[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] xen-unstable networking

> That seems to work fine: this rule gives domain 1 access to the vpn, 
> and with a NAT rule in domain 0, access to the Internet:
> 
> ADD ACCEPT srcaddr=192.168.101.1 srcaddrmask=255.255.255.255 dst=ANY 
> srcdom=1 srcidx=0 dstdom=0 dstidx=0 proto=any
> 
> Is there a way to see what the VFR rules currently are? /proc/xen/vfr 
> can be read but returns nothing. Also, is there any way to flush the 
> VFR rules?

You can delete a rule by echoing a DELETE command to
/proc/xen/vfr. e.g., to delete the rule you give as an example above,
you would send the following to /proc/xen/vfr:

DELETE ACCEPT srcaddr=192.168.101.1 srcaddrmask=255.255.255.255 dst=ANY 
srcdom=1 srcidx=0 dstdom=0 dstidx=0 proto=any

Deletion doesn't get much testing -- hopefully it won;t wedge the
machine. :-)

To print the VFR rules, 'echo PRINT >/proc/xen/vfr'. This prints the
rule list in a hideous format onto Xen's emergency console(!). We
ought to have a better 'get rules' interface really, but teh VFR will
go away with teh new IO world in a short while.

 -- Keir


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.