LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

[lvs-users] Re : Re : IPVS and IPTABLES firewall

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: [lvs-users] Re : Re : IPVS and IPTABLES firewall
From: w y <yaw55555@xxxxxxxx>
Date: Wed, 15 Apr 2009 08:57:38 +0000 (GMT)
Hello Graeme,
I agree with your  proposition ...

But now,  I am wondering if my way of firewalling is the good one : by default, 
everything is forbidden . And after, I open explicitly the ports  I want to 
open ...

Yann



________________________________
De : Graeme Fowler <graeme@xxxxxxxxxxx>
À : LinuxVirtualServer.org users mailing list. 
<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Envoyé le : Mardi, 14 Avril 2009, 19h43mn 36s
Objet : Re: [lvs-users] Re : IPVS and IPTABLES firewall

On Tue, 2009-04-14 at 13:16 +0000, w y wrote:
> Does it mean that I am completely wrong when I try to do "high level" 
> firewalling (open or close some ports) ? 

No.

Start with an empty rule set. Add a rule. If the traffic flows, add more
rules until it stops and then see which rule caused the breakage.

This is pretty basic, I'm afraid - never try to do everything at once,
because you'll have no clarity at all as to the aource or cause of your
problem.

Graeme


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users



      
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>