On 4/28/11 7:52 PM, Stefan N wrote:
Hi All,
I would need some suggestions from you. Currently I am setting up OpenBSD
Firewall using PF at my working place.
However, some of my colleagues are not so familiar with the OpenBSD and we would
like to take turn to do that. I have the intention that I would like to limit
the usage and access the root account.
I have intention to give them the 'more than enough' access for them to do daily
administrative tasks as firewall admin like:
1.View/Configure IP Address, Subnet of network interface,VLAN and CARP
2.View/Configure default gateway and static route
3.View/Change the entry of DNS Server IP
4.Configure Syslog
5.Add/Remove PF rule
6.Backup/Restore
8.Viewing traffic using tcpdump
Is that possible to make some CLI Menu which will appear to the fw admin after
the login as long as they can do their job.
Example:
OpenBSD/i386
login:bob
password:xxxxxxxx
Please select the task below:
1>View/Configure IP Address, Subnet of network interface,VLAN and CARP
2>View/Configure default gateway and static route
3>View/Change the entry of DNS Server IP
4>Configure Syslog
5>Add/Remove PF rule
6>Backup/Restore
7>Viewing traffic using tcpdump
8>Logout
Or is there a better way to limit the usage and access of root account by fw
admin?
My intention is: I would like to give enough access for the fw admin to do their
job using a simple way.
Thank you in advance.
Regards,
Stefan
If you are new to pf - try pfsense.org - although that's based on
FreeBSD. It has nice web GUI and gobs of functionality.
mehma
