is there already a kind of timeline for the UTM Firewall / Multiwan / VPN part?
I did mention the use like integrating a Windows ERP server as a member server - or like Nethesis does, use the SQL-Server in the commercial “Cube” application that can be found in Software Center…
I agree it’s great, and use NethServer for all my clients and myself.
All in AD mode…
My 2 cents
Sorry but I have to disagree it’s a complete UTM firewall take a look at the common features that Markus linked above
What’s the need, when we have the dedicated Firewall solutions like PFSense , OPNSense etc.
NS8 can and should be developed for the logging, analysis and report generation, which these BSD based firewall distribution is not able to do.
For Example - OPNSense in a small embedded system box, with suricata/snort as IDS/IPS could stream the syslogs to generate the visualization graph
This dashboard shows Firewall and IDS Events along with logs pulled from Graylog. Designed to work with pfsense.
Also the Layer 7 Monitoring, capture and Deep Packet inspection aka nDPI of the NTOP package don’t run efficiently and with limited features in the BSD based Firewall distribution such as PFSense and OPNSense due to technical reason as stated by NTOP
On FreeBSD, the NetFilter framework is not available and nProbe leverages netmap. For this reason, all packets need to be sent to userspace to nProbe. Hence, measured performances are reduced if compared to Linux.
Just my 2 cents…
I quite agree with Alessio and MrMarkuz that the feature list for the NethServer is quite impressive - and the best thing is it almost all works “out of the box” with hardly any clicks…
The most problems are either with a provider-supplied “router” and available technologies, but almost always solveable.
My main issue is with the somewhat limited DNS, otherwise I’m very happy with NethServer!
And I love the vision, work put into by the Devs inth NS8!
Keep up the great work!
My 2 cents
I asked this question privately with @davidep
A simple question, that’s why private message. Is it necessary for the NS 8 to be build for the linux with only init system with systemd. Cannot it be developed with independent of this , whether with systemd, or with runit or sysvnit or openrc.
And his answer
Hi Tejas, about Systemd and NS8, we set Systemd as a requirement because major distributions provide it, it has many features and we feel comfortable with them. It has also some integration with Podman.
If you like this topic, feel free to open a public thread!
I am not an expert but some thinks that the Systemd is actually to commercialize the linux distribution.
I have to agree with @nio707 . I mean, Nethserver 8 could have a Firewall/UTM module for those who need/want it as opposed to make it part of the core if you know what I mean. That way, it would make Nethserver 8.0 extremely modular, let people decide what they want and from what I have seen, you can deploy more nodes as you need to distribute the load.
My only concern really is how difficult making modules will be and just how many modules will be created. With Docker it is very easy there are so many packages and all I need is to build my YML files and deploy. I know there was recently a demo on how to build modules for NS8 but I did arrive a bit late on that one.
Anyway, I think making decoupling the Firewall/UTM from NS8 would be the best approach. I personally use OPNSense and I doubt I will change. If I do change it would be for PFSense. Both of these are specialized Firewall solutions and are great at what they do.
A friend of mine told me about Yunohost.
Might give some ideas for NS-8, especially for a test demo.
So a bit of a delayed reaction… Earlier discussion had mentioned base OSs of Fedora 34 (edit: or 33?) or Debian 11. Now, Debian 11 is still there, but Fedora 34 has been replaced with CentOS 9. With what CentOS used to be, this makes sense; I’m not so sure with what it now is. But is there now (or is there expected to be) a recommended base OS? Or are there others that it’s expected may work, even if they haven’t been tested (much) yet?
Ubuntu is mentioned as an additional alternative at the 11:40 timepoint of the uploaded Youtube video.
I’m expecting we test them all. CentOS Stream 9 was forked from Fedora 34, thus we switched to it to test if it is stable as they claim. Debian has a good reputation about stability, maybe too much: Podman 3.0 is already quite old, but by time our requirements will be less developer oriented.
In the end, no recommendations so far.
I missed this thread, about to post to ask about NS8 progress.
Seems I have some viewing and reading to do.
Right now, I am hoping I will be able to virtualize NS8 as I can NS7, because from a quick browser, seems that NS8 itself will be based on virtualization, which will make it tough to virtualize something that is supposed to be the hypervisor. Pending more reading.
Keep up the good work.
Not really–it’s container-based. Running a Docker host in a VM is trivial; I’m sure that’s equally the case for Podman or K8s. And even their demo (on the video linked up-topic) was using DigitalOcean droplets (i.e., VMs) as nodes.
Yeap, saw that after I posted.
Let’s see then…
Hello, since the new Nethservr 8 works in a cluster like deployment, with multiple Nodes,
would or could the databases also be implemented in a similar manner, like with MariaDB Galera Cluster and Proxy SQL, or that would not be an option, since each app would be its own container, just trying to figure out.
On that note agains, would the database engine, be a single mysql instance, shared accross the apps, or would each app, have its own mariadb intance
It’s up to the developer of the module.
For now we have plans to support replica only for Samba and LDAP.
It depends much on the app itself. There is already mariadb module which can be shared with other apps. Nextcloud, instead, brings its own db.
I agree, and I also say that a primary goal is considering today’s ns7 modules. We have to reach a “feature parity” that allows migrating from ns7 to ns8.
Then new features like DB clustering can feel at home on our new multi-node NS8 core!
Hello Nethserver’s enthusiasts.
As I read the shifting of paradigm, see more security (SELinux and AppArmor) at the core Design, Debian possible, … guy’s you hook me there, and I want to help, as I could with my little knowledge.
Also; in july, we are coming back in Europe, near Lyon, so it will be easier to exchange.
Keep me posted for the next meeting.
A post was split to a new topic: Installing NS8 on Ubuntu
This topic was automatically closed after 11 days. New replies are no longer allowed.