[aklug] Re: Firewall

From: Shane Spencer <shane@bogomip.com>
Date: Sat Feb 11 2012 - 06:17:43 AKST

On Fri, Feb 10, 2012 at 6:32 PM, <scott@ravenmoonart.com> wrote:
> Who is using what in the way of firewalls on their systems and networks?
>
> I am looking for recommendations for firewalls (any type) to be used
> for a sandboxed network. I don't know how many systems will be in the
> box at this point, but I have been asked to make some suggestions that
> are scalable.
>

As for sandboxing. Make sure you are using virtualization,
paravirtualization, or jailing that supports loading modules and
doesn't use funky network interfaces that don't support the level of
firewalling you wish to do. I prefer full virtualization when I can
and can recommend using openvz and lxc to allow sandboxed servers
access to their own firewalling. If you're handling firewalling into
and between sandboxes from the host keep in mind that forward turns
into input/output for many things at that point.

I use shorewall for most public facing systems for both IPv4 and IPv6.
 I don't recommend it for dynamic firewalling unless you can hook into
it and add your own rules in your own way before iptables is reloaded.
 The reload process issues individual iptables commands last I checked
and doesn't use itables-restore.. so more power to yah :)

Maybe the open virtualization and cloud platforms out there have
something to offer?
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sat Feb 11 06:17:52 2012

This archive was generated by hypermail 2.1.8 : Sat Feb 11 2012 - 06:17:52 AKST