I am experimenting with a kvm virtual machine. At the moment I trying to configure iptables for the the host instance. In Xen terms I would call this Dom0 but I do not know the appropriate KVM term, if any. The setup I have is a single NIC (eth0) host bridged (bridge0). I want iptables to allow all host generated traffic (! bridge0 I think) and to check all other traffic for brute force attempts coming in over the LAN. I have the following rules in /etc/sysconfig/iptables: . . . -A GENERAL -m comment ! -i bridge0 -j ACCEPT . . . -A GENERAL -m comment -m state -i bridge0 --state NEW -j KNOCKD -A GENERAL -p tcp -m comment -m tcp -m multiport -m state -m recent -i bridge0 --state NEW --dports 20,21,22,23,110,143 --set --name IN_THROTTLE --rsource and so forth. But when I reload the config file and do an iptables --list | grep bridge then I see nothing. I cannot discern what it is that I am doing wrong. Obviously there is something about bridge0 as an interface option that iptables does not like but it is not giving me any error message. What am I doing wrong and what is the correct way to accomplish this? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3