Hey Julian,
I'm not sure if I get your question right but it sounds like
iptables -A FORWARD -d 192.168.1.4 -o vif1.0 -p tcp -m conntrack --ctstate NEW
-j DROP
Have you checked this out?
Greetz
Arnd-Hendrik
Julian Hagenauer wrote:
Hi,
this may be a simple Question.
I have a xen-domain which is acting as a server.
For some experiments i want, that every attempt to connect to a services on this server is blocked, but none of the existing connections is affected.
So, the ip of the server is 192.168.1.4 and the interface on dom0 is vif1.0. Dom0 acts as a arpproxy.
Would 'iptables -A FORWARD -d 192.168.1.4 -o vif1.0 -p tcp --syn -j DROP'
enough?
Its crucial for me, so i have to be sure that the syntax is correct.
Thanks,
Julian
|