I’m very much enjoying my current deployment of Zeroshell. In my case I’m balancing other admins zero-shell use with my rather more shell-inclined use (i.e. I’m happy to use the shell to determine, e.g., the ebtables commands required in my deployment).
One feature I’d like to see would be integration of ipsets:
(1) So that firewall and QoS classification iptables rules can use ipset targets (MAC / IP / I don’t mind!),
(2) So that addresses can be added and removed from ipsets via the web.
I realise that doing a general web interface to iptables is tricky!
Say one needed to classify around ~100 IP addresses into a particular QoS class. This has two problems:
(a) While a linear scan of that order of magnitude will work OK, the actual data need (in the IP case at least) really should be more like O(1) than O(n) in terms of computational cost.
(b) The web interface becomes cluttered with rule instances, where the separate rules are really all about the same set of things (although in this case I’ve just SSHed to the Zeroshell instance and run the shell-side versions of the web form submit functions in an automated fashion).