[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [adrian@xxxxxxxxxxxxxxx: [Xen-users] vif-common.sh, antispoof and multiple ips w/ ip=]



Hiya,

I didn't get any replies to this on the xen-users list; I thought I'd
try my luck here.


Thanks,

----- Forwarded message from Adrian Chadd <adrian@xxxxxxxxxxxxxxx> -----

hiya,

I'm running Xen w/ bridges and antispoof. I found this in vif-common.sh:

  if [ "$ip" != "" ]
  then
      local addr
      for addr in "$ip"
      do
        frob_iptable -s "$addr"
      done

      # Always allow the domain to talk to a DHCP server.
      frob_iptable -p udp --sport 68 --dport 67
  else
      # No IP addresses have been specified, so allow anything.
      frob_iptable
  fi

This works fine for one IP in the vif config but I can't figure out how to coax
it into >1 IP like the for addr loop suggests. It always treats "$ip" as one
entry and passes $addr as the whole IP string, not each IP.

Here's an example:

vif = [ 'bridge=xenbr0,ip=a.b.c.25 a.b.c.26 a.b.c.27 a.b.c.28' ]

If I remove the ""'s around $ip then addr is passed individual IPs from that 
list
and iptables is setup appropriately.

Is this the correct solution?

Thanks,



Adrian

----- End forwarded message -----

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.