This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] Firewall rules

To: Nathan Eisenberg <nathan@xxxxxxxxxxxxxxxx>
Subject: Re: [Xen-users] Firewall rules
From: Rudi Ahlers <Rudi@xxxxxxxxxxx>
Date: Wed, 25 Aug 2010 09:12:43 +0200
Cc: "Xen-users@xxxxxxxxxxxxxxxxxxx" <Xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 25 Aug 2010 00:14:18 -0700
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=softdux.com; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject:To:Cc:Content-Type:Content-Transfer-Encoding:X-Assp-Whitelisted:X-Assp-Envelope-From:X-Assp-Intended-For:X-Source:X-Source-Args:X-Source-Dir; b=itAPGy76FMx61s7Qvn/Mtyt76nhsxOOFTpxIflwHXi07y83sKcWHwg/Ufys5C8Mk2zdl/e+6o4YoTADzrkDMiW24q4tn5o9kvffbr0tH+l+yD8VcIdAfKoXgWI5HwOPA;
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <8C26A4FDAE599041A13EB499117D3C281648ED68@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4C74353F.7070300@xxxxxxxxxxx> <8C26A4FDAE599041A13EB499117D3C281648ED68@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
On Wed, Aug 25, 2010 at 12:05 AM, Nathan Eisenberg
<nathan@xxxxxxxxxxxxxxxx> wrote:
> It's not really specific to XEN, but at $datacenterjob, we deploy servers 
> with the host firewall blocking everything except for ICMP-PING, and SSH or 
> RDP.  Typically, fail2ban is also installed on linux servers to kill off the 
> lazy bruteforcers.  Lastly, we drop the netbios ports using ACLs at our 
> border routers.
> _______________________________________________

Nathan, as matter of interest, do you have pre-configured ISO's or
something with the firewall already setup, or do you do this manually?

And, if it were for a XEN VM, would you do the firewalling on the dom0
host, or the domU guest?

Kind Regards
Rudi Ahlers

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532

Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>