[Mageia-sysadm] Installing firewall
Michael Scherer
misc at zarb.org
Mon Nov 15 01:47:23 CET 2010
Le vendredi 12 novembre 2010 à 18:30 +0100, nicolas vigier a écrit :
> Hello,
>
> The Mageia packages repository will be stored on valstar. As the
> repository will be needed on build nodes, it will have to be either
> mirrored or mounted via nfs (readonly). If we use nfs, I think we should
> first setup a firewall before installing the nfs server. A firewall
> would also be useful to filter connections to the pgsql/mysql servers,
> to the build nodes, etc ...
>
> I suggest using shorewall to manage the firewall configuration. Any
> comment about this ?
I would rather prefer something a little bit higher level, but that's ok
for a start. Having a good abstraction ( like some puppet class ) would
be nice. We could also take a look at exported ressources too
( http://projects.puppetlabs.com/projects/1/wiki/Exported_Resources ),
so we could say "allow postgresql connexion from server running this
class"
> I plan to write a shorewall module in puppet, test it on jonund first,
> without installing shorewall (only writting the config files), then
> install shorewall on jonund, and if we didn't lose access to jonund
> install it on other nodes.
Technically, using puppet allow us to test on VM without much problem.
And in fact, I would strongly suggest using VMs rather than our servers
because this allow us to catch some stupid errors in the manifest that
could help us in case of disaster recovery, or computer duplication. Not
to mention than testing on production servers is not a good idea ( even
if I suppose we all do this ).
--
Michael Scherer
More information about the Mageia-sysadm
mailing list