[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] LXR-type source code browsing


  • To: "Shane Geiger" <sgeiger@xxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxxx>
  • From: "Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx>
  • Date: Tue, 18 Jan 2005 20:26:53 -0000
  • Delivery-date: Tue, 18 Jan 2005 22:01:47 +0000
  • List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
  • Thread-index: AcT9mCwWmWW7749FRbunbFnzy6NakgAA3+Mg
  • Thread-topic: [Xen-devel] LXR-type source code browsing

> Would it perhaps be even better to run snort in an 
> unprivileged domain, using
> iptables to feed traffic to that domain?

Sure, this could be done, but it would be most efficient to run it in
whichever domain has the bridge. The tools currently don't make it easy
to setup drivers in other domains. 

> Incidentally, why isn't iptables support built into the 
> default xen/linux kernels?
> iptables seems a natural fit with a project that can do so 
> much for system security.

iptables is built as a module in the default 2.6 xen0 config.

Ian


-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.