OpenVZ Forum


Home » General » Support » Can you filter traffic from the host node? (Is it possible to filter traffic at the host preventing access to a VPS?)
Can you filter traffic from the host node? [message #39496] Sat, 01 May 2010 22:50 Go to next message
jpastore is currently offline  jpastore
Messages: 21
Registered: July 2007
Location: South Florida
Junior Member
I basically want to block all traffic from China/Russia and a few other places from ever reaching any container on this particular server.

It seems an abundant number of rules to place at each container.

Is it possible to filter from IPs from the host node before it's passed to the container?

Report message to a moderator

Re: Can you filter traffic from the host node? [message #39497 is a reply to message #39496] Sun, 02 May 2010 08:04 Go to previous messageGo to next message
sunoano is currently offline  sunoano
Messages: 8
Registered: January 2010
Junior Member
Sure, just use netfilter/iptables on the HN. I've written a script to do all the filtering on the HN in order to protect the VEs
http://github.com/sunoano/bash/blob/master/packet_filter

Report message to a moderator

Re: Can you filter traffic from the host node? [message #39512 is a reply to message #39497] Tue, 04 May 2010 11:28 Go to previous messageGo to next message
jpastore is currently offline  jpastore
Messages: 21
Registered: July 2007
Location: South Florida
Junior Member
Thank you sunoano. This script is a little over my head can you point me to some instructions on how to deploy?

Report message to a moderator

Re: Can you filter traffic from the host node? [message #39513 is a reply to message #39512] Tue, 04 May 2010 12:32 Go to previous messageGo to next message
sunoano is currently offline  sunoano
Messages: 8
Registered: January 2010
Junior Member
there is a link in the script that points to my website where you find plenty of information on how to deploy (top section, in the comments)

Report message to a moderator

Re: Can you filter traffic from the host node? [message #39514 is a reply to message #39513] Tue, 04 May 2010 12:51 Go to previous message
jpastore is currently offline  jpastore
Messages: 21
Registered: July 2007
Location: South Florida
Junior Member
My apologies for not reading thoroughly. Thank you.

Report message to a moderator

Previous Topic: What are the losses of using the .26 Kernel included in apt-lenny
Next Topic: DEBIAN squeeze : "unable to handle kernel NULL pointer dereference at (null)" creating VE
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sat May 11 07:56:35 GMT 2024

Total time taken to generate the page: 0.01603 seconds
Powered by FUDforum Powered by Virtuozzo Containers