OpenVZ Forum: HowTo » iptables Blocking for ALL VEs

Home » General » HowTo » iptables Blocking for ALL VEs

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

iptables Blocking for ALL VEs [message #1123]

Wed, 01 February 2006 16:02

phpfreak
Messages: 47
Registered: January 2006

Member

If anyone needs to do firewalling from the host node to affect all VEs, this is the way you can handle it:

iptables -A FORWARD -i eth0 -s 65.254.39.146 -j DROP

Assuming eth0 is your primary network device, this will drop IP 65.252.39.146 on all of your VEs.

This is nothing cosmetic, I just wanted to point out that you should drop them on the FORWARD chain to affect all the VEs.

Good luck,

Eric Rosebrock
http://www.serverpowered.com
http://www.hybodus.com
http://www.linuxforum.com
http://www.phpfreaks.com

Report message to a moderator

Re: iptables Blocking for ALL VEs [message #1344 is a reply to message #1123]

Tue, 07 February 2006 04:42

phpfreak
Messages: 47
Registered: January 2006

Member

to make life easier, I put this into /usr/local/sbin/vzdrop:

#!/bin/bash
iptables -A FORWARD -i eth0 -s $1 -j DROP
iptables -A FORWARD -i eth1 -s $1 -j DROP
iptables -A INPUT -i eth0 -s $1 -j DROP
iptables -A INPUT -i eth1 -s $i -j DROP

chmod +x /usr/local/sbin/vzdrop

Then to drop an IP:

vzdrop 65.252.39.146

And you've blocked the attacker.

Eric Rosebrock
http://www.serverpowered.com
http://www.hybodus.com
http://www.linuxforum.com
http://www.phpfreaks.com

[Updated on: Tue, 07 February 2006 04:42]

Report message to a moderator

Previous Topic:	Debian template cache creation in 5 minutes
Next Topic:	Bandwidth Accounting for VPS

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Tue Nov 12 23:02:48 GMT 2024

Total time taken to generate the page: 0.03149 seconds