[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] tools: dom0 iptables rule ordering change

To: xen-devel@xxxxxxxxxxxxxxxxxxx
From: Chris <hap10@xxxxxxxxxxxxxx>
Date: Fri, 10 Apr 2009 10:41:11 -0400
Delivery-date: Fri, 10 Apr 2009 07:41:38 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

This patch makes two small changes to dom0 iptables rules that permit(and revoke) domU network access.


First:

Currently, a rule intended to allow domU network access is appended tothe end of the FORWARD chain, where it can be preempted by otherrules. This patch causes the rule to be inserted at the top, whereit's more likely to have the intended effect.


Second:

In some cases (e.g. Fedora 9's default iptables configuration), thefirst rule alone is insufficient to permit two-way packet flow. Thispatch adds a second rule to the FORWARD chain that permits replies todomU network requests to reach the domU vif.


Signed-off-by: Chris Bookholt <hap10@xxxxxxxxxxxxxx>

Attachment: vif-common.patch
Description: Binary data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Prev by Date: [Xen-devel][PATCH][XSM] missing entries to xsm_fixup_ops
Next by Date: Re: [Xen-devel] [RFC] Scheduler work, part 1: High-level goals and interface.
Previous by thread: [Xen-devel][PATCH][XSM] missing entries to xsm_fixup_ops
Next by thread: [Xen-devel] VT-D error related to intel IGD on Asus P5Q-EM DO (Q45 chipset)
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.