About this list Date view Thread view Subject view Author view Attachment view

From: Oliver Dzombic (info_at_isp4p.net)
Date: Wed 09 Jul 2003 - 17:35:31 BST


hi,

yes i already thought about this problem.... the iptables have to be
dedicated to the real server for security reason.

Thanks for hint!

Greetings

Oliver

-----Original Message-----
From: Herbert P÷tzl [mailto:herbert_at_13thfloor.at]
Sent: Mittwoch, 9. Juli 2003 18:26
To: Enrico Scholz
Cc: vserver_at_solucorp.qc.ca
Subject: Re: [vserver] IP Tables in Vserver Context

On Wed, Jul 09, 2003 at 06:11:36PM +0200, Enrico Scholz wrote:
> info_at_isp4p.net ("Oliver Dzombic") writes:
>
> > [... vservers & iptables ...]
>
> Just add
>
> | S_CAPS="CAP_NET_ADMIN CAP_NET_RAW"
>
> to the vserver-configuration. You will have to load the
> iptables-modules in the vserver-startup script, or to compile
> them into the kernel or to allow module-loading in the vserver. I
> prefer the first variant.

and remember, from this moment on, you will
be able to modify/overwrite any interface
on the physical host from within the vserver ...
(including taking the interface down, etc)

best,
Herbert

> Enrico


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 09 Jul 2003 - 17:54:54 BST by hypermail 2.1.3