I've heard that CSF blocks legit activity if it's not properly tuned. I think it would be safer to apply manual iptables, especially on the slave machines which host the containers. Otherwise it may do more harm than good.
The last time I read this it was a bit dated but it does appear to have been recently updated. Whenever I fire up a hardware node I usually firewall it first and then create a few containers and test them under real-world scenarios, be it a container running SolusVM/master with no virt., cPanel/WHM functionality with and without CSF, DNS, etc., to make certain I've not disabled access to something legitimate.
As for a CSF installation on the container level and SolusVM master installs -- that shouldn't be as big an issue since the containers are elsewhere and shouldn't be directly affected.
Any other WHTers using this type of setup?
| John Edel • Jetfire Networks L.L.C. • Trusted Hosting Solutions
| Consistent, Reliable, Stable OpenVZ & KVM Virtual Private Servers
| SpamWall AV & Full SMTP Filtering • Now an SSLStore Titanium Partner!
We have a few openvz servers using Solusvm that act as masters and slaves.
Lets say we have a openvz master/slave is it a good idea to install CSF on it aswell for DDOS Attacks etc.
I don't think that CSF will save your servers from the DDOS
and I'm afraid that not all openvz can install csf on it, I tried many times but there was some modules was missed which will not let csf work normally.
not all providers have installed the iptables modules on the node which allow you to install csf to work normally
you are talking about a VPS and this is not what the op asked about.
back to the main subject its ok to install firewalls on openvz server but you need to know what ports you should allow and what is the ips that must not blocked at any cost like the 127.0.0.x or 192.168.x.x