[Mageia-sysadm] Installing firewall
Olivier Thauvin
nanardon at nanardon.zarb.org
Fri Nov 12 23:05:04 CET 2010
* nicolas vigier (boklm at mars-attacks.org) wrote:
> Hello,
>
> The Mageia packages repository will be stored on valstar. As the
> repository will be needed on build nodes, it will have to be either
> mirrored or mounted via nfs (readonly). If we use nfs, I think we should
> first setup a firewall before installing the nfs server. A firewall
> would also be useful to filter connections to the pgsql/mysql servers,
> to the build nodes, etc ...
>
> I suggest using shorewall to manage the firewall configuration. Any
> comment about this ?
I saw you mostly wrote the shorewall, however, I don't like myself
shroewall. Shorewall is nothing more than a set of scripts over iptables
and I think it add a useless complexity over this last one.
I widelly prefer to use directly iptables. I believe we are experienced
enough to write iptables rules ourself.
>
> I plan to write a shorewall module in puppet, test it on jonund first,
> without installing shorewall (only writting the config files), then
> install shorewall on jonund, and if we didn't lose access to jonund
> install it on other nodes.
Playing with firewall on computer we can access only by network, woot !
I think access control can be done w/o using iptables.
My 2 cents.
>
> Nicolas
>
> _______________________________________________
> Mageia-sysadm mailing list
> Mageia-sysadm at mageia.org
> https://www.mageia.org/mailman/listinfo/mageia-sysadm
--
Olivier Thauvin
CNRS - LATMOS
♖ ♘ ♗ ♕ ♔ ♗ ♘ ♖
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: </pipermail/mageia-sysadm/attachments/20101112/a7099c8b/attachment.asc>
More information about the Mageia-sysadm
mailing list