LVS and host based firewall

Joseph Mack mack.joseph at epa.gov
Fri May 10 11:17:31 BST 2002


Mike Radomski wrote:


> I have been trying to use SuSEfirewall for simplicity, though usually use
> ipchains. 

Setting up a firewall has lots of pitfalls. You can lock yourself out of a machine
without any trouble at all. I put logging rules in every chain and send test packets
to test that the rules are really doing what I think. 

I would stay away from ipchains unless you can guarantee that you'll by only
running 2.2.x kernels forever. All kernels from 2.4 on will have iptables
and you'll have to rewrite your rules.

Joe

-- 
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center, 
mailto:mack.joseph at epa.gov ph# 919-541-0007, RTP, NC, USA




More information about the lvs-users mailing list