By Manny Fernandez

March 5, 2019

IPTable Firewall GUI

In 2000, I started a company named ITsecur. We created a Linux based firewall running the following:

IPTables – Firewall
In-line Snort – IDS/IPS
StrongSWAN – IPsec VPN (mostly site-to-site)
OpenVPN – Remote Access VPN and Site-to-Site VPN
Dan’s Guardian – Web Content
SQUID – Proxy Services
SPAM Assassin – AntiSPAM
Zebra – Routing
Webmin – Management GUI

It was a very enjoyable time for me because we were creating something that very few were doing at the time; Managed Security Services. We bought some headless boxes out of China through a company named Nexcom. There were two different versions (Rack mountable and desktop). We had a sticker created with the TM’d name ’Safe-T-Net’.

What we did for this project was to get the best of Checkpoint, Cisco, and other firewalls (including Fortigate) that were prevalent at the time. After selling the company, I opened up the webmin module to the world. It is available on the Webmin website under third-party modules. You can run it today.

Disabling, Deleting FWD and installing IPTables

Stop the Firewall
systemctl stop firewalld

Disable the firewall
systemctl disable firewalld

Check Status
systemctl status firewalld

 

Installing Webmin on CentOS

sudo vi /etc/yum.repos.d/webmin.repo
[Webmin] 
name=Webmin Distribution 
Neutral#baseurl=https://download.webmin.com/download/yummirrorlist=https://download.webmin.com/download/yum/mirrorlistenabled=1
sudo rpm --import http://www.webmin.com/jcameron-key.asc

Now you can log into the Linux box by browsing to https://%your-ip%:10000. (That is :10000 at the end)

Firewall Configuration

First things first. By selecting the ‘gear’ icon on the top left of the module, you will see the following:

Here you can define if the firewall will be part of the ‘any` rules. That is, if you define a rule that says permit ssh to any, without selecting this, it would include the firewall. Additionally, you can set:

Autobackup Directory – Where on the FW HDD do you want to store the backup configs
Ask for confirmation – When saving rule changes, it would ask you ‘are you sure’ by default.
Logs to show – How many logs will be displayed (similar to pager command in Cisco)
Seconds between refresh – Refresh rate for the logs
From address – Who the emails will come to you from

Here is the main screen. It will give you access to the main functions of the firewall. Policies (or rules), Service Objects, Hosts and Networks, Logging, NATing etc.

Under the firewall rules, you will see the concept, familiar with Fortigate’s today, of the matching interfaces. From here, you can choose existing address objects or create new ones on the fly. You can choose services, if you want to log, and the position of the rules.

Under the Hosts and Networks, you can create a name for a group and selct the addresses that will be part of the group or just add one address/network. You can also do ‘negate’ which will mean anything except what is negated.

Here you can define the NATs and even the ‘no nat’ between certain networks.

For role based access control, you can create a user and give them access to any portion of the firewall config. Also the ‘trusted hosts’ (again, similar to Fortigates).

Under the ‘backup configuration’ you can schedule a backup, send it via FTP, send it via email and save it locally. You can choose any part of the configuration. It also has the ability to password protect the backup.

You can set up a Linux box running Webmin and point the firewalls to it. This will include changes made to rules and who made them among other things.

The restore functionality, allows you to restore all or partial portions of the firewall.

Under the services tab, you can choose from a myriad of pre-defined services or create your own.

Finally, some basic DoS mitigation.

To get the module, go to the following link and choose the following:

Updated Link to Download the module

I hope this helps out.

Recent posts

  • If you've spent any time configuring user authentication on... Full Story

  • DNS is one of those technologies that quietly underpins... Full Story

  • BGP issues on FortiGate firewalls usually trace back to... Full Story

  • Every time your laptop talks to your router, a... Full Story

  • If you've spent any time configuring NAT on a... Full Story

  • If you have spent any time configuring firewall policies... Full Story

  • High availability on FortiGate is one of those features... Full Story

  • If you've configured SD-WAN on a FortiGate, you've almost... Full Story

  • FortiLink is the management protocol that turns a FortiSwitch... Full Story

  • FortiSwitches are pretty rock solid from Mean Time Between... Full Story

  • This is a quicky tip.  Have you ever gone... Full Story

  • DNS is one of those quiet pieces of internet... Full Story

  • This article is an updated version of the previous... Full Story

  • You will add ns2 as a secondary (slave) BIND9... Full Story

  • In the process of deploying my lab, I needed... Full Story

  • RFC 8805, used to be known as Self-Correcting IP... Full Story

  • Years back, I wrote an article about certificate pinning. ... Full Story

  • FortiGates have the ability to send alerts to Microsoft... Full Story

  • In this post, I am going to walk through... Full Story

  • Troubleshooting VoIP on a FortiGate can feel like trying... Full Story

  • Prior to FortiOS 7.0, there were three commands to... Full Story

  • In this post, I am going to go over... Full Story

  • What we are going to do:  We are going... Full Story

  • Choosing between FGCP (FortiGate Clustering Protocol) and FGSP (FortiGate... Full Story

  • Creating a VLAN on macOS (The "Pro" Move) A... Full Story

  • This blog post explores the logic behind how macOS... Full Story

  • Pretty Fly for a Wi-Fi Tell My Wi-Fi Love... Full Story

  • Part of my daily gig is creating BoMs (Bill-of-Materials)... Full Story

  • ICMP introduces several security risks, but careful filtering, rate... Full Story

  • The command diag debug application dhcps -1 enables full... Full Story

  • In the world of FortiOS, execute tac report is... Full Story

  • LLDP; What is it The Link Layer Discovery Protocol... Full Story

  • What it actually does When you run diagnose fdsm... Full Story

  • Monkey Bites are bite-sized, high-impact security insights designed for... Full Story

  • I have run macOS in macOS with Parallels but... Full Story

  • Don't be confused with my other FortiNAC posts where... Full Story

  • This is the third session in a multi-part article... Full Story

  • Today I was configuring key-based authentication on a FortiGate... Full Story

  • Netcat, often called the "Swiss Army knife" of networking,... Full Story

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story

  • 1. High-Level Overview The FortiGate Wireless Intrusion Detection System... Full Story

  • What MIMO Actually Does Multiple Input, Multiple Output (MIMO)... Full Story

  • A practitioner's tour of the diagnose, test, and fnsysctl... Full Story