[CentOS] iptables drop on virtual host

Fri Apr 27 13:36:41 UTC 2012
Bob Hoffman <bob at bobhoffman.com>

Does this work?

adding DROP to iptables on the virtual host's iptables, before the phys 
bridge....will it prevent those ips from getting to the bridged part of 
iptables? Or would a different syntax be used?


-A INPUT -s 66.77.65.128/26 -j DROP
-I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT