hi, i have a scenario where i am hosting many virtual server on one host machine. i would like to block the virtual servers from seeing the host server (and possibly all other virtual servers using their local ip). btw i am quite new to packet filtering and found that i couldnt answer this question by reading the faq
i created a chain called protection and added a rule as follows (where 10.1.5.0/24 is the network the virtual servers are, and 10.1.4.1 is where the host server is): iptables -A protection -s 10.1.5.0/24 -d 10.1.4.1 -j DROP but when i try to ssh, i can still make a connection. am i doing something wrong? i did specifiy -p icmp for another rule, which worked - so do i have to specify a rule for each protocol or should the general rule worked? below is the state of iptables if it helps at all: [root@xko-hs01-01 root]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination protection all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination protection all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain protection (2 references) target prot opt source destination DROP icmp -- anywhere xko-hs01-01.group.xko.net DROP icmp -- 10.1.5.0/24 anywhere DROP all -- 10.1.5.0/24 xko-hs01-01.group.xko.net [root@xko-hs01-01 root]# regards Warwick Brown Technical Assistant [EMAIL PROTECTED] XKO Group t 01455 554794 f 01455 556681 http://www.xko.co.uk *********************************************************** The contents of this e-mail and any attachments are intended for the named addressee only and may be confidential. Unless you are the named addressee or authorised to receive the e-mail of the named addressee you may not disclose, use or copy the contents of the e-mail. If you received the e-mail in error, please contact the sender immediately and then delete the e-mail. XKO does not accept responsibility for this message and any views or opinions contained in this e-mail are solely those of the author unless expressly stated otherwise. ************************************************************
