| Re: Firewall in the VE [message #10090 is a reply to message #10085] |
Thu, 08 February 2007 04:01   |
rickb
Messages: 368
Registered: October 2006
|
Senior Member |
|
|
Hi Argentina. The end result will be the same- the packets filtered by the firewall will not reach your applications.
You can do this on the HN forward table or the VE input table. To me, it only depends where you want logging (if any), where you want to be able to troubleshoot (if the packet is dropped on HN, VE can't troubleshoot it), and security (if your VE is managed by somone else, you want to filter VE traffic without them being able to override).
Hope this points you in the right direction!
Rick Blundell
-------------
Common Terms I post with: http://wiki.openvz.org/Category:Definitions
UBC. Learn it, love it, live it: http://wiki.openvz.org/Proc/user_beancounters
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
