Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a server running debian connected to LAN using eth0 port. On the same system I also have two virtual machines running on KVM. These two virtual machines use bridge networking with eth0. Now if under debian I filter out/drop certain packets via iptables those packets will be dropped for debian only, or debian and both kvm's?
Question is, because I have ssh on debian, and www + mail on KVM, and would like to block certain IPs. I am wondering if it's enough to use iptables, or I have to use different "ban" facilities on different OSes in order to "ban" somebody from all services.
iptables on the host will is *able* to affect all traffic going through that box, including all the VM's. If you just make your rules more specific, e.g. include the destination IP / interface of the SSH requests, rather than just port 22, then it's fairly trivial to block traffic to certain machines, including the underlying kvm host itself.
Thank you very much! So assuming that on host I have opened port 22 (SSH), and on guest 80 (WWW), if I issue something like this (where x.x.x.x is "bad" pedrson's IP):
Code:
iptables -A INPUT -s x.x.x.x -j DROP
then machine/net from IP x.x.x.x will not be able to use BOTH, SSH and WWW. Is that correct?
how iptables is configured affects a lot about how this hangs together. With a bridge interface, you'd be using the FORWARD chain to filter traffic to the guests, and INPUT / OUTPUT for the host. But RHEL and similar systems tend to redirect them all to a dedicated chain, so it depends oh the layout methodology really.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.