Permalink
Browse files

Comments.

  • Loading branch information...
dmitrymin committed Nov 11, 2010
1 parent 0e96085 commit ba9811658ba8ae2d98f1b33a0275159ae28a2b24
Showing with 25 additions and 2 deletions.
  1. +25 −2 README.txt
View
@@ -1,9 +1,32 @@
vzfirewall: extremely simple tool which configures opened ports
and hosts for incoming connections in OpenVZ environment
-(C) dkLab, http://dklab.ru/lib/dklab_vzfirewall/
+(C) dkLab, http://en.dklab.ru/lib/dklab_vzfirewall/
-SYNOPSYS
+Vzfirewall tool allows you to open/close ports for incoming connections
+with no dependencies to foreign IP addresses. E.g. you may allow a hostname
+release.prod.example.com to connect to port 5432 of VE 1234 and leave all
+other ports closed by modifying 1234.conf file adding multiline FIREWALL
+directive into it - see SYNOPSIS below.
+
+You must then run vzfirewall -a on your hardware node to apply changes
+made in *.conf.
+
+Note that it is recommended to use hostnames instead of IP addresses here,
+so the configuration is persistent for VE movements to different IP-address:
+you just need to run vzfirewall -a again after movement. It is also
+reboot-safe, because applied to /etc/sysconfig/iptables (at RHEL systems).
+
+
+INSTALLATION
+------------
+
+cd /usr/sbin
+wget http://github.com/DmitryKoterov/vzfirewall/raw/master/vzfirewall
+chmod +x vzfirewall
+
+
+SYNOPSIS
--------
1. Modify the file /etc/sysconfig/vz-scripts/4.conf:

0 comments on commit ba98116

Please sign in to comment.