[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Dom 0 firewall

To: Ian Tobin <itobin@xxxxxxxxxxxxx>
From: Thaddeus Hogan <thaddeus@xxxxxxxxxx>
Date: Tue, 23 Jun 2009 20:19:59 -0500 (CDT)
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 23 Jun 2009 18:21:05 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

----- "Ian Tobin" <itobin@xxxxxxxxxxxxx> wrote:

> Ive built a new server using xen debian lenny packages. Im trying to
> firewall dom 0 which i can do ok but it then blocks access to the dom
> Us. Has anyone managed to do this successfully?

Are you trying to restrict access to the Dom0 using iptables?

According to this page (http://wiki.xensource.com/xenwiki/XenNetworking) at the 
Xen Wiki, packets crossing the bridge interface into a vif pass through the 
FORWARD chain of iptables.  If this chain has a default policy of DROP or 
REJECT, then packets passing through the bridge to the DomUs will be impeded.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- RE: [Xen-users] Dom 0 firewall
  - From: Ian Tobin

Prev by Date: RE: [Xen-users] GPLPV 0.10.0.69 Blue Screen 0x0000007B
Next by Date: Re: [Xen-users] network usage gathering
Previous by thread: Re: [Xen-users] Dom 0 firewall
Next by thread: RE: [Xen-users] Dom 0 firewall
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.