[Mageia-sysadm] Installing firewall

Mon Nov 15 20:23:11 CET 2010

* nicolas vigier (boklm at mars-attacks.org) wrote:
+> On Mon, 15 Nov 2010, Michael Scherer wrote:
+> 
+> > Le vendredi 12 novembre 2010 à 18:30 +0100, nicolas vigier a écrit :
+> > > Hello,
+> > > 
+> > > The Mageia packages repository will be stored on valstar. As the
+> > > repository will be needed on build nodes, it will have to be either
+> > > mirrored or mounted via nfs (readonly). If we use nfs, I think we should
+> > > first setup a firewall before installing the nfs server. 
+> > 
+> > While I agree with the firewall part, NFS and portmap are not really
+> > very firewall friendly, as there is ( or used to be ) by default dynamic
+> > ports involved. We can fix them of course but this has to be taken in
+> > account. 
+> > 
+> > So wouldn't it be easier to use a simple http source ?
+> > This would also open less ports on the firewall, les thing to check and
+> > supervise, and less work on writing puppet manifests.
+> > 
+> > ( and I will not add the fact that I deeply hate nfs for the amount of
+> > work it gave me on the Mandriva cluster )
+> 
+> Yes, using http would be more simple, good idea. Is http sources
+> supported in Iurt ?
+
+I don't want to say NFS is wonderfull, but being able launch "rpm -Uvh
+libfoo*.rpm" saved my life so many time I really think having the tree
+provided by NFS would be an advantage (even ro).
+
+About the firewall part, why not simply allowing everything from ours IP
+(the 4 or 5 servers we have) ?
+I don't imagine this would be more risky than having php on our
+server...
+
+Regards.
+
+-- 
+
+Olivier Thauvin
+CNRS  -  LATMOS
+♖ ♘ ♗ ♕ ♔ ♗ ♘ ♖
+-------------- next part --------------
+A non-text attachment was scrubbed...
+Name: not available
+Type: application/pgp-signature
+Size: 197 bytes
+Desc: not available
+URL: </pipermail/mageia-sysadm/attachments/20101115/84dc621c/attachment.asc>
+