Sangeeta Misra wrote:
>
> One reason for ILB machine to configure IP Filter may be to disallow all
> incoming packets except for those that are for load balancing and ssh. I
> dont know how common this case may be, but I am wondering if this
> capabilty can be added in ILB itself, so that the user does not
> require IP FIlter configuration for this purpose. We can invoke this
> via an additional lbadm option called "dedicated" or something
When and if we do a GUI/WUI for a load balancer it probably makes sense
to expose filtering there. But I don't think it makes sense to put
things in one CLI that already exist in other CLI.
> This wquld probably mean that at ip_input() we check to see if packet is
> ssh protocol, if its not, we match the packets dest port and protocol to
> those that show up in lb rules or else drop the packet.
Why not just configure IP Filter with a ruleset to handle this?
Erik
