|
Re: Firewall in the VE [message #10090 is a reply to message #10085] |
Thu, 08 February 2007 04:01 |
rickb
Messages: 368 Registered: October 2006
|
Senior Member |
|
|
Hi Argentina. The end result will be the same- the packets filtered by the firewall will not reach your applications.
You can do this on the HN forward table or the VE input table. To me, it only depends where you want logging (if any), where you want to be able to troubleshoot (if the packet is dropped on HN, VE can't troubleshoot it), and security (if your VE is managed by somone else, you want to filter VE traffic without them being able to override).
Hope this points you in the right direction!
Rick Blundell
-------------
Common Terms I post with: http://wiki.openvz.org/Category:Definitions
UBC. Learn it, love it, live it: http://wiki.openvz.org/Proc/user_beancounters
|
|
|
Re: Firewall in the VE [message #10094 is a reply to message #10085] |
Thu, 08 February 2007 07:23 |
stoffell
Messages: 16 Registered: February 2007 Location: Belgium
|
Junior Member |
|
|
You could use a simple setup of shorewall to do some basic firewalling, at least it makes it easier to change rules. So even when you set it up on each VE it's pretty manageable and consistent across VE's..
cheers
|
|
|