11
edits
Changes
m
→Simple firewall configuration independent to IP addresses: vzfirewall
== Simple firewall configuration independent to IP addresses: vzfirewall ==
''Vzfirewall'' tool allows you to open/close ports for incoming connections with no dependencies to foreign IP addresses. E.g. you may allow a hostname ''release.prod.example.com'' to connect to port 5432 of VE 1234 and leave all other ports closed by modifying 1234.conf file adding multiline ''FIREWALL'' directive into it:
<pre>
Note that it is recommended to use hostnames instead of IP addresses here, so the configuration is persistent fore VE movements to different IP-address.
Vzfirewall and its documentation tool is available at [http://en.dklab.ru/lib/dklab_vzfirewall/ http://en.dklab.ru/lib/dklab_vzfirewall/].
== An alternative from the author of Shorewall ==