vogan enforces the rules as set out in the configuration file by manipulating the local firewall to “reject” matching traffic. For example:
root@server:~/# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. From 10.0.0.153 icmp_seq=1 Destination Port Unreachable ping: sendmsg: Operation not permitted From 10.0.0.153 icmp_seq=2 Destination Port Unreachable ping: sendmsg: Operation not permitted