From: Jon Bendtsen (jon+vserver_at_silicide.dk)
Date: Mon Apr 22 2002 - 10:38:12 EDT
Thomas Weber wrote:
>
> On Mon, Apr 22, 2002 at 11:13:04AM +0200, Jon Bendtsen wrote:
> > Thomas Weber wrote:
> > >
> > > On Wed, Apr 17, 2002 at 02:59:05PM -0400, Jerry Wilborn wrote:
> > > > i tried implementing ipchains rules on the physical server to reject
> > > > packets, tried hosts.allow/deny combis
> > > >
> > > > has anyone been able to successfully block traffic coming from a virtual
> > > > server going to the physical server's ip?
> > >
> > > should be straight forward. With iptables it'd be like this:
> > > iptables -I INPUT -s vserversaddress --dport ssh -j DROP
> >
> > And what if the IP address is the same as the server ??
> >
> > What if you used the interface option?? So, only allowing from ethX?
>
> huh? i don't understand what you wanna do. Each of your vservers has one IP
> address to which the processes in the vserver can bind. So block incoming
> traffic from this address and you're done.
Okay, i was unclear. You dont have to block it. Usualy you can specify a
! infront
to revert the testing, or else you can just do "allow" all trafic to the
port he
wants protected that comes from ethX, or not his own ip.
JonB
This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:01 EDT