Not a feature exactly, just general ideas

Home Page Forums Network Management Request a new feature Not a feature exactly, just general ideas

This topic contains 1 reply, has 0 voices, and was last updated by  dr1 4 years, 5 months ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #44272

    dr1
    Member

    Let me just start by saying I’ve used ZeroShell for about the last 6 years now, and I love it. When I first downloaded ZS I was attraced to all the amazing features that came from the GUI right out of the box. I had NetBalancer , QoS and multiple vpn’s setup in a couple days.. figuring out the firewall/routing rules for NetBalancer alone wouldve taken my brain a painful week. Before using ZS I just used standard linux distros and hand edited all neccassary rules/settings in, for many years.

    The reason I’m posting this is because today, I dont neccassarily find myself doing more complicated things with ZS, less I’d say… however I find myself doing many things that just arent supported by the GUI. In prior days, if this was a GUI, than it was just built on top of standard system, and just added ease of use to my life, there would be no issue. I’d simply have to go back to the console and get it done by hand. In ZS everything is custom. It also behaves like a LiveCD even once installed. This is where frustration comes in… examples:

    :: I wanted to get a home VPN server going again recently. OpenVPN is available on android/iphone now, and its working good. Problem: The mobile apps dont support TAP yet. In all reality this should not be a big deal, but in this case it had me starting off by editing 5+ (if i recall?) custom vpn scripts in ZS. It was a big enough pain that at some point I gave up that course of action, and just wrote a custom script to run an openvpn completely outside the control of ZS.. which of course lost me all the benefits of using ZS, no start/stop control, no client list, etc etc. Not ideal.

    :: I had to add RPZ support to BIND (think dnsmasq). I was able to get away with adding the neccassary line into the Options tab, and then creating a normal zone and using that. But once I decided I wanted to turn off logging for it, I had to track down the named.conf to edit. Which is when I found out the entirety of the named.conf file is created in dns_zoneconfig script.. the entire thing is created with echo commands, even though much of the file will not change, such as the logging parameters. I dont understand why theres not just config files with {PLACE_HOLDERS} where you insert ZS data into.. then you could make the config files editable right in the interface as well.. something as simple as changing a BIND logging parameter should not require editing core scripts.

    :: I have to throw this in here, but.. when I found out my root password is stored in a plaintext file on this system (let alone that someone had found an exploit to get it awhile back) I nearly rm -rf’d the whole thing right there.. lol. That was a little unbelieveable to me.

    Things like the Firewall Rule manager, where I dont think theres a single thing you cant do with it (trapped in the confines of input/output/forward anyways) is what got me using ZeroShell. Theres a GUI option for everything, but most importantly if all else fails you can insert the iptables parameters. In fact if that rule manager for example wasnt there I wouldnt even have tried ZS. But now days im busting through all the cracks in what it cannot do. My /Database directory is starting to look like the actual install of ZeroShell, with custom scripts and such.. lol. Its actually becoming harder to use as is.. which is always the fear of using GUI, that it wont do what you want, nor will it let you. This would be a non issue if the only thing to be done was hand edit some config files in the terminal, but thats not the case currently, its alot more work then that.

    Just my 2 cents. I still love ZS. I’m just writing this because I would like to still be using it in 6 more years.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.