Difference between revisions of "Iptables"
From Linux-VServer
(intro) |
(+ Category:Documentation, wiki) |
||
| Line 3: | Line 3: | ||
These pages inventarise the efforts of realisation. | These pages inventarise the efforts of realisation. | ||
| − | [[Iptables Consolidate requirements]] | + | * [[Iptables Consolidate requirements]] |
| − | [[Iptables Collect previous work]] | + | * [[Iptables Collect previous work]] |
| − | [[Iptables Demonstrate workability]] | + | * [[Iptables Demonstrate workability]] |
| − | [[Iptables Implementation]] | + | * [[Iptables Implementation]] |
online contact: irc.oftc.net, #vserver-iptables | online contact: irc.oftc.net, #vserver-iptables | ||
| + | |||
| + | [[Category:Documentation]] | ||
Revision as of 20:37, 21 October 2011
Problem: The network packet filter, as implemented into Linux kernel, does not provide a concept of "personalties" which allow subsetting a rule set per vserver guest. But by providing guest specific chains, used to direct network packets with source or destination of a given guest, and introducing a mechanism to allow guest to update exclusively this guest specific chain, the outcome is rather similar.
These pages inventarise the efforts of realisation.
- Iptables Consolidate requirements
- Iptables Collect previous work
- Iptables Demonstrate workability
- Iptables Implementation
online contact: irc.oftc.net, #vserver-iptables
