On 4/27/2012 9:36 AM, Bob Hoffman wrote: > Does this work? > > adding DROP to iptables on the virtual host's iptables, before the phys > bridge....will it prevent those ips from getting to the bridged part of > iptables? Or would a different syntax be used? > > > -A INPUT -s 66.77.65.128/26 -j DROP > -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT > -A INPUT -j REJECT --reject-with icmp-host-prohibited > -A FORWARD -j REJECT --reject-with icmp-host-prohibited > COMMIT > > > would something like this work -A PREROUTING -s 66.77.65.128/26 -j DROP or would my server die upon testing it...lol