Firewall on physical host node
I am doing some reading around but I guess its best to take help and get precise information, so I am in process of setting up OpenVZ based visualization on a dedicated server and now I need to know what kind of firewall will work on it?
I see 3 options:
1. Hardware firewall
2. Firewall on host only
3. Firewall on each container.
First option is not viable as I am not looking to spend a lot on it , its only for my own usage.
In second option, is it possible that configure firewall on host node and then it serves like hardware firewall sitting in front of each container ?
Third option, install their own firewall in each node and make sure host node has required iptables modules
So which one is preferred and ofcourse when I set dedicated box or VPS, I simply resort to CSF and works great, what should be used in Host node for firewall ?