|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] IpTables config file for Dom0
I happily manage via ssh, Shorewall iptables rules for Dom0-DomU routing, with three external public IP addresses, and two vpn WANs. Shorewall version 3 is fantastic. Especially if you're prepared to properly paramatise your script. I don't feel I'd trust a GUI. Appologies for off-topic. piersdd@xxxxxxxxxxxxx http://web.mac.com/piersdd/iWeb/Five9s/ethereality/ethereality.html On 27/04/2006, at 10:30 AM, Molle Bestefich wrote: Heiko Wundram wrote:Molle Bestefich:Non-GUI-managed firewalls? When was that considered practical.. circa 1980?Huh? I don't use a GUI to manage our firewall, and that's pretty standard forall organizations I know around here.If you had tried it, I don't think you would be going back to editing configuration files :-).Using a GUI to manage a firewall (andhiding the inherent complexity that a firewall always is), is more errorpronethan an administrator who knows what he's doing and can reasonablyefficiently see what parts of the system a change to the firewall rules wouldaffect,I don't think that's true. In fact, I'll bet that the non-GUI user introduces many more errors because he has a lack of overview in comparison to the GUI user.additionally, an administrator can compute much shorter rulesets than an equivalent automated tool.Who said anything about automated? _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |