Open main menu

CDOT Wiki β

Changes

Ops535 online a1

2 bytes removed, 10:18, 10 February 2021
Network, firewall, and SELinux
:* Do not allow DNS queries from any VMs in your network to any DNS servers in the lab
except your caching-only DNS server.
:* SELinux must be turned on and run in enforcing mode on all of your VMs. You may need to
configure the SELinux booleans accordingly.
:* Your VM1 must use iptables.service and VM2 to VM4 must use firewalld.service as their firewall. For firewalld.service, the ens192 interface should be set up in the 'public' zone and the ens224 interface should be set up in the ‘work’ zone. In addition to ssh traffic, your firewalls should only allow the traffic necessary to fulfil the roles described above.
==Method of implementation==
1,760
edits