Firewall Management

I

IT_Architect

Verified User
Joined
Feb 27, 2006
Messages
1,094
DirectAdmin needs to add firewall management capabilities.
- It makes it easy to see at a glance what rules are.
- Allows changing them without finding and editing a text file.
- Rules can have a user comment, or if left blank, auto-defined by the rule such as "Open tcp ..... and udp ..... between..." or "ABC Domain: Block tcp and udp from ip address ..." That also allows you to keep track of why you closed or opened a port so that later you can see if it still applies.
- As a side benefit, it allows you to block sites by IP for users when they are being harassed by another site, which is another feature that DA needs.
 
needs to is an interesting concept.

Me? I'd rather control my firewall myself, and choose whether I want to use the iptables file, kiss, or apf+bfd to manage netfilter.

And to make it even worse, since Linux, depending on supported version, may have ipchains or iptables installed to manage netfilter, and Unix yet another system, since DA works on different platforms, it would be a bit harder than simple to implement.

Jeff
 
I have to disagree about this - a firewall is not part of the things the control panel needs to manage - which is all about automating common hosting tasks.

A Firewall is surely part of system management, which involves a whole lot more, and is also of a "install it once and don't fiddle with it" type of task. I know Plesk has it, but I never figured out why.

Besides, why a firewall.. why not mod_rewrite, mod_security rule management? php open_basedir management? installed package management? How about a page for xinetd services... the list of things to add is endless, and each one of those is just as vital to a system as a firewall.
 
I would respond by saying that it's not about what belongs where. It's about total cost of ownership. The product that presents the most efficient and consistent interface for web hosters and vendors to use, regardless of skill level, gets the sale. The market has spoken before to this issue and today we have Windows on the desktop.

Concerning Plesk, it's their way of allowing you to block IPs etc., and see at a glance what the settings are when there is a problem. It also allows you to temporarily open something up or close it for testing. cPanel has a method to block IPs also. In both cases, you have a documented list of where things are without being logged into multiple sessions under multiple accounts.

I'm sure that any DA customer would be open to any better ideas of accomplishing the same thing.

It's DA's job to determine product positioning and where it makes the most sense to focus their efforts. I'm simply one of those customers, and a new one I might add. The reason that I am posting now is because after you work with anything for awhile, you become blind to the obstacles that prevent perspective clients from becoming customers. Therefore, for DA's owners, this is the best time for me to voice my thoughts and suggestions.

Thanks!
 
Sorry, but I agree with gbj...firewall is not part of a hosting control panel functionality. It's a system function and one that should be left up to each admin to determine what works best for them.

I use APF...works fine for me, others like KISS...works for them...which is how it should be. There are a lot more other functions that DA should be working on that are specific to webhosting.

Given you're reasoning, why not build BFD support into DA, or mod_security?
 
Finding out what people want is the purpose of a section like this. The input from people who don't want it is every bit as valuable as the ones who do.

Thanks!
 
I don't know how Plesk implements it either, but:

Plesk runs on a rather small set of OS Distributions.

and...

Plesk may simply be giving you a window into the hosts.deny file.

Would you suggest DA give you a window into the hosts.deny file?

That I could go for :) .

Jeff
 
Code: 
cd /usr/local/directadmin/data/templates
cp edit_files.txt custom
cd custom
echo "/etc/hosts.deny=user=root&group=root&permission=644" >> edit_files.txt
Admin Level -> File Editor ;)

John
 
You must log in or register to reply here.
Back
Top