[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD Firewalls

To: "S9" <km@themcminns.com>
Subject: Re: OpenBSD Firewalls
From: Marc Balmer <marc@msys.ch>
Date: Wed, 2 Oct 2002 08:10:13 +0200
Cc: misc@openbsd.org

> IMO, its too much of a security hole to have a
> gui to manage your pf.conf.
>
Why?  We have even developed a special firewall configuration shell,
fwsh, which explicitely allows for the easy template based config of
a firewall/vpn gateway.  It hides most of the pf/isakmpd etc. 
complexity.

Editing the plain configuration file should not be allowed for the 
untrained
user, so I consider a GUI or a shell as a security feature as it 
prevents
the user from entering non-working configuration data, IMHO.

Hiding the complex stuff allows you to install OpenBSD machines in
places where no one has UNIX experience.

- Marc

Follow-Ups:
- Re: OpenBSD Firewalls
  - From: Lars Hansson <lars@unet.net.ph>
- Re: OpenBSD Firewalls
  - From: "S9" <km@themcminns.com>

References:
- Re: OpenBSD Firewalls
  - From: "S9" <km@themcminns.com>

Prev by Date: Re: OpenBSD Firewalls
Next by Date: Re: OpenBSD Firewalls
Prev by thread: Re: OpenBSD Firewalls
Next by thread: Re: OpenBSD Firewalls
Index(es):
- Date
- Thread