Firewall UI for policy rules


(Alessio Fattorini) #21

It’s not just a question about “fake NethServer”. yes, we have to improve it with many features by web interface but I don’t like exploding NethServer with zillions of confusing settings, we’d rather have sensible out-of-box defaults that work for 90% of users and can be tweaked. But in some cases the needs are so divergent that a new setting must be added. This should be a method of last resort in my opinion. Don’t you think?
We have discussed it in many topics, for example:


How about we move forward there?


#22

In what showing all the rules will add complexity?

It will add informations to display, it will add transparency about the configuration… But complexity, no.


(Gabriel GHEORGHIU) #23

Sorry for “fake NethServer”. Is not about the meaning of “fake”.
In that moment I didn’t find a word for “not fully functional NethServer”! Neither now! :grin:

It’s OK for me but I maintain my opinions! :wink:

The sysadmin, by definition, must do everything. It is her/his job!
Why do you think that a sysadmin can damage a server only from GUI and from CLI cannot?
Why somebody who is not sysadmin can reach the NS settings?
The users have their own GUI, without interfere with NS settings.


(Stéphane de Labrusse) #24

That’s sound me something : NethSever-HijackSettings :slight_smile:

The purpose will be to bring to light all hidden settings, but the module whose purpose is to parameterize all services will be quickly a giant octopus :frowning:


(Gabriel GHEORGHIU) #25

You are right. But others did it! We compare NS with others. From where? From what? Which is the “level” from where we will start to compare?

I like to compare NethServer with Sophos and Endian as UTM and with Zentyal as Email server and DC.


(Francenildo) #26

This policy-based routing is running perfectly. Approved!