Difference between revisions of "Setting up an iptables firewall"
(New page: This document consists of two parts. The first is setting up a firewall (using iptables) on the HN, which will restrict traffic to the VEs. The effect would emulate, as far as the VEs and ...) |
|||
| Line 1: | Line 1: | ||
This document consists of two parts. The first is setting up a firewall (using iptables) on the HN, which will restrict traffic to the VEs. The effect would emulate, as far as the VEs and their customers are concerned, an external hardware firewall controlled by the sysadmin. The second is setting up a firewall that protects the HN itself but still allows traffic to the VEs, thus allowing individual VEs to define their own iptables. | This document consists of two parts. The first is setting up a firewall (using iptables) on the HN, which will restrict traffic to the VEs. The effect would emulate, as far as the VEs and their customers are concerned, an external hardware firewall controlled by the sysadmin. The second is setting up a firewall that protects the HN itself but still allows traffic to the VEs, thus allowing individual VEs to define their own iptables. | ||
| − | Setting up a HN-based firewall | + | == Setting up a HN-based firewall == |
| − | Setting up a firewall that allows per-VE configuration | + | == Setting up a firewall that allows per-VE configuration == |
Although it is possible to use iptables within each VE individually, I've not been able to get this to work reliably, but more importantly we simply don't trust our customers to effectively manage their own firewalls and prefer to keep these many firewalls consolidated into one place. As such, this content is missing. You are invited to fill it in, if you get to it before I do. :) | Although it is possible to use iptables within each VE individually, I've not been able to get this to work reliably, but more importantly we simply don't trust our customers to effectively manage their own firewalls and prefer to keep these many firewalls consolidated into one place. As such, this content is missing. You are invited to fill it in, if you get to it before I do. :) | ||
| Line 12: | Line 12: | ||
| − | See Also | + | == See Also == |
| − | + | [[Traffic accounting with iptables]] | |
| + | |||
| + | [[ Category: Networking ]] | ||
| + | [[ Category: Firewalls ]] | ||
Revision as of 15:52, 16 May 2007
This document consists of two parts. The first is setting up a firewall (using iptables) on the HN, which will restrict traffic to the VEs. The effect would emulate, as far as the VEs and their customers are concerned, an external hardware firewall controlled by the sysadmin. The second is setting up a firewall that protects the HN itself but still allows traffic to the VEs, thus allowing individual VEs to define their own iptables.
Setting up a HN-based firewall
Setting up a firewall that allows per-VE configuration
Although it is possible to use iptables within each VE individually, I've not been able to get this to work reliably, but more importantly we simply don't trust our customers to effectively manage their own firewalls and prefer to keep these many firewalls consolidated into one place. As such, this content is missing. You are invited to fill it in, if you get to it before I do. :)
