From: Jon Bendtsen (jon+vserver_at_silicide.dk)
Date: Mon 22 Apr 2002 - 15:38:12 BST
Thomas Weber wrote:
> On Mon, Apr 22, 2002 at 11:13:04AM +0200, Jon Bendtsen wrote:
> > Thomas Weber wrote:
> > >
> > > On Wed, Apr 17, 2002 at 02:59:05PM -0400, Jerry Wilborn wrote:
> > > > i tried implementing ipchains rules on the physical server to reject
> > > > packets, tried hosts.allow/deny combis
> > > >
> > > > has anyone been able to successfully block traffic coming from a virtual
> > > > server going to the physical server's ip?
> > >
> > > should be straight forward. With iptables it'd be like this:
> > > iptables -I INPUT -s vserversaddress --dport ssh -j DROP
> > And what if the IP address is the same as the server ??
> > What if you used the interface option?? So, only allowing from ethX?
> huh? i don't understand what you wanna do. Each of your vservers has one IP
> address to which the processes in the vserver can bind. So block incoming
> traffic from this address and you're done.
Okay, i was unclear. You dont have to block it. Usualy you can specify a
to revert the testing, or else you can just do "allow" all trafic to the
wants protected that comes from ethX, or not his own ip.