On 2011-04-29, Stefan N <stefanbsd...@yahoo.com> wrote: > I would need some suggestions from you. Currently I am setting up OpenBSD > Firewall using PF at my working place. > However, some of my colleagues are not so familiar with the OpenBSD and we > would > like to take turn to do that. I have the intention that I would like to limit > the usage and access the root account. > > I have intention to give them the 'more than enough' access for them to do > daily > administrative tasks as firewall admin like: > 1.View/Configure IP Address, Subnet of network interface,VLAN and CARP > 2.View/Configure default gateway and static route > 3.View/Change the entry of DNS Server IP > 4.Configure Syslog > 5.Add/Remove PF rule > 6.Backup/Restore > 8.Viewing traffic using tcpdump
This sort of menu might make things a little easier but it's not going to make them safer, people can do quite enough damage with just these options. If your colleagues are familiar with cisco-style CLI it might be worth looking at nsh to make it easier for them, but if they're going to have to learn from scratch whatever you do, it's probably more useful to teach them the native tools.
