Contributed by grey on from the pf front ends sure seem to be popular of late dept.
[Editors note: I don't use pf front ends currently, so I can't comment on general usability of one relative to another. That said, at least this one is under a BSD license, and doesn't require Java which may make life more difficult for OpenBSD users. I am intrigued (if that's the right word?) by the apparent popularity of pf front end projects though as this is at least the third such announcement since deadly was reborn as undeadly.]
(Comments are closed)
By StatiK76 (68.145.108.251) on
Comments
By Anonymous Coward (80.65.225.73) on
By Anonymous Coward (66.108.252.16) on
Comments
By Mark Patterson (210.49.99.38) pattersonNOmSPAMark@optusnet.com.au on
Regards,Mark
Comments
By Simon Dassow (193.27.46.2) janus X errornet X de on http://janus.errornet.de
By daniel (217.220.29.251) sandman@mufhd0.net on http://daniel.porgfa.org
you don't like a php frontend? somebody (or you) will write another frontend in another language.. so were is the problem? look for another implementation! :)
d.
Comments
By RC (4.16.254.205) on
Well, it's the problem that everyone writing something that just suits themselves, just makes a situation where everyone has their own that only they use. Not pretty...
Why not have every single person fork OpenBSD, and make their own OS? Re-write everything in java!
What a mess the world of software would be in.
Comments
By Howard Owen (64.121.64.42) hbo@egbok.com on http://egbok.com
But this is only my imagination. The proof of whether a PF front end like that is really better for users, or if a PF front end is really needed at all, will be whether or not one gets widely adopted. Where's the "mess" in that?
Comments
By mike (217.162.138.71) on
By daniel (217.220.29.251) sandman@mufhd0.net on http://daniel.porgfa.org
By kokamomi (217.215.84.114) on
yeah, and while we're at it, why even rely on apache? having your firewall serving web pages is probably a bad idea, and if we're not serving web pages except for this interface, we don't really need an elephant doing it. but i'm sure these people have a good reason for doing what they are doing.
i'd prefer a concise daemon interfacing with pf, serving it's own administration and monitoring pages: i'd say that we would have something for most users... and furthermore, if this interface would focus on how the user perceives his networking context and what he is trying to acheive and what level of involvement he's ready to put in, rather than just be a replacement for your favourite text editor, then i'd say that we are on a good way into mainstream hardware filtering.
pf.conf is far more human readable than iptables etc, but this is probably not simple enough.
so what's a good interface?
1. idiot safe, scenario based configuration view. (do you want to share a connection? do you want to filter external attacs, what's your isp-provided info? does any of your computers act as a server or a p2p client, and wich ones? etc...)
2. possibly an intermediate configuration view: enable dmz, disable ftp-proxy, enable and configure spamd, etc.
3. advanced configuration view, probably editing pf.conf through a text-field would be adequate.
4. help system, drawn from man pages and faq.
5. self contained daemon with minimum privs. integrated tight http-server (based on thttpd, for instance).
6. good monitoring and incident logging
7...
hell, it's probably even worth a commercial pitch. put this a stripped openbsd and this daemon in a small cheapo box with 2+ ethernet jacks and you have a netgear/d-link killer. what do you think?
Comments
By click46 (64.235.239.3) click46@genmay.net on
By johannes (131.130.1.143) on
Thank you!
By daniel (217.220.29.251) sandman@mufhd0.net on http://daniel.porgfa.org
aren't there other ways to do all this stuff from inside the chroot?
how about creating /dev/pf inside chroot and hardlinking pf.conf?
However, keep up the good work! :)
D.
Comments
By Anonymous Coward (193.235.226.2) on