[CentOS] Firewall for virtual machines

Ron Loftin reloftin at twcny.rr.com
Fri Dec 11 22:03:03 UTC 2009


On Fri, 2009-12-11 at 13:50 -0800, MHR wrote:
> I realize I'm not getting a lot of questions answered here lately, and
> I'm going to presume that this is for legitimate reasons (i.e., people
> don't know or are too busy to think about it), not because they seem
> stupid (if they do, please tell me, on the list or privately).
> 
> I run Windows as a VMWare guest on top of my CentOS host, and I
> generally have not used a firewall on the guest.  This is partly
> because I only run it rarely, and it seems like a waste when it's
> running on a host that has its own, pretty effective firewall, but
> today I began to wonder - would it be a bad idea (or a complete waste)
> to use a firewall, like ZoneAlarm, on my Windows guest OS?
> 
> Opinions welcome.
> 
Disclaimer:  This is just my own opinion, on a good day maybe worth
$0.02 (US).

I'd say that my circumstances are pretty similar to yours in that I run
the Windoze VM occasionally for non-critical uses ( most of the time ).
My network is protected by a separate CentOS 5 box with Shorewall as a
front-end for iptables, and I feel as secure as anyone has a right to
while still having an active Internet connection. ;>

So far, my practice has been to just run with the Windoze firewall
enabled, and I do that mostly to keep the rest of that miserable excuse
for an OS from whining about no detectable firewall in place, rather
than in any expectation that it will actually prevent something bad from
happening.  I also have Windoze 2000 VMs with no firewall, and as far as
I know nothing bad has slid onto my network.

The bottom line is that in a VM protected by a "real" firewall, I see no
particular need for another waste of system resources on an OS that
wastes too much already. ;>

> Thanks.
> 
> mhr
> _______________________________________________

-- 
Ron Loftin                      reloftin at twcny.rr.com

"God, root, what is difference ?"       Piter from UserFriendly



More information about the CentOS mailing list