OpenVZ Forum


Home » General » Support » Which firewall / iptables wrapper script for openvz guest
Which firewall / iptables wrapper script for openvz guest [message #40580] Thu, 02 September 2010 17:04 Go to next message
zoolander is currently offline  zoolander
Messages: 1
Registered: September 2010
Junior Member
Hello Forum,

I recently ordered a small vserver with openvz guest running on ubuntu 10.04.

Now I want to install a "firewall" on the openvz guest.

I know that I can do that with iptables commands.

But there are also some wrapper script which make the configuration less difficult.

From googling i know that ufw for example won't work since it needs some kernel modules that are available on openvz guest.

Other tools I found:

afp
FireHOL
Arno Iptables

Which one of them can be used on a openvz guest? Which one are you using?

Waiting for your feedback.

Thanks

Zoolander

Report message to a moderator

Re: Which firewall / iptables wrapper script for openvz guest [message #40592 is a reply to message #40580] Sat, 04 September 2010 11:02 Go to previous messageGo to next message
rich
Messages: 1
Registered: September 2010
Junior Member
http://www.shorewall.net/ is the firewall for Linux. At first it might look scary, but it is really simple to configure and gives you as many or little options as you want. In fact it is IP tables, only it helps you to configure it.

APF is a good start, but in the end to simple. So my opinion is to just skip that and learn shorewall.

BTW, http://www.webmin.net/ has a great module for shorewall to make things easier.

In the VZ documentation and wiki you can see how to enable the needed modules for iptables. To install both Shorewall and webmin inside a VE you can use:

echo "deb [url]http://download.webmin.com/download/repository[/url] sarge contrib" >> /etc/apt/sources.list && cd /root && wget [url]http://www.webmin.com/jcameron-key.asc[/url] && apt-key add jcameron-key.asc && rm /root/jcameron-key.asc && apt-get update && apt-get -y upgrade && apt-get install -y shorewall webmin && rm /webmin-setup.out


If you get problems starting shorewall have a look at /proc/user_beancounters inside VE and if nessecery change the missing resources. Example:

vzctl set 1003 --numiptent $((100*2)):$((100*2)) --save

Prefil using the /proc/user_beancounters numbers (barrier/limit)

echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list && cd /root && wget http://www.webmin.com/jcameron-key.asc && apt-key add jcameron-key.asc && rm /root/jcameron-key.asc && apt-get update && apt-get -y upgrade && apt-get install -y shorewall webmin && rm /webmin-setup.out

[Updated on: Sat, 04 September 2010 11:05]

Report message to a moderator

Re: Which firewall / iptables wrapper script for openvz guest [message #40615 is a reply to message #40580] Mon, 06 September 2010 08:17 Go to previous message
TheStig is currently offline  TheStig
Messages: 94
Registered: December 2008
Member
here are two simple iptables-scripts contributed by openvz-users. can't of course guarantee that they will work for you.

http://forum.openvz.org/index.php?t=msg&goto=35002&& amp;srch=firewall#msg_35002

Report message to a moderator

Previous Topic: Problem with openvps VPS
Next Topic: Mount Remote Drive
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Mon Jul 15 14:46:25 GMT 2024

Total time taken to generate the page: 0.02439 seconds
Powered by FUDforum Powered by Virtuozzo Containers