD's PF firewall system.Screenshot.

This code is still very alpha, but working. I still have a LOT of features to add, and would gladly accept any help. While writing this I discovered XML Binding, and as such the next major release will use that instead of nasty DOM tree mangling.

My goal is to produce a best-effort platform-independent firewall utility. By using XML, configurations can be verified efficiently (by check via DTD) and possibly translated to other firewalling systems (like IPChains, via XSLT). One day I would like PfPro to be able to handle configurations for various firewall platforms through a consistent interface.

Here is the homepage and the project page.

(Comments are closed)

Comments

By Asenchi (64.118.132.155) asenchi@asenchi.com on 2004-07-07 20:05

It looks good and all, but why Java? Why not some smaller, functional language that works really well with OpenBSD and isn't slow? Also something with a better license? Mind you I haven't ever had success installing Java (never really needed, never spent much time). This isn't ment to be a language war, just that what I've seen of Java it is mostly over hyped. Sorry, just my $0.02. Good to see someone working on something like this though. Again, good work.
By j0rd (64.114.241.73) j0rd.spam@gmail on 2004-07-07 20:40 http://j0rd.ath.cx/

Java is one of the least portable languages you can write in. I'm pretty sure OpenBSD doesn't even have a native port of J2SE 1.4. If you wanted something portable i'd sugguest using a scripting language.
Comments
1. By StatiK76 (142.109.90.79) on 2004-07-07 21:35
  
  "Java is one of the least portable languages you can write in."
  Hey, i'm no fan of java - but, what the hell are you talking about?
  meh. whatever. Call me strange; I don't think there is a better method of creating pf.conf's outside of using a text editor. No offense to the authors of all these dandy eye candy yet-another-pf.conf-interface's .. But, they all suck.
  StatiK76
  Comments
  1. By Anonymous Coward (209.162.235.146) on 2004-07-07 21:42
    
    He explained what he is talking about, are you hard of reading? Where is the OpenBSD/i386 jdk, much less openbsd/sparc64, openbsd/amd64, openbsd/alpha? Java is only portable if you only care about windows, linux and solaris. I would definately say a tool like this would be much better in python or perl or whatever other portable scripting language you prefer.
    
    Comments
    
    By StatiK76 (142.109.90.79) on 2004-07-07 22:05
    
    Ah. Yes. Maybe I have misread a little out of context. But the statement was rather general ("Java is one of the least portable languages you can write in"). The sentence, alone, caused my alarm. thx!
    Still doesn't take away from the fact that these pf.conf front ends are rather pointless (imo). Maybe i'm alone on this one - But, I just don't see the point. (I think the # of useless pf.conf frontends is at 4 or 5 now isn't it?)
    I was impressed with how simple the pf.conf syntax was - does it really require a ui (let alone 4-5)?
    StatiK76
    
    Comments
    
    By Adam VanderHook (68.55.69.153) acidos@bandwidth-junkies.net on 2004-07-07 22:15 http://acidos.bandwidth-junkies.net/
    
    I did not write PfPro with it in mind that it would actually be run on your firewall. Writing it in Java makes it easier for someone to implement a web interface or an interface for embedded devices, in my opinion. Most of the work is actually done in XML, Java is used primarily for the interface and user-experience. If someone decides they want to implement a GUI in a different language, I would be more than happy to provide any help that I can.
    Additionally, people who use remote firewall management software on Windows will be more likely to try it if they don't have to switch their OS (this is a feature planned for a later release--to securely xfer the config and signal pf to reload it). That, along with the fact that I don't consider configure scripts #ifdef statements to be any more portable that Java, is why I use Java.
    I'm already working on moving over to XML Binding, which means even more of the work will be handled via XML technologies. The Java GUI is only a third of the picture. Either use it, write a GUI conforming to your ideals, or don't.
    
    Comments
    
    By Anonymous Coward (195.217.242.33) on 2004-07-08 08:19
    
    Interesting
    
    By Anonymous Coward (195.217.242.33) on 2004-07-08 08:19
    
    "Where is the OpenBSD/i386 jdk"
    in ports
    though I believe it is the only i386 at the moment ( at least that is what the port tells me )
    all platforms can compile via Jikes
    
    Comments
    
    By Adam VanderHook (128.183.167.178) acidos@bandwidth-junkies.net on 2004-07-08 11:39 http://acidos.bandwidth-junkies.net/
    
    Take a look under /usr/ports/devel/jdk. There will be different directories for different versions and implementations.
    
    By Anonymous Coward (209.162.235.146) on 2004-07-08 16:19
    
    An old version without any form of JIT compiler is not good enough. I know IBM aren't total cocks and jikes is open source, but that's not enough. If Sun is gonna say stuff like "write once, run everywhere" then they had better make a jdk for everywhere.
    
    By goon (220.253.49.128) goonmailALPHATANGOnetspaceDELTAnetDELTAau on 2004-07-12 01:46 http://slashdot.org/~goon
    
    perl would be a good choice. less installing than python, java, etc. installed by default (if I remember correctly).
  2. By Nikademus (3ffe:4005:1000:4d::2) on 2004-07-08 21:07
    
    Java could only be portable if it was OpenSource.. Until SUN gets it to that point, it's up to them only to port it, and everybody knows they won't be able to do it on every platform without any help.. So, indeed java is NOT portable。。。。
    
    Comments
    
    By tedu (66.93.171.98) on 2004-07-09 00:31
    
    java's open source. it's just not free.
By EAN-0x1b (216.190.249.182) on 2004-07-08 20:43

Something to think about while ripping out the DOM stuff - you might want to push it out to the Browser - the Java plugin has access to the complete Browser DOM allowing for things like an early display to cover a larger download in another thread or the ability to move the real time generation of all the sliced and diced views of the rule set off to the Browser - load the entire data set into the browser and have the displayed views calculated at the browser. Cuts down on the times you touch the server side. maybe moc-transactional =)
Thanks - keep up the good work!
I wish Java was good to go on OBSD, and I understand the security concerns so I'm glad FBSD is getting PF!

Latest Articles

Tue, Apr 23
- 05:25 pfctl(8) and systat(8) to display fragment reassembly statistics (0)
Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (11)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]