I wouldlike to use IPTables to block the client vservers from talking to each other but since they all have the same MAC address, this becomes problematic.What is the current best practice for doing this?
Have you tried blocking all traffic between local IPs except if source and destination are the same? As long as you don't give the NET_ADMIN or NET_RAW capabilities to the guest, the users in there cannot spoof the IP. baltasar ((( Baltasar Cevc ) World wide web:# http://www.openairkino.net/ (a project for the local youth; German only)
# http://technik.juz-kirchheim.de/ (programming and admin projects) # http://baltasar.cevc-topp.de/ (private homepage) ) Phone: +49 176 23 22 08 22 )
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver