Restrict ssh local network discovery
I'm about to start on a project in a hosting environment, mostly developing the front end application for clients to setup their hosts. Anyway, i'm getting familiar with ispconfig 3 on a Centos 5.5 server, i've been tearing through the manual and other rhel manuals.
I'm not sure if this is something I should be doing on the OS itself or in ispconfig, but when I create a 'test' client and ssh (using jailkit) into their environment, using the ssh client inside the jail, i'm able to connect to other machines on the LAN. This is an issue where a client could pivot attacks into the internal network, or at the least, the host of the ispconfig machine.
Should I be mitigating this with firewall rules inside ispconfig? Any help would be appreciated, i'm trying to learn as much as possible about the hosting environment before designing an application around it.