[tech] Firewalling system ideas wanted
Andrew Adamson
bob at ucc.gu.uwa.edu.au
Mon May 15 19:43:34 AWST 2017
Hi All,
This coming weekend we are basically breaking everything, so this is an
opportunity to do it good and properly. I've been thinking about user
friendliness of our firewall (particularly for VM's), and how things would
ideally work versus how they currently do.
At the moment, a lot of users who get a VM can't necessarily do a great
deal with them, because firewalling of their machine is quite obfuscated
to them (unless they are on wheel, and sometimes even then), and it's not
always clear to them why something might not be working. I have a similar
problem learning about mail servers with the UWA firewall - I never know
if it's me or not. The firewall on a VM is something that a user can't
easily inspect, change, or experiment with, because it's on murasoi which
is wheel access only.
To me, the best scenario here is that VM users can easily inspect the
firewall rules on their machine, easily request changes, some trusted
users can easily be given control of their machines firewall, and the
whole lot can be audited/checked/modified by wheel at any time.
Can anyone suggest such a system? Ideally it would have some sort of nice
interface, or proxmox integration. I know proxmox has firewall support but
haven't had a chance to really play with it, plus it would mean splitting
our firewall between murasoi and the cluster. Has anyone tried it before
and have advice/comments? Advice/comments on splitting the firewall? Other
options for a routing box? Thoughts on moving dns onto the routing
machine?
Reply to the list with your 2c!
Andrew Adamson
bob at ucc.asn.au
|"If you can't beat them, join them, and then beat them." |
| ---Peter's Laws |
More information about the tech
mailing list