Hello, I'm running shorewall 4.5.5.3 on a debian wheezy server which serves as the host to a number of lxc containers sequestering services (nginx, plone, kolab3, ...).
Http access to the containers is all managed by nginx, but for updates of e.g. packages the containers also may need direct web access. For debian- based containers I have solved this issue by installing apt-cache-ng on the host, rendering the host the repository for all of them and thus forgoing web access requirements. However, the authoritative kolab3 installation requires RH/Centos and package updates for centos-based containers along with things such as virus definition pulls by clamav require web access by the container. I would like o button this down and restrict those containers to access to defined URLS only (complicated by the search for the fastest mirror yum seems to always do). I'd appreciate advise on how to adapt the current setup in /etc/shorewall/rules HTTP/ACCEPT dmz net HTTPS/ACCEPT dmz net along those lines. Thank you for your consideration. Sincerely, Joh ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
