Browse files


  • Loading branch information...
dmitrymin committed Nov 11, 2010
1 parent 0e96085 commit ba9811658ba8ae2d98f1b33a0275159ae28a2b24
Showing with 25 additions and 2 deletions.
  1. +25 −2 README.txt
@@ -1,9 +1,32 @@
vzfirewall: extremely simple tool which configures opened ports
and hosts for incoming connections in OpenVZ environment
-(C) dkLab,
+(C) dkLab,
+Vzfirewall tool allows you to open/close ports for incoming connections
+with no dependencies to foreign IP addresses. E.g. you may allow a hostname to connect to port 5432 of VE 1234 and leave all
+other ports closed by modifying 1234.conf file adding multiline FIREWALL
+directive into it - see SYNOPSIS below.
+You must then run vzfirewall -a on your hardware node to apply changes
+made in *.conf.
+Note that it is recommended to use hostnames instead of IP addresses here,
+so the configuration is persistent for VE movements to different IP-address:
+you just need to run vzfirewall -a again after movement. It is also
+reboot-safe, because applied to /etc/sysconfig/iptables (at RHEL systems).
+cd /usr/sbin
+chmod +x vzfirewall
1. Modify the file /etc/sysconfig/vz-scripts/4.conf:

0 comments on commit ba98116

Please sign in to comment.