|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [adrian@xxxxxxxxxxxxxxx: [Xen-users] vif-common.sh, antispoof and multiple ips w/ ip=]
Hiya,
I didn't get any replies to this on the xen-users list; I thought I'd
try my luck here.
Thanks,
----- Forwarded message from Adrian Chadd <adrian@xxxxxxxxxxxxxxx> -----
hiya,
I'm running Xen w/ bridges and antispoof. I found this in vif-common.sh:
if [ "$ip" != "" ]
then
local addr
for addr in "$ip"
do
frob_iptable -s "$addr"
done
# Always allow the domain to talk to a DHCP server.
frob_iptable -p udp --sport 68 --dport 67
else
# No IP addresses have been specified, so allow anything.
frob_iptable
fi
This works fine for one IP in the vif config but I can't figure out how to coax
it into >1 IP like the for addr loop suggests. It always treats "$ip" as one
entry and passes $addr as the whole IP string, not each IP.
Here's an example:
vif = [ 'bridge=xenbr0,ip=a.b.c.25 a.b.c.26 a.b.c.27 a.b.c.28' ]
If I remove the ""'s around $ip then addr is passed individual IPs from that
list
and iptables is setup appropriately.
Is this the correct solution?
Thanks,
Adrian
----- End forwarded message -----
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |