[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] Dom 0 firewall

  • To: "Thaddeus Hogan" <thaddeus@xxxxxxxxxx>
  • From: "Ian Tobin" <itobin@xxxxxxxxxxxxx>
  • Date: Wed, 24 Jun 2009 09:08:03 +0100
  • Cc: xen-users@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Wed, 24 Jun 2009 01:08:47 -0700
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Thread-index: Acn0aeiEHSwzGz57R+iHtMTCBmz7XQAOMGzQ
  • Thread-topic: [Xen-users] Dom 0 firewall

Yes im trying to restrict traffic to Dom 0.

Im not quite sure what policy to set, I did have one setup before when i used 
the source version of Xen but deb version is causing problems when I apply the 
firewall script.

Do you have a default  one you use?



-----Original Message-----
From: Thaddeus Hogan [mailto:thaddeus@xxxxxxxxxx] 
Sent: 24 June 2009 02:20
To: Ian Tobin
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Dom 0 firewall

----- "Ian Tobin" <itobin@xxxxxxxxxxxxx> wrote:

> Ive built a new server using xen debian lenny packages. Im trying to
> firewall dom 0 which i can do ok but it then blocks access to the dom
> Us. Has anyone managed to do this successfully?

Are you trying to restrict access to the Dom0 using iptables?

According to this page (http://wiki.xensource.com/xenwiki/XenNetworking) at the 
Xen Wiki, packets crossing the bridge interface into a vif pass through the 
FORWARD chain of iptables.  If this chain has a default policy of DROP or 
REJECT, then packets passing through the bridge to the DomUs will be impeded.

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.