[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] firewalls and Xen
On Feb 14, 2006, at 10:27 AM, Daniel Goertzen wrote: I'm not sure if it makes sense to include peth0 and vif0.0 in your rules, as you mucking around with interfaces that are in the same bridge. Isn't this what the bridge interface filtering tools are for? If I can just figure out when packets go through each interface, I should be able to do it (see IPTables or Firehol's physin/physout commands). If you're just trying to firewall dom0 you should do something like: I need to do more than that, however. Blocking traffic to the domU: Think of the domU as sitting on the same lan that dom0's eth0 is connected to. Add rules to block traffic from domU's IP address. If you *really* want to filter by interface, you might want to think about using xen's routed configuration instead of the bridged config. I'd really rather not introduce that complication, since all I need to figure out is which virtual interfaces these types of packets go from/to. Plus, I'd really like to understand the packet flow through Xen's dom0 and domUs Thanks -- Luke _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |