설치된 VM끼리 서로 통신을 하면 안되기에 iptable에서 해당 NIC끼리는 output 필터링을 걸어놓았는데
막상 돌아가는 걸보면 서로 통신이 잘 됩니다.
어떻게 해야 vm끼리 통신을 막을수 있을까요.
m38-z1:~ # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif7.0
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED PHYSDEV match --physdev-out vif7.0
chain-vif7.0 all -- anywhere anywhere PHYSDEV match --physdev-out vif7.0
ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif11.0
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED PHYSDEV match --physdev-out vif11.0
chain-vif11.0 all -- anywhere anywhere PHYSDEV match --physdev-out vif11.0
ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif12.0
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED PHYSDEV match --physdev-out vif12.0
chain-vif12.0 all -- anywhere anywhere PHYSDEV match --physdev-out vif12.0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain chain-vif11.0 (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere source IP range 1.1.1.1-1.1.1.1 tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere source IP range 3.3.3.3-3.3.3.3 tcp dpt:ntp
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc
DROP all -- anywhere anywhere
Chain chain-vif12.0 (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere source IP range 1.1.1.1-1.1.1.1 tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere source IP range 3.3.3.3-3.3.3.3 tcp dpt:ntp
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc
DROP all -- anywhere anywhere
Chain chain-vif7.0 (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere source IP range 1.1.1.1-1.1.1.1 tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere source IP range 3.3.3.3-3.3.3.3 tcp dpt:ntp
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc
DROP all -- anywhere anywhere
현재 iptables의 세팅입니다.
여기서 어떻게 바꿔야 가능할까요?
´õ ÀÚ¼¼ÇÏ°Ô ÇÊÅ͸µÇϽ÷Á¸é °°Àº³×Æ®¿÷¿¡ µÎ°í iptables¿¡¼ ÇϽðųª ¹æȺ®¼¹ö¸¦ Çϳª µû·Î ¸¸µå¼Å¼ »ç¿ëÇϽô°͵µ ÁÁÀ»µíÇÕ´Ï´Ù.