[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] vif-common.sh, antispoof and multiple ips w/ ip=

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: Adrian Chadd <adrian@xxxxxxxxxxxxxxx>
Date: Mon, 20 Nov 2006 13:58:03 +0800
Delivery-date: Sun, 19 Nov 2006 21:53:04 -0800
List-id: Xen user discussion <xen-users.lists.xensource.com>

hiya,

I'm running Xen w/ bridges and antispoof. I found this in vif-common.sh:

  if [ "$ip" != "" ]
  then
      local addr
      for addr in "$ip"
      do
        frob_iptable -s "$addr"
      done

      # Always allow the domain to talk to a DHCP server.
      frob_iptable -p udp --sport 68 --dport 67
  else
      # No IP addresses have been specified, so allow anything.
      frob_iptable
  fi

This works fine for one IP in the vif config but I can't figure out how to coax
it into >1 IP like the for addr loop suggests. It always treats "$ip" as one
entry and passes $addr as the whole IP string, not each IP.

Here's an example:

vif = [ 'bridge=xenbr0,ip=a.b.c.25 a.b.c.26 a.b.c.27 a.b.c.28' ]

If I remove the ""'s around $ip then addr is passed individual IPs from that 
list
and iptables is setup appropriately.

Is this the correct solution?

Thanks,



Adrian



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Prev by Date: [Xen-users] xen kernel panic
Next by Date: [Xen-users] newbie question: real IPs
Previous by thread: [Xen-users] Xen AMD mobo suggestions
Next by thread: [Xen-users] newbie question: real IPs
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.