On 2011-04-29, Stefan N <stefanbsd...@yahoo.com> wrote:
> I would need some suggestions from you. Currently I am setting up OpenBSD 
> Firewall using PF at my working place.
> However, some of my colleagues are not so familiar with the OpenBSD and we 
> would 
> like to take turn to do that. I have the intention that I would like to limit 
> the usage and access the root account.
>
> I have intention to give them the 'more than enough' access for them to do 
> daily 
> administrative tasks as firewall admin like:
> 1.View/Configure IP Address, Subnet of network interface,VLAN and CARP
> 2.View/Configure default gateway and static route
> 3.View/Change the entry of DNS Server IP
> 4.Configure Syslog
> 5.Add/Remove PF rule
> 6.Backup/Restore
> 8.Viewing traffic using tcpdump

This sort of menu might make things a little easier but it's not going
to make them safer, people can do quite enough damage with just these
options.

If your colleagues are familiar with cisco-style CLI it might be
worth looking at nsh to make it easier for them, but if they're going
to have to learn from scratch whatever you do, it's probably more
useful to teach them the native tools.

Reply via email to