Re: HN iptables blocking http acces [message #13653 is a reply to message #13530] |
Fri, 01 June 2007 07:31  |
rickb
Messages: 368 Registered: October 2006
|
Senior Member |
|
|
yes, agreed. This is how almost every firewall config works. allow a,b,c and disallow d-z. However, if the admin doesn't know what a,b,c are, its not going to work.
so, your question is more of a business logic one, and that is, what services do you want to offer with your vps? Once you know that, create a list of the ports and protocls they use (smtp- 25tcp, dns 53tcp/udp, etc) and create allow rules to pass them through. then, add your reject rule at the end.
bottom line, when you add your reject rule without and allow rules, its like unplugging the network cable. this isn't specific to openvz, its just basic firewall theory.
-------------
Common Terms I post with: http://wiki.openvz.org/Category:Definitions
UBC. Learn it, love it, live it: http://wiki.openvz.org/Proc/user_beancounters
|
|
|