From: tim d. <ti...@un...> - 2004-05-03 22:57:40
|
Hey folks. I'd like to control what ips my umls can configure as valid on their guests. The approach I'm taking is that they can do whatever they want, ip wize, inside the guest, but I'd use Iptables rules to only allow traffic for the ips I give them, thus denying them access to ips I dont want them to have. iptables -P INPUT deny iptables -P OUTPUT deny iptables -P FORWARD accept iptables -A INPUT -i $umlbridgeport -s 0.0.0.0/0 -d $publicip -j ACCEPT iptables -A OUTPUT -i $umlbridgeport -s $publicip -d 0.0.0.0/0 -j ACCEPT I'm using 2.4 series for my host. Do I need to use 2.6/ebtables and -m physdev to drop all frames that aren't wanted, so that arp is controlled? Or should this suffice to keep control of ips. Thanks, Tim |