[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Firewalling Xen?

To: "Thomas Goirand" <thomas@xxxxxxxxxx>
From: "Grant McWilliams" <grantmasterflash@xxxxxxxxx>
Date: Tue, 16 Dec 2008 09:53:09 -0800
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 16 Dec 2008 09:53:50 -0800
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=dGF8caIwqjGTZLY8n6jCLfxU488RufTbUR9o2M6YUmjks134sQWfQ7FC2XJ0LyrMvF rMv+D/3dU0bO0d6yHhCTSaoapFnKM7fgpFMjGAiRK6IrWTe1iXkulNiwxS0QKHl/D6Y8 udrmE0qCF0O6xQMTDFZNz9pQPYmDcoCkVPPJY=
List-id: Xen user discussion <xen-users.lists.xensource.com>

Grant McWilliams

Some people, when confronted with a problem, think "I know, I'll use Windows."
Now they have two problems.

On Tue, Dec 16, 2008 at 9:01 AM, Thomas Goirand <thomas@xxxxxxxxxx> wrote:

lists@xxxxxxxxxxxxx wrote:
> I'm wondering how to setup a firewall for Dom0 when all traffic for the DomUs go 'through' it.

Hi,

as we do commercial VPS hosting with xen and our own open source
management interface, we have designed a small anti-DoS firewall to
setup in your dom0. It does nothing spectacular, but it helps against
ssh dictionary attacks, and other very common flood types that might
hurt your server: ping, syn, etc.

http://git.gplhost.com/gitweb/?p=dtc-xen.git;a=blob;f=debian/dtc-xen.init;h=5e4df2e46e3a872a2d73ada77e24e8bb242f8b6b;hb=a75a32b23d6dde71dc684045b3c2e7051c30e6fa

I'd be happy to have contributions in this small script that is by the
way very simple to extend (just add few functions for yourself and
share, then anybody can enable/disable them with ease.

Thomas

Don't you mean this ;-)

http://git.gplhost.com/gitweb/?p=dtc-xen.git;a=blob;f=debian/dtc-xen-firewall.init;h=16139921d6efd6fc2e407f7d80b11fae97befdf9;hb=a75a32b23d6dde71dc684045b3c2e7051c30e6fa

A bit off topic but can dtc-xen control it's users in a way that you can assign an admin per VM? What I'm looking for is to have each student manage
his and only his domU.

Grant McWilliams

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] dtc-xen [was: Firewalling Xen?]
  - From: Thomas Goirand
- Re: [Xen-users] Firewalling Xen?
  - From: Stephen Liu

References:
- [Xen-users] Firewalling Xen?
  - From: lists
- Re: [Xen-users] Firewalling Xen?
  - From: Thomas Goirand

Prev by Date: Re: [Xen-users] Differences when using Xen with Debian Lenny and other distro [was: xen,debian lenny and hvm(winxp)]
Next by Date: Re: [Xen-users] Differences when using Xen with Debian Lenny and other distro
Previous by thread: Re: [Xen-users] Firewalling Xen?
Next by thread: Re: [Xen-users] Firewalling Xen?
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.