On Thu, Oct 19, 2006 at 10:28:23AM +0200, Tomas Fasth wrote: > Alexander Kabanov wrote: > > let me rephrase you question - do you want an isolated localhost IP > > address for each guest? Why would you need this? > > To Minimize exposure by binding local services to a local interface?
you can do the same with iptables and moreover you can use any private ip and put it on lo or dummy0 and it will serve the same purpose ... > Local interface is a simple and automatic security feature. > Yes, you can block public access with packet filtering, > but that will add complexity and can not be enabled by default. > > Common examples of services which use local interface in their > default configuration: MySQL and Postfix. this will be addressed in the near future ... best, Herbert > Regards, Tomas > > _______________________________________________ > Vserver mailing list > [email protected] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
