OpenVZ Forum: Support » iptables in vps or on the host node

Home » General » Support » iptables in vps or on the host node

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

iptables in vps or on the host node [message #2038]

Thu, 16 March 2006 03:28

midair77
Messages: 2
Registered: March 2006

Junior Member

Hi, all. I just started learning how to set up openVZ and it is quite good compared to vserver.

I would like to know where iptables should be set up to provide security for vps. Should I set up iptables invidually for each vps or one iptables in hardware node to cover all?

Please provide some directions.

Thank you for your helps.

Report message to a moderator

Re: iptables in vps or on the host node [message #2041 is a reply to message #2038]

Thu, 16 March 2006 08:17

kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia

Senior Member

You can actually do it both ways. If you want to close some ports for all the VPSs, the best place to do that would be on hardware node itself for obvious reasons (less rules).

If you want to set some VPS-specific rules, you can do it either on the host node or from within a VPS. The major difference here in the second case VPS owner can modify those rules.

Also note that you can not use all of the iptables modules inside a VPS, just some of them which are virtualized. man vzctl should tell you which ones are possible.

Kir Kolyshkin