Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
vzfirewall is an extremely simple tool to configure opened ports and hosts for incoming connections in OpenVZ environment
Perl
tree: cb59ee32f3

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
README.txt
license.txt
vzfirewall

README.txt

vzfirewall: extremely simple tool which configures opened ports 
            and hosts for incoming connections in OpenVZ environment 
(C) dkLab, http://dklab.ru/lib/dklab_vzfirewall/


SYNOPSYS
--------

File /etc/sysconfig/vz-scripts/4.conf, FIREWALL directive:

...
FIREWALL="
	host.allowed.to.every.port
	yet.another.host
	* # means "any host"

	[25]
	host.allowed.to.access.smtp
	* # means "any"

	[80,443]
	hosts.allowed.to.access.two.ports
	
	[udp:53]
	*

	[CUSTOM]
	# You may use "$THIS" macro which is replaced by this machine IP
	# (and, if the machine has many IPs, it will be multiplicated).
	-A INPUT -i eth2 -d $THIS -j ACCEPT
	# Or you may use commands with no references to $THIS (only
	# such commands are allowed for 0.conf file).
	-A INPUT -i eth1 -j ACCEPT
"
...

We use FIREWALL directive in plain VE configs to allow to
vzmigrate it easily from one node to another.
Something went wrong with that request. Please try again.