[TriLUG] Ideas about centralized managagment iptables via SNMP traps

Chris Hedemark chris at yonderway.com
Tue Mar 19 14:54:21 EST 2002


No thanks.  Sounds too easily exploitable.  The firewall box should be very
paranoid about using external data sources to decide on whether to permit
or deny traffic.

BTW - How many firewalls do you need anyway?  One firewall box can handle
quite a few fast ethernet connections, and T1's are a piece of cake.  I'm
trying to understand your problem better and I'm wondering if the site
really is so large to need so many firewalls or will just one really well
configured firewall fit the bill?

> Looking to get/build a centralized management system for iptables
> firewalls. The very basic idea is to generate SNMP traps and feed them
> to a database. The database could be used to manage iptables rules,
> detect abnormal behavior, give snapshot status of  firewalls.
>
> Any  pointers to software or projects that can do this would be greatly
> appreciated.
> --
> Glen Ford
> gford at idiom.com
> _______________________________________________
> TriLUG mailing list
>    http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>    http://www.trilug.org/~lovelace/faq/TriLUG-faq.html






More information about the TriLUG mailing list