ConfigServer Community Forum

Hi,
I have an ubuntu 12.04 kvm host/guest bridged network environment.
The host machine has a bridged interface br0 having ip A.
The guest vm machine uses the br0 interface having ip B.

CSF is working on both interfaces. FYI, for those wondering how to not break the bridge when using CSF on the host machine, create a /etc/csf/csfpost dot sh:
iptables -A FORWARD -i br0 -o br0 -j ACCEPT

Is it redundant to run CSF on the host AND the guest? Can I just run CSF on the host bridge interface only - will that effectively protect the guest vm using ip B?

I used this advice and it worked well for me until csf updated itself without my shell environment.

After that, my defined rules in csfpost.sh were not present in the reloaded iptables-rules. To ensure that self defined rules are present even after automated restart, dont forget to use absolute pathes in your csfpre.sh and csfpost.sh scripts.

Greetz

pluggi

p.s
CSF rocks

Did you find a way to ONLY protect the host? I left the NIC blank and disabled port 22 for ssh to test. I could still get to the host AND the guests. When I put the physical NIC in there (p1p1) it killed all access to the host but the guests still worked. I then tried bonding it to the br0 only (i didn't want to mess with br1 for the the lan) and saw no change at all. Did you find anything close to this?