[aklug] Re: Firewall

From: Scott <Scott@ravenmoonart.com>
Date: Sat Feb 11 2012 - 10:07:46 AKST

My understanding is that a large part of this system, if not all, is
going to implemented virtually.
I think the first formal planning meeting is set for next month some
time and that is when I should be told more of what is going to be
needed/asked/required.

At this point I am flying a little blind since I have not gotten all the
basic requirements for the set up that they will need. I do not even
know how many people will be on the internal net work, or accessing the
system from off site.

thanks for the feedback. My weekend is now filled with reading and a few
attempts at setting something up.

Scott

On Sat, 2012-02-11 at 09:17 -0600, Shane Spencer wrote:

> On Fri, Feb 10, 2012 at 6:32 PM, <scott@ravenmoonart.com> wrote:
> > Who is using what in the way of firewalls on their systems and networks?
> >
> > I am looking for recommendations for firewalls (any type) to be used
> > for a sandboxed network. I don't know how many systems will be in the
> > box at this point, but I have been asked to make some suggestions that
> > are scalable.
> >
>
> As for sandboxing. Make sure you are using virtualization,
> paravirtualization, or jailing that supports loading modules and
> doesn't use funky network interfaces that don't support the level of
> firewalling you wish to do. I prefer full virtualization when I can
> and can recommend using openvz and lxc to allow sandboxed servers
> access to their own firewalling. If you're handling firewalling into
> and between sandboxes from the host keep in mind that forward turns
> into input/output for many things at that point.
>
> I use shorewall for most public facing systems for both IPv4 and IPv6.
> I don't recommend it for dynamic firewalling unless you can hook into
> it and add your own rules in your own way before iptables is reloaded.
> The reload process issues individual iptables commands last I checked
> and doesn't use itables-restore.. so more power to yah :)
>
> Maybe the open virtualization and cloud platforms out there have
> something to offer?
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sat Feb 11 10:07:56 2012

This archive was generated by hypermail 2.1.8 : Sat Feb 11 2012 - 10:07:56 AKST