[Users] Re: Firewall on HN or VE?
Suno Ano
suno.ano at sunoano.org
Thu Jul 9 16:50:10 EDT 2009
Greg> Hi, On one server setup with proxmox i intent to have 4 VE (web,
Greg> dns, mysql, mail). I guess i'll have 1 IP for each VE. Concerning
Greg> the firewall i'm thinking of configuring iptables but my concern
Greg> is to do it on HN or on each VE. I'm looking for best way to do
Greg> it so your ideas are more than welcome.
if the VEs can be trusted i.e. you own/run them, then I recommend
putting the filter task on the HN only because it is way easier to
maintain and set up. Here is what I do
http://sunoano.name/ws/public_xhtml/firewall.html#sunos_rule_set_and_how_it_is_applied
As you can see, I like reusable and automatic therefore I wrote myself
packet_filter, a script to feed rules to netfilter/iptables.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
Url : http://openvz.org/pipermail/users/attachments/20090709/7f44a31e/attachment.bin
More information about the Users
mailing list