Re: Which firewall / iptables wrapper script for openvz guest [message #40592 is a reply to message #40580] |
Sat, 04 September 2010 11:02 |
rich
Messages: 1 Registered: September 2010
|
Junior Member |
|
|
http://www.shorewall.net/ is the firewall for Linux. At first it might look scary, but it is really simple to configure and gives you as many or little options as you want. In fact it is IP tables, only it helps you to configure it.
APF is a good start, but in the end to simple. So my opinion is to just skip that and learn shorewall.
BTW, http://www.webmin.net/ has a great module for shorewall to make things easier.
In the VZ documentation and wiki you can see how to enable the needed modules for iptables. To install both Shorewall and webmin inside a VE you can use:
echo "deb [url]http://download.webmin.com/download/repository[/url] sarge contrib" >> /etc/apt/sources.list && cd /root && wget [url]http://www.webmin.com/jcameron-key.asc[/url] && apt-key add jcameron-key.asc && rm /root/jcameron-key.asc && apt-get update && apt-get -y upgrade && apt-get install -y shorewall webmin && rm /webmin-setup.out
If you get problems starting shorewall have a look at /proc/user_beancounters inside VE and if nessecery change the missing resources. Example:
vzctl set 1003 --numiptent $((100*2)):$((100*2)) --save
Prefil using the /proc/user_beancounters numbers (barrier/limit)
echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list && cd /root && wget http://www.webmin.com/jcameron-key.asc && apt-key add jcameron-key.asc && rm /root/jcameron-key.asc && apt-get update && apt-get -y upgrade && apt-get install -y shorewall webmin && rm /webmin-setup.out
[Updated on: Sat, 04 September 2010 11:05] Report message to a moderator
|
|
|