In my current job (that I haven't discussed yet), I and my boss (and company owner) were having a discussion about how server management, specifically speaking about IPTables rules. You must know he is 100% in love of ClearOS (a RedHat fork, just like CentOS). ClearOS uses a web UI to manage almost everything. In this little post, I will try to explain my points of view why we have to give up the IPTables frontend of ClearOS and go to a better and more professional solution.
ClearOS is very easy to use, almost any Linux newbie could start managing his server, but in my humble opinion, there is a price to pay. As you start getting knowledge (IPTables in this case), you will realize that the basic UI is not enough. ClearOS has an advanced IPTables interface (I have tested ClearOS 6 only), but using that interface and doing manual IPTables managing from the CLI is literally the same. The interface is just a text field where you can input the IPTables command.
Using any of the ClearOS interfaces is okay if you don't manage multiple servers or you don't need any complex rules. But you will see that complex scenarios require an advanced tool. Some scenarios could be:
- where you manage multiple servers that inter-relate each other (let's say a cluster for example),
- where you have different interfaces and the traffic allowed on each one is very different (let's say a layer-two VPN), or
- where you manage many servers and need to review in what server you are allowing or banishing a specific IP
I want you to introduce Firewall Builder. I usually don't use GUI's, but I am doing an exception with this tool. Firewall Builder will allow you to manage as many rules as you want in as many servers you want. Currently, I am managing no less than 20 servers with it. I can drag objects into the interface and when I modify an object (let's say a user changes his IP), then the tool will show me what servers need a rule push.
One of the things I love from Firewall Builder is the shadowing detect capability. It is very common when you have many rules that one rule allows what other rejects. Firewall Builder let' s you detect this issue before pushing the rules.
Firewall Builder lets me focus on the rule management, and of course, you will learn how to build complex rules as well.
Enjoyblog comments powered by Disqus