Johannes Graumann wrote: > Hello, > > I'm running shorewall 4.5.5.3 on a debian wheezy server which serves as > the host to a number of lxc containers sequestering services (nginx, > plone, kolab3, ...). > > Http access to the containers is all managed by nginx, but for updates of > e.g. packages the containers also may need direct web access. For debian- > based containers I have solved this issue by installing apt-cache-ng on > the host, rendering the host the repository for all of them and thus > forgoing web access requirements. > > However, the authoritative kolab3 installation requires RH/Centos and > package updates for centos-based containers along with things such as > virus definition pulls by clamav require web access by the container. > > I would like o button this down and restrict those containers to access to > defined URLS only (complicated by the search for the fastest mirror yum > seems to always do). > > I'd appreciate advise on how to adapt the current setup in > /etc/shorewall/rules > HTTP/ACCEPT dmz net > HTTPS/ACCEPT dmz net > along those lines.
Further investigation shows that apt-cache-ng actually also caches *.rpms, implying that the repository question vanishes, while the need for clamav- definition updates etc. persists ... Joh ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
