title: Typical firewall rules
All vservers are installed on the 192.168.3.0/24 network, on the loopback interface
First, we allow a vserver to talk to itself (one rule per IP)
  -for ((i=1; i<254; i++))
  -do
    -&nbsp;&nbsp; iptables -A INPUT -s 192.168.3.$i  -d 192.168.3.$i -j ACCEPT
  -done
Then we block everything else
  -iptables -A INPUT -s 192.168.3.0/24  -d 192.168.3.0/24 -j DROP
Since the vservers are on the loopback interface
  -They are invisible on the network
  -Only reachable using blackhole
We trap outside connections
  -Horizon must listen on 127.0.0.1, port 80
  -iptables -t nat -A OUTPUT -s 192.168.3.0/24 -p tcp -j REDIRECT --to-port 80