On Thu, Oct 19, 2006 at 10:28:23AM +0200, Tomas Fasth wrote:
> Alexander Kabanov wrote:
> > let me rephrase you question - do you want an isolated localhost IP
> > address for each guest? Why would you need this?
>
> To Minimize exposure by binding local services to a local interface?
you can do the same with iptables and moreover you can
use any private ip and put it on lo or dummy0 and it
will serve the same purpose ...
> Local interface is a simple and automatic security feature.
> Yes, you can block public access with packet filtering,
> but that will add complexity and can not be enabled by default.
>
> Common examples of services which use local interface in their
> default configuration: MySQL and Postfix.
this will be addressed in the near future ...
best,
Herbert
> Regards, Tomas
>
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Thu Oct 19 16:05:40 2006