On Friday 27 April 2012 18:41, the following was written:
On 4/27/2012 5:05 PM, Bob Hoffman wrote:
dropping IPs by host machine, protecting the vms. would something like this work
-A PREROUTING -s 66.77.65.128/26 -j DROP
or would my server die upon testing it...lol _______________________________________________
okay, after about 400 atempts and some hour or so of reading, I find that red hat auto disables the ability to use the host iptables rules to protect the virtual machines.
# Disable netfilter on bridges. net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0
not sure which would be turned on, bottom two or just the middle
net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-arptables = 1
I would think you only need the middle one turned on for the firewall.
If you are looking to block ip addresses from getting to your VM's then you should seetup your firewall on the bridge. And adding that one rule above should take care of your issues.