[Mageia-sysadm] Installing firewall

Fri Nov 12 23:05:04 CET 2010

* nicolas vigier (boklm at mars-attacks.org) wrote:
+> Hello,
+> 
+> The Mageia packages repository will be stored on valstar. As the
+> repository will be needed on build nodes, it will have to be either
+> mirrored or mounted via nfs (readonly). If we use nfs, I think we should
+> first setup a firewall before installing the nfs server. A firewall
+> would also be useful to filter connections to the pgsql/mysql servers,
+> to the build nodes, etc ...
+> 
+> I suggest using shorewall to manage the firewall configuration. Any
+> comment about this ?
+
+I saw you mostly wrote the shorewall, however, I don't like myself
+shroewall. Shorewall is nothing more than a set of scripts over iptables
+and I think it add a useless complexity over this last one.
+
+I widelly prefer to use directly iptables. I believe we are experienced
+enough to write iptables rules ourself.
+
+> 
+> I plan to write a shorewall module in puppet, test it on jonund first,
+> without installing shorewall (only writting the config files), then
+> install shorewall on jonund, and if we didn't lose access to jonund
+> install it on other nodes.
+
+Playing with firewall on computer we can access only by network, woot !
+
+I think access control can be done w/o using iptables.
+
+My 2 cents.
+
+> 
+> Nicolas
+> 
+> _______________________________________________
+> Mageia-sysadm mailing list
+> Mageia-sysadm at mageia.org
+> https://www.mageia.org/mailman/listinfo/mageia-sysadm
+-- 
+
+Olivier Thauvin
+CNRS  -  LATMOS
+♖ ♘ ♗ ♕ ♔ ♗ ♘ ♖
+-------------- next part --------------
+A non-text attachment was scrubbed...
+Name: not available
+Type: application/pgp-signature
+Size: 197 bytes
+Desc: not available
+URL: </pipermail/mageia-sysadm/attachments/20101112/a7099c8b/attachment.asc>
+