About this list Date view Thread view Subject view Author view Attachment view

From: Thomas Weber (l_vserver_at_mail2news.4t2.com)
Date: Mon 22 Apr 2002 - 15:21:47 BST


On Mon, Apr 22, 2002 at 11:13:04AM +0200, Jon Bendtsen wrote:
> Thomas Weber wrote:
> >
> > On Wed, Apr 17, 2002 at 02:59:05PM -0400, Jerry Wilborn wrote:
> > > i tried implementing ipchains rules on the physical server to reject
> > > packets, tried hosts.allow/deny combis
> > >
> > > has anyone been able to successfully block traffic coming from a virtual
> > > server going to the physical server's ip?
> >
> > should be straight forward. With iptables it'd be like this:
> > iptables -I INPUT -s vserversaddress --dport ssh -j DROP
>
> And what if the IP address is the same as the server ??
>
> What if you used the interface option?? So, only allowing from ethX?

huh? i don't understand what you wanna do. Each of your vservers has one IP
address to which the processes in the vserver can bind. So block incoming
traffic from this address and you're done.

  Tom


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 06 Nov 2002 - 07:03:40 GMT by hypermail 2.1.3