[Mageia-sysadm] Installing firewall

Mon Nov 15 01:47:23 CET 2010

Le vendredi 12 novembre 2010 à 18:30 +0100, nicolas vigier a écrit :
+> Hello,
+> 
+> The Mageia packages repository will be stored on valstar. As the
+> repository will be needed on build nodes, it will have to be either
+> mirrored or mounted via nfs (readonly). If we use nfs, I think we should
+> first setup a firewall before installing the nfs server. A firewall
+> would also be useful to filter connections to the pgsql/mysql servers,
+> to the build nodes, etc ...
+> 
+> I suggest using shorewall to manage the firewall configuration. Any
+> comment about this ?
+
+I would rather prefer something a little bit higher level, but that's ok
+for a start. Having a good abstraction ( like some puppet class ) would
+be nice. We could also take a look at exported ressources too
+( http://projects.puppetlabs.com/projects/1/wiki/Exported_Resources ),
+so we could say "allow postgresql connexion from server running this
+class"
+
+> I plan to write a shorewall module in puppet, test it on jonund first,
+> without installing shorewall (only writting the config files), then
+> install shorewall on jonund, and if we didn't lose access to jonund
+> install it on other nodes.
+
+Technically, using puppet allow us to test on VM without much problem.
+
+And in fact, I would strongly suggest using VMs rather than our servers
+because this allow us to catch some stupid errors in the manifest that
+could help us in case of disaster recovery, or computer duplication. Not
+to mention than testing on production servers is not a good idea ( even
+if I suppose we all do this ).
+
+-- 
+Michael Scherer
+
+