ipchains -A input -s 0/0 -p tcp -d 192.168.10.12 22 -j ACCEPT
ipchains -A input -s 0/0 -p tcp -d 192.168.10.13 22 -j ACCEPT
ipchains -A input -s 0/0 -p tcp -d 192.168.10.14 22 -j DENY
Keep in mind that a vserver really isn't a separate server, in the strictest sense; indeed, it is just an abstraction (more or less). So the IP addresses of your vservers are really just IP aliases on the network card of your master server, so you can refer to those IP's in your ipchains rules, since the packets for those addresses will traverse the ipchains of your master server.
ahp
P.S. -- Please, someone correct me if I have mis-spoken.
At 19:29 12/17/2002, you wrote:
I'd like to try and get this straight in my head - poor container that it is.Ipchains do not work from in vservers. If so then how do I control on a vserver by vserver the IPs and ports that respond (or don't respond?) In my situation I have total control over what is running in each vserver but it varies for each vserver and may vary for each box I run Vserver on. My concern/confusion is if I do the right thing and shut out everything except ssh on the main server how will a vserver run a web-server, dns server, or mail server only. Again thanks for thoughts and ideas, Rod -- "Open Source Software - Sometimes you get more than you paid for..."
msg00657/pgp00000.pgp
Description: PGP signature
