From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001
From: Nicolas Vigier <boklm@mageia.org>
Date: Sun, 14 Apr 2013 13:46:12 +0000
Subject: Add zarb MLs html archives

---
 zarb-ml/mageia-sysadm/2010-November/000521.html | 109 ++++++++++++++++++++++++
 1 file changed, 109 insertions(+)
 create mode 100644 zarb-ml/mageia-sysadm/2010-November/000521.html

(limited to 'zarb-ml/mageia-sysadm/2010-November/000521.html')

diff --git a/zarb-ml/mageia-sysadm/2010-November/000521.html b/zarb-ml/mageia-sysadm/2010-November/000521.html
new file mode 100644
index 000000000..a5d64f78d
--- /dev/null
+++ b/zarb-ml/mageia-sysadm/2010-November/000521.html
@@ -0,0 +1,109 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+ <HEAD>
+   <TITLE> [Mageia-sysadm] Installing firewall
+   </TITLE>
+   <LINK REL="Index" HREF="index.html" >
+   <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Installing%20firewall&In-Reply-To=%3C20101113001232.GF21938%40mars-attacks.org%3E">
+   <META NAME="robots" CONTENT="index,nofollow">
+   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+   <LINK REL="Previous"  HREF="000522.html">
+   <LINK REL="Next"  HREF="000527.html">
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+   <H1>[Mageia-sysadm] Installing firewall</H1>
+    <B>nicolas vigier</B> 
+    <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Installing%20firewall&In-Reply-To=%3C20101113001232.GF21938%40mars-attacks.org%3E"
+       TITLE="[Mageia-sysadm] Installing firewall">boklm at mars-attacks.org
+       </A><BR>
+    <I>Sat Nov 13 01:12:33 CET 2010</I>
+    <P><UL>
+        <LI>Previous message: <A HREF="000522.html">[Mageia-sysadm] Installing firewall
+</A></li>
+        <LI>Next message: <A HREF="000527.html">[Mageia-sysadm] Installing firewall
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#521">[ date ]</a>
+              <a href="thread.html#521">[ thread ]</a>
+              <a href="subject.html#521">[ subject ]</a>
+              <a href="author.html#521">[ author ]</a>
+         </LI>
+       </UL>
+    <HR>  
+<!--beginarticle-->
+<PRE>On Fri, 12 Nov 2010, Olivier Thauvin wrote:
+
+&gt;<i> * nicolas vigier (<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">boklm at mars-attacks.org</A>) wrote:
+</I>&gt;<i> &gt; Hello,
+</I>&gt;<i> &gt; 
+</I>&gt;<i> &gt; The Mageia packages repository will be stored on valstar. As the
+</I>&gt;<i> &gt; repository will be needed on build nodes, it will have to be either
+</I>&gt;<i> &gt; mirrored or mounted via nfs (readonly). If we use nfs, I think we should
+</I>&gt;<i> &gt; first setup a firewall before installing the nfs server. A firewall
+</I>&gt;<i> &gt; would also be useful to filter connections to the pgsql/mysql servers,
+</I>&gt;<i> &gt; to the build nodes, etc ...
+</I>&gt;<i> &gt; 
+</I>&gt;<i> &gt; I suggest using shorewall to manage the firewall configuration. Any
+</I>&gt;<i> &gt; comment about this ?
+</I>&gt;<i> 
+</I>&gt;<i> I saw you mostly wrote the shorewall, however, I don't like myself
+</I>&gt;<i> shroewall. Shorewall is nothing more than a set of scripts over iptables
+</I>&gt;<i> and I think it add a useless complexity over this last one.
+</I>&gt;<i> 
+</I>&gt;<i> I widelly prefer to use directly iptables. I believe we are experienced
+</I>&gt;<i> enough to write iptables rules ourself.
+</I>
+For me, using shorewall is much more simple than writting iptables
+rules directly. I always forget iptables parameters, while shorewall
+rules are very simple. I don't know if managing iptables rules in puppet
+for different hosts would be as simple.
+
+&gt;<i> 
+</I>&gt;<i> &gt; 
+</I>&gt;<i> &gt; I plan to write a shorewall module in puppet, test it on jonund first,
+</I>&gt;<i> &gt; without installing shorewall (only writting the config files), then
+</I>&gt;<i> &gt; install shorewall on jonund, and if we didn't lose access to jonund
+</I>&gt;<i> &gt; install it on other nodes.
+</I>&gt;<i> 
+</I>&gt;<i> Playing with firewall on computer we can access only by network, woot !
+</I>&gt;<i> 
+</I>&gt;<i> I think access control can be done w/o using iptables.
+</I>
+Some programs provide access control, but not all, and it is often more
+limited than what you can do with a firewall. It can also be more
+vulnerable in case of security issue in one of the services. So I think
+using a firewall might be better. Especially for build nodes where we
+don't know exactly what services will be installed in the chroot and
+maybe running during the builds.
+
+</PRE>
+
+
+
+
+
+
+
+
+
+
+<!--endarticle-->
+    <HR>
+    <P><UL>
+        <!--threads-->
+	<LI>Previous message: <A HREF="000522.html">[Mageia-sysadm] Installing firewall
+</A></li>
+	<LI>Next message: <A HREF="000527.html">[Mageia-sysadm] Installing firewall
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#521">[ date ]</a>
+              <a href="thread.html#521">[ thread ]</a>
+              <a href="subject.html#521">[ subject ]</a>
+              <a href="author.html#521">[ author ]</a>
+         </LI>
+       </UL>
+
+<hr>
+<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
+mailing list</a><br>
+</body></html>
-- 
cgit v1.2.1