This week’s ascii-cast shows how to use
zadm to quickly create an
lx-branded zone in OmniOS r151034 and how to configure a basic policy in
the zone firewall. The zone firewall works for all zone brands except for
KVM and is ideal for securing an lx zone where the native iptables
tools don’t work.
nginx is used as an example application here, but in reality one would deploy something like nginx in a native branded zone, most likely with the sparse brand.
This is just a basic zone setup. Configuring more features such as memory and CPU caps will be covered in a future article.
zadm is open source and hosted on Github. Feedback and pull requests are welcome.
Any questions, please get in touch!