Like Garrett mentioned, you can use ipfilter it is located under /native
Here is a little example:
--- /etc/ipf.conf ---
## Default policies
pass out all keep state
block in all
block return-rst in log first proto tcp all
block return-icmp(host-unr) in log proto udp all
## Loopback
pass in quick on lo all
pass out quick on lo all
## ICMP Everywhere
pass out quick proto icmp all keep state
pass in quick proto icmp all keep state
## eth0 (Internet)
pass in quick on eth0 proto tcp from any to any port = 22 flags S/FSRPAU
keep state keep frags
pass in quick on eth0 proto tcp from any to any port = 443 flags
S/FSRPAU keep state keep frags---
---
--- /usr/local/bin/svc-fw ---
#!/bin/sh
case $1 in
start)
echo -n "[>>] Starting firewall ...\r"
FWRULES=$(/native/usr/sbin/ipf -E -Fa -v -f /etc/ipf.conf)
if [ $? -eq 0 ]; then
echo "[OK]"
else
echo "[!!]"
fi
break
;;
stop)
echo -n "[>>] Stopping firewall ...\r"
/native/usr/sbin/ipf -D
if [ $? -eq 0 ]; then
echo "[OK]"
else
echo "[!!]"
fi
break
;;
restart)
$0 stop
sleep 1
$0 start
;;
*)
echo "Usage $0 {start|stop|restart}"
break
;;
esac
---
I added '/usr/local/bin/svc-fw start' to /etc/rc.local to load the
firewall rules on boot. (ubuntu lx-dataset, should work on others)
The above allows inbound port 22 and 443 and outbound everything is
allowed.
You can stop/start the firewall by calling svc-fw stop or svc-fw start.
---
~ sjorge
On 2015-08-26 08:02, Garrett D'Amore wrote:
> We have ipfilter and you should be able to do that on a per stack basis (ie
> per zone). I'm not sure how you'd administer it from lx though. You might
> have to set it up from the GZ or use native tools to do it in the LX zone.
>
> Sent from my iPhone
>
> On Aug 25, 2015, at 10:02 PM, Nicholas Lee <[email protected]> wrote:
>
>> Are there any options for basic ip traffic management in LX zones?
>>
>> ie. blocking all inward traffic except to 22, 80, 443, etc?
>>
>> I'm assume anything iptables based is not going to work - ufw, etc.
>>
>> Nicholas
>
> SMARTOS-DISCUSS | Archives [1] [2] | Modify [3] Your Subscription
> [4]
Links:
------
[1] https://www.listbox.com/member/archive/184463/=now
[2] https://www.listbox.com/member/archive/rss/184463/26452851-88b650c7
[3]
https://www.listbox.com/member/?&
[4] http://www.listbox.com
-------------------------------------------
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription:
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com
