Home » Mailing list archives » openbsd-misc » 2010 » March » 14

Re: any web management gui for pf ?

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Jason Dixon
Subject: Re: any web management gui for pf ?
Date: Saturday, March 13, 2010 - 11:39 pm

On Sun, Mar 14, 2010 at 11:02:29AM +0500, ???? ??????? wrote:

None that are worth it, imho.  If you want to do it right (you wouldn't
use OpenBSD if you didn't) then learn pf and understand what you're
putting together.  It's not hard.  In fact, compared to the
other *nix firewalling alternatives, it's fucking easy.

I've considered long and hard (TWSS) to write my own web interface for
pf.  The prevailing design philosophies SUCK.  If you're going to
bother, do it right;  proper abstraction of filtering and routing
concepts is mandatory if you want to make something easy *and* secure.
Why hasn't anyone done it?  It's really, really difficult.  And most
developers that might take a crack at an OpenBSD pf web ui aren't
experienced in interface design.

I've written a few web applications related to OpenBSD (Hatchet,
NetFlow Dashboard, Blogsum).  Compared to what a good web engineering
team can put out, they suck.  But they do an adequate job with the task
they're designed to handle.  Writing a log filtering interface isn't
hard.  Writing a NetFlow query interface isn't hard.  Writing a blog
application isn't hard (unless you're WordPress... then it's just
bloated).

I'll say it again... writing a good pf web UI is HARD.  It's infinitely
more complicated and prone to security problems.  Reading the pf FAQ and
editing pf.conf yourself is easier by geometric proportions.

</rant>

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
any web management gui for pf ?, Илья Шипицин, (Sat Mar 13, 11:02 pm)
Re: any web management gui for pf ?, Jason Dixon, (Sat Mar 13, 11:39 pm)
Re: any web management gui for pf ?, Илья Шипицин, (Sat Mar 13, 11:48 pm)
Re: any web management gui for pf ?, Bret S. Lambert, (Sat Mar 13, 11:59 pm)
Re: any web management gui for pf ?, Илья Шипицин, (Sun Mar 14, 12:05 am)
Re: any web management gui for pf ?, Jason Dixon, (Sun Mar 14, 12:08 am)
Re: any web management gui for pf ?, Илья Шипицин, (Sun Mar 14, 12:12 am)
Re: any web management gui for pf ?, Bret S. Lambert, (Sun Mar 14, 12:14 am)
Re: any web management gui for pf ?, Илья Шипицин, (Sun Mar 14, 12:30 am)
Re: any web management gui for pf ?, Jason Dixon, (Sun Mar 14, 12:32 am)
Re: any web management gui for pf ?, Bret S. Lambert, (Sun Mar 14, 12:35 am)
Re: any web management gui for pf ?, Илья Шипицин, (Sun Mar 14, 12:42 am)
Re: any web management gui for pf ?, Bret S. Lambert, (Sun Mar 14, 12:47 am)
Re: any web management gui for pf ?, Илья Шипицин, (Sun Mar 14, 12:48 am)
Re: any web management gui for pf ?, Daniel Ouellet, (Sun Mar 14, 2:45 am)
Re: any web management gui for pf ?, Илья Шипицин, (Sun Mar 14, 3:35 am)
Re: any web management gui for pf ?, FRLinux, (Sun Mar 14, 5:18 pm)
Re: any web management gui for pf ?, Siju George, (Mon Mar 15, 1:44 am)