Security RFE

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Security RFE
From: "Brett Johnson" <mlipvs@xxxxxxx>
Date: Wed, 19 Dec 2001 18:02:04 -0600
It doesn't look like this ML got my response I did a few days here
is a portion of it about firewalling LVS.
This would be a really good security option to add that would hopefully be

How hard would it be to tell LVS to just drop everything it doesn't have an
entry for in the ipvs table???

An example would be:  I alias an IP address for the intent of LVS usage.
Perhaps make it an option (that I can turn off or on) to say that anything
that doesn't show up in the "ipvsadm -Ln" table gets dropped for that
aliased IP only.  From a security stand point this would be really great as
rules can be easily written for the real IP that wont get any LVS entries

Implementation wise, I think it could probably look something like
ipvsadm -P <IPaddr> DROP


Thx / B++ / K90, Inc.

<Prev in Thread] Current Thread [Next in Thread>