hi, yes i already thought about this problem.... the iptables have to be dedicated to the real server for security reason.
Thanks for hint! Greetings Oliver -----Original Message----- From: Herbert P�tzl [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 9. Juli 2003 18:26 To: Enrico Scholz Cc: [EMAIL PROTECTED] Subject: Re: [vserver] IP Tables in Vserver Context On Wed, Jul 09, 2003 at 06:11:36PM +0200, Enrico Scholz wrote: > [EMAIL PROTECTED] ("Oliver Dzombic") writes: > > > [... vservers & iptables ...] > > Just add > > | S_CAPS="CAP_NET_ADMIN CAP_NET_RAW" > > to the vserver-configuration. You will have to load the > iptables-modules in the vserver-startup script, or to compile > them into the kernel or to allow module-loading in the vserver. I > prefer the first variant. and remember, from this moment on, you will be able to modify/overwrite any interface on the physical host from within the vserver ... (including taking the interface down, etc) best, Herbert > Enrico
