On Sun, Mar 14, 2010 at 11:02:29AM +0500, ???? ??????? wrote: > Hello, > > is there any GUI (like pfsense) around which can be installed on a > clean OpenBSD box (or even two CARP-connected boxes) for pf management > ? > I've found comixwall, but it seems to be dead already.
None that are worth it, imho. If you want to do it right (you wouldn't use OpenBSD if you didn't) then learn pf and understand what you're putting together. It's not hard. In fact, compared to the other *nix firewalling alternatives, it's fucking easy. I've considered long and hard (TWSS) to write my own web interface for pf. The prevailing design philosophies SUCK. If you're going to bother, do it right; proper abstraction of filtering and routing concepts is mandatory if you want to make something easy *and* secure. Why hasn't anyone done it? It's really, really difficult. And most developers that might take a crack at an OpenBSD pf web ui aren't experienced in interface design. I've written a few web applications related to OpenBSD (Hatchet, NetFlow Dashboard, Blogsum). Compared to what a good web engineering team can put out, they suck. But they do an adequate job with the task they're designed to handle. Writing a log filtering interface isn't hard. Writing a NetFlow query interface isn't hard. Writing a blog application isn't hard (unless you're WordPress... then it's just bloated). I'll say it again... writing a good pf web UI is HARD. It's infinitely more complicated and prone to security problems. Reading the pf FAQ and editing pf.conf yourself is easier by geometric proportions. </rant> -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/