Setting up an iptables firewall

From OpenVZ Virtuozzo Containers Wiki
Revision as of 15:48, 16 May 2007 by HostGIS (talk | contribs) (New page: This document consists of two parts. The first is setting up a firewall (using iptables) on the HN, which will restrict traffic to the VEs. The effect would emulate, as far as the VEs and ...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This document consists of two parts. The first is setting up a firewall (using iptables) on the HN, which will restrict traffic to the VEs. The effect would emulate, as far as the VEs and their customers are concerned, an external hardware firewall controlled by the sysadmin. The second is setting up a firewall that protects the HN itself but still allows traffic to the VEs, thus allowing individual VEs to define their own iptables.

Setting up a HN-based firewall



Setting up a firewall that allows per-VE configuration

Although it is possible to use iptables within each VE individually, I've not been able to get this to work reliably, but more importantly we simply don't trust our customers to effectively manage their own firewalls and prefer to keep these many firewalls consolidated into one place. As such, this content is missing. You are invited to fill it in, if you get to it before I do. :)


See Also

Traffic_accounting_with_iptables

Retrieved from "https://wiki.openvz.org/index.php?title=Setting_up_an_iptables_firewall&oldid=3099"