13,420
edits
Changes
no edit summary
# Insert a rule to the '''beginning of your MYICMP chain''' that denies '''ICMP pings''' originating with IP address of your partner's machine.
# Issue '''iptables -L -v''' to view your firewall rules for your newly-created chains.
# Have your partner attempt to connect to your machine using the external facing address to ensure your rules are working.<br />They should not be able to connect, and the counters in iptables should show that packets are being caught in your MYICMP and MYSSH chains. <br><br>'''NOTE:''' Your system logs (such as: '''/var/log/messages''' or in the case (using a customized chains) the command: '''journalctl --dmesg | grep MYSSH''' should also show their failed attempts to '''ssh ''' to you with your '''customized''' message.
# When you are confident the rules are working, save them by running <source lang='bash'>iptables-save > /etc/sysconfig/iptables</source><br />Note that this should not include the rules from the virtual network. They will always be added automatically when libvirtd starts.
# Now start libvirtd again, and test that your firewall still allows the VMs to connect to the host and each other (ping and ssh). Do not continue until it works.
