Given that vserver won't allow you to use iptables, has anyone tried a solutions where tha iptables command is replaced by a stub command that talks to a daemon in context 0 to set up tables?
It seems that you could create a chain (or two actually - input and output) for every vserver, and have a rule to jumpt to those chains based onthe vserver ip. With some clever replacing of INPUT or OUTPUT with name of the chains for those vservers it seems you could get a 80% functional iptables, probably enough to fool most firewall config tools (and most users). Since that chain is only accessed for that particular IP, there should be no way to cause any damage on the server. I was going to try to write something like this, but wanted to check whether I might be reinventing the wheel here. Grisha _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
