Difference between revisions of "Talk:Setting up an iptables firewall"
|  (→Hardware Firewall mode not working:  new section) |  (→Firewall rules in the wrong order?:  new section) | ||
| Line 8: | Line 8: | ||
| Basically with firewall activated the transaction time is around 48 seconds, with firewall deactivated about 0,700 seconds. | Basically with firewall activated the transaction time is around 48 seconds, with firewall deactivated about 0,700 seconds. | ||
| What on earth could possible be the cause? The FORWARD rule is that bad on VZ? | What on earth could possible be the cause? The FORWARD rule is that bad on VZ? | ||
| + | |||
| + | == Firewall rules in the wrong order? == | ||
| + | |||
| + | I've been using the firewall script for a while and it works great. That is until I tried to ban an IP address, and it didn't work. | ||
| + | |||
| + | I'm not an iptables expert, so was a bit wary about messing around too much, but my theory is all the iptables -I (insert) should be iptables -A (append), which has the effect of running the rules in the oposite order to intended. This means the source I wanted to block was matching an OKPORT before getting to the BANNED section. | ||
| + | |||
| + | In fact to fix my problem I just moved the BANNED section between the DMZS and OKPORTS, which had the desired effect. | ||
| + | |||
| + | I'd love to see anyone's comments. [[User:Robferrer|Robferrer]] ([[User talk:Robferrer|talk]]) 07:16, 14 June 2013 (EDT) | ||
Latest revision as of 11:16, 14 June 2013
The directions on this page for Container based firewalling didn't work for me at all. However the Article at the Parallels Virtuozzo Knowledgebase regarding this issue worked perfectly. URL: http://kb.parallels.com/en/746
Hardware Firewall mode not working[edit]
I have tried step by step to enable a hardware lie firewall but i have big issues with existing virtual server that acts as a mailserver. Basically with firewall activated the transaction time is around 48 seconds, with firewall deactivated about 0,700 seconds. What on earth could possible be the cause? The FORWARD rule is that bad on VZ?
Firewall rules in the wrong order?[edit]
I've been using the firewall script for a while and it works great. That is until I tried to ban an IP address, and it didn't work.
I'm not an iptables expert, so was a bit wary about messing around too much, but my theory is all the iptables -I (insert) should be iptables -A (append), which has the effect of running the rules in the oposite order to intended. This means the source I wanted to block was matching an OKPORT before getting to the BANNED section.
In fact to fix my problem I just moved the BANNED section between the DMZS and OKPORTS, which had the desired effect.
I'd love to see anyone's comments. Robferrer (talk) 07:16, 14 June 2013 (EDT)
