[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Anti-IP-spoofing blocks the wrong packets



With xen-unstable from 20050207, the anti-IP-spoofing measure does not work. It blocks packets from domU from leaving the host. This is because
the following iptable was set up by the script on dom0:

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in eth0 ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in eth0

(it is in there twice because I had the rule saved from last time, and the script doesn't detect duplicate rules.)

Running:

 iptables -P FORWARD ACCEPT

solved the problem.

--
Robin


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.