From: Tor Rune Skoglund (trs_at_datakompaniet.no)
Date: Mon 12 May 2003 - 09:47:59 BST
iptables and vservers: As far as I can understand, it won't be
and shouldn't be possible to edit iptables fra a vserver, as
the tables are in the kernel space?
I have a problem seeing "the whole picture" though.... Will
the vservers inherit/use the tables from the server host, and
if so, are there any special considerations when defining the
iptables in the host?
E.g to prevent a vserver from accessing the host, and the
vserver has it's own IP address, would it be correct and safe
to DROP all packet from specific vserver to the host, by
iptables -A INPUT -p tcp -s <vserver-local-IP> -j DROP
in the host iptables config?
Tor Rune Skoglund
-- DataKompaniet as Teknobyen Innovasjonssenter, Abelsgt. 5 Tel: +47 73 51 51 51 N-7030 Trondheim, Norway Fax: +47 73 94 38 61 WWW: http://www.datakompaniet.no E-mail: post_at_datakompaniet.no