April 23rd, 2010
The articles come on little cat feet
We've added setup articles for our current CentOS, Fedora, Red Hat, and Ubuntu slice images. Each of the links below is to the first page (of two) for each tutorial. If you're setting up a new slice, the articles offer advice on some basic security practices and configuration tweaks. They're worth a look.
CentOS 5.3 Setup
CentOS 5.4 Setup
Fedora 11 setup
Fedora 12 setup
Ubuntu Jaunty Setup
Ubuntu Karmic Setup
Forum user dlrush is seeking feedback on a tool to dynamically and easily change a slice's firewall settings. The tool includes a tie-in to the Slicehost API so permissions can be automatically updated when you create new slices.
Slicehost isn't officially associated with the project in any way, but it does sound useful enough to link to. If this looks neat to you, check the forum post on the offering:
Easier Firewall Configuration - Safe Private IPs, using IPtables
As always, our friendly and knowledgeable support staff are waiting in SliceChat for your questions, 24 hours a day, seven days a week. So are the surly and knowledgeable ones that are good at acting friendly. Just you try and tell the difference!
April 27th, 2010 at 11:11 PM Paul
I’m curious why the ubuntu tutorial doesn’t recommend using UFW. It’s a whole lot easier and a whole lot less error-prone than using iptables, particularly for newbies.
April 29th, 2010 at 07:49 AM Jered
Primarily for consistency, really. The approach used in the tutorial translates well to another distribution like CentOS. If someone is using the set-up article when switching distributions or just trying them out, we figure a common starting point is best, so the user doesn’t have to worry too much about differences between distributions until after the initial slice prep is complete.
Being consistent in how we set people up with iptables also helps when we write other articles – we can not just say that they need to open port 8080, we can also show the iptables rule that would do so. And if someone is using the /etc/iptables.up.rules file we provided as a starting point, it means they’ll be adding those rules to a file that can be well-commented to make it easier to remember why a change was made later (and how and where to make a new change).
And finally, it’s a question of maturity of code. While ufw looks pretty nifty, it’s still been undergoing a lot of development and feature changes. Lucid might finally have a version considered feature-complete, but I’d still be reluctant to turn someone new to Linux loose on it until it’s matured a bit.
That said, I know someone here is working on an article for UFW. I’ll harass him to work on it more, if would be nice to have it up there as an obvious option once someone emerges from the initial setup article.