Basic Firewall in Directadmin
- Thread starter walo
- Start date
I should recommend CSF/LFD instead of APF/BFD. Since you have also a nice webinterface into DA with CSF/LFD.
I like it more when CSF/LFD will be default installed.
Maybe we can make a poll?
LawsHosting
Verified User
A Control Panel should control website stuff (apache, exim, mysql, bind, etc) and the systems admin should control the system at system level (SSH).... Thats my opinion anyway.
Exactly, but some customers that having a dedicated don't have knownledge about SSH, so then they can easy use the webinterface to manage the firewall.
LawsHosting
Verified User
Then they shouldn't have a dedicated server if they can't/don't understand Linux/etc..... Harsh I know.......
Besides, what walo suggested can be managed in webmin (free!) anyway..... which I have running side-by-side on my servers.....
walo
Verified User
- Joined
- Mar 19, 2005
- Messages
- 156
No everything is web in a control panel. ftp, email, dns, sql, are noe web staff. a control panel is a gui for the server administration.
But APF if not part of directadmin
LawsHosting
Verified User
Really? Name one control panel that lets you update & compile programs - to me thats server administration.
Besides, you need to use SSH to install control panels initially anyway.
Last edited:
walo
Verified User
- Joined
- Mar 19, 2005
- Messages
- 156
You mean: "This is totally not needed FOR ME"
Last edited:
LawsHosting
Verified User
This is the last reply from me....
DA is meant to administrate websites for our customers, that's its main purpose (personal opinion).... Yes, it has a few extra quirks for admins, like: mail queue, system backup, DA update page, top, custom apache config options, etc....
Of course, an IPTables option in DA could be useful, but to who? Not your customers - for admins, yes - and if you're an admin, then you have to know (a moderate amount of) Linux, bash, etc to start with........
As I said (webmin), theres other programs out there to help administrate at the system level, who have limited knowledge, which works perfectly along side DA - of course, you need to be careful about using webmin to edit stuff that DA uses.
Sorry that this thread has gone off topic.......
DA is meant to administrate websites for our customers, that's its main purpose (personal opinion).... Yes, it has a few extra quirks for admins, like: mail queue, system backup, DA update page, top, custom apache config options, etc....
Of course, an IPTables option in DA could be useful, but to who? Not your customers - for admins, yes - and if you're an admin, then you have to know (a moderate amount of) Linux, bash, etc to start with........
As I said (webmin), theres other programs out there to help administrate at the system level, who have limited knowledge, which works perfectly along side DA - of course, you need to be careful about using webmin to edit stuff that DA uses.
Sorry that this thread has gone off topic.......
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Just to point out again: FreeBSD and Linux have different firewall systems. To include a firewall in DirectAdmin, it would have to be written to create a generic file, and then there'd have to be separate code for converting the code to either iptables or (I believe IPFW) for FreeBSD.
Jeff
Jeff
scsi
Verified User
- Joined
- Aug 19, 2008
- Messages
- 4,569
Guess he wants an all in one solution so he doesnt have to learn how to properly administer a server via ssh. Once you get a good ruleset you shouldnt be needing to change it much anyways. If you **** up a rule you are still gonna lock yourself out of your server. So whats the point just so you can have a nice gui to do it from instead of doing it from ssh like you should be? So just use webmin ontop of directadmin if you want that. I dont want directadmin to be another cpanel with a bunch of bull**** that is not needed and makes it bloatware.
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Of course, scsi, one advantage of having it in DirectAdmin, is that with enough intelligence it could keep us from making that dumb mistake that might cause us to look ourselves out of the server.
I agree that DirectAdmin doesn't need it, and the good folk at JBMC, publishers of DirectAdmin must as well, since they haven't responded.
Jeff
I agree that DirectAdmin doesn't need it, and the good folk at JBMC, publishers of DirectAdmin must as well, since they haven't responded.
Jeff
I agree with others that this does not belong in DirectAdmin.
For one, because DirectAdmin should focus on excelling at what it does -- automation tasks and features for resellers/users, not the system administrator.
Second, DirectAdmin runs on Linux and FreeBSD which would have completely different firewall implementations.
There's no reason why 3rd party developers can't write a plugin for DA that can do this - if you want it, write it or pay someone to write it for you
For one, because DirectAdmin should focus on excelling at what it does -- automation tasks and features for resellers/users, not the system administrator.
Second, DirectAdmin runs on Linux and FreeBSD which would have completely different firewall implementations.
There's no reason why 3rd party developers can't write a plugin for DA that can do this - if you want it, write it or pay someone to write it for you
LawsHosting
Verified User
- Joined
- Feb 27, 2003
- Messages
- 8,509
Hello,
Regarding firewalls, we need to draw a line at some point where the scope of DirectAdmin stops. With our current model, firewalls are past that line. When it comes to one-time installations of things that don't scale with more Users, we tend to leave that to the system administrator. DirectAdmin is designed to automate the tasks required to add/manage users and domains on a webserver. I'm sure there are some exceptions to that rule, but at this time, firewalls are not one of them. Other one-time setups might be a root kit, or even a security guard with a rifle standing in front of your server... they're just out of the scope of DA.
Regarding the other request you've linked to, adding email to a subdomain will use all of the resource of a full domain anyway. If you want to allow them to create emails on their subdomains, simply allocate them more domains, and they can create a full new domain called sub.domain.com. It's not a workaround, it's how it's done.
John
Regarding firewalls, we need to draw a line at some point where the scope of DirectAdmin stops. With our current model, firewalls are past that line. When it comes to one-time installations of things that don't scale with more Users, we tend to leave that to the system administrator. DirectAdmin is designed to automate the tasks required to add/manage users and domains on a webserver. I'm sure there are some exceptions to that rule, but at this time, firewalls are not one of them. Other one-time setups might be a root kit, or even a security guard with a rifle standing in front of your server... they're just out of the scope of DA.
Regarding the other request you've linked to, adding email to a subdomain will use all of the resource of a full domain anyway. If you want to allow them to create emails on their subdomains, simply allocate them more domains, and they can create a full new domain called sub.domain.com. It's not a workaround, it's how it's done.
John