From: James Gibson (twistedhammer_at_subdimension.com)
Date: Wed 15 May 2002 - 08:30:24 BST
I doubt it.. not that it's a bad idea, it's just unnecessary.. look at it
this way: your vserver is also trapped to a single IP address. Just set up
your iptables to disallow any traffic from your internal subnet to or from
the vserver, with the exception of your gateway.
If you wanted to make your life even easier do it this way: say your
subnet is 192.168.1.0/24. set your vserver to be on a different subnet,
say 192.168.2.0/24, then configure your gateway to listen on that subnet
as well (i.e. setup an alias). as long as the gateway box is configured to
not route traffic onto the 192.168.1.0/24 subnet from the 192.168.2.0/24
subnet you should be fine.
James Gibson
On Wed, 15 May 2002, Billy Hager wrote:
> Actually, that gives me an idea. My vserver is traped in a single security
> context. Is there a netfilter module I can use to filter by security
> context?
>
> Billy Hager
> whager_at_bellsouth.net
>
>
> On Tuesday 14 May 2002 09:41 pm, you wrote:
> > I am not a networking expert, but if I may ask, would iptables work? I
> > can imagine that you can setup rules so that no traffics coming from the
> > outside can get in, or vice versa.
> >
> > Peter
> >
>
>