From: Thomas Weber (l_vserver_at_mail2news.4t2.com)
Date: Mon 22 Apr 2002 - 15:21:47 BST
On Mon, Apr 22, 2002 at 11:13:04AM +0200, Jon Bendtsen wrote:
> Thomas Weber wrote:
> > On Wed, Apr 17, 2002 at 02:59:05PM -0400, Jerry Wilborn wrote:
> > > i tried implementing ipchains rules on the physical server to reject
> > > packets, tried hosts.allow/deny combis
> > >
> > > has anyone been able to successfully block traffic coming from a virtual
> > > server going to the physical server's ip?
> > should be straight forward. With iptables it'd be like this:
> > iptables -I INPUT -s vserversaddress --dport ssh -j DROP
> And what if the IP address is the same as the server ??
> What if you used the interface option?? So, only allowing from ethX?
huh? i don't understand what you wanna do. Each of your vservers has one IP
address to which the processes in the vserver can bind. So block incoming
traffic from this address and you're done.