[Mageia-sysadm] Installing firewall

Olivier Thauvin nanardon at nanardon.zarb.org
Mon Nov 15 20:23:11 CET 2010


* nicolas vigier (boklm at mars-attacks.org) wrote:
> On Mon, 15 Nov 2010, Michael Scherer wrote:
> 
> > Le vendredi 12 novembre 2010 à 18:30 +0100, nicolas vigier a écrit :
> > > Hello,
> > > 
> > > The Mageia packages repository will be stored on valstar. As the
> > > repository will be needed on build nodes, it will have to be either
> > > mirrored or mounted via nfs (readonly). If we use nfs, I think we should
> > > first setup a firewall before installing the nfs server. 
> > 
> > While I agree with the firewall part, NFS and portmap are not really
> > very firewall friendly, as there is ( or used to be ) by default dynamic
> > ports involved. We can fix them of course but this has to be taken in
> > account. 
> > 
> > So wouldn't it be easier to use a simple http source ?
> > This would also open less ports on the firewall, les thing to check and
> > supervise, and less work on writing puppet manifests.
> > 
> > ( and I will not add the fact that I deeply hate nfs for the amount of
> > work it gave me on the Mandriva cluster )
> 
> Yes, using http would be more simple, good idea. Is http sources
> supported in Iurt ?

I don't want to say NFS is wonderfull, but being able launch "rpm -Uvh
libfoo*.rpm" saved my life so many time I really think having the tree
provided by NFS would be an advantage (even ro).

About the firewall part, why not simply allowing everything from ours IP
(the 4 or 5 servers we have) ?
I don't imagine this would be more risky than having php on our
server...

Regards.

-- 

Olivier Thauvin
CNRS  -  LATMOS
♖ ♘ ♗ ♕ ♔ ♗ ♘ ♖
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: </pipermail/mageia-sysadm/attachments/20101115/84dc621c/attachment.asc>


More information about the Mageia-sysadm mailing list