[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Dom 0 firewall


  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: Thomas Goirand <thomas@xxxxxxxxxx>
  • Date: Thu, 25 Jun 2009 08:34:49 +0800
  • Delivery-date: Wed, 24 Jun 2009 17:35:41 -0700
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Openpgp: id=98EF9A49

Ian Tobin wrote:
> Yes im trying to restrict traffic to Dom 0.
> 
> Im not quite sure what policy to set, I did have one setup before when i used 
> the source version of Xen but deb version is causing problems when I apply 
> the firewall script.
> 
> Do you have a default  one you use?
> 
> Thanks
> 
> Ian

Hi,

As I always say, the firewall goal is not always to block / reject.
Here's our rate limiting script:

http://git.gplhost.com/gitweb/?p=dtc-xen.git;a=blob;f=debian/dtc-xen-firewall.init;h=49a644e010fcf532ef845e11348dffc316d966f5;hb=c15d392e6d4760c7c01df17941e0fec2c898010d

It works with the following config file:

http://git.gplhost.com/gitweb/?p=dtc-xen.git;a=blob;f=etc/dtc-xen/dtc-xen-firewall-config;h=1d58eb0f84636df8d85d5ec73b8d0bdb39922ef1;hb=c15d392e6d4760c7c01df17941e0fec2c898010d

If others have some ideas to implement in this general purpose anti-DoS
firewall script, I'd be VERY happy to have contributions.

Thomas

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.