Greg> Hi, On one server setup with proxmox i intent to have 4 VE (web, Greg> dns, mysql, mail). I guess i'll have 1 IP for each VE. Concerning Greg> the firewall i'm thinking of configuring iptables but my concern Greg> is to do it on HN or on each VE. I'm looking for best way to do Greg> it so your ideas are more than welcome.
if the VEs can be trusted i.e. you own/run them, then I recommend putting the filter task on the HN only because it is way easier to maintain and set up. Here is what I do http://sunoano.name/ws/public_xhtml/firewall.html#sunos_rule_set_and_how_it_is_applied As you can see, I like reusable and automatic therefore I wrote myself packet_filter, a script to feed rules to netfilter/iptables.
pgpOzPHoT6rb8.pgp
Description: PGP signature
_______________________________________________ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users