[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Dom 0 firewall

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: Thomas Goirand <thomas@xxxxxxxxxx>
Date: Thu, 25 Jun 2009 08:34:49 +0800
Delivery-date: Wed, 24 Jun 2009 17:35:41 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>
Openpgp: id=98EF9A49

Ian Tobin wrote:
> Yes im trying to restrict traffic to Dom 0.
> 
> Im not quite sure what policy to set, I did have one setup before when i used 
> the source version of Xen but deb version is causing problems when I apply 
> the firewall script.
> 
> Do you have a default  one you use?
> 
> Thanks
> 
> Ian

Hi,

As I always say, the firewall goal is not always to block / reject.
Here's our rate limiting script:

http://git.gplhost.com/gitweb/?p=dtc-xen.git;a=blob;f=debian/dtc-xen-firewall.init;h=49a644e010fcf532ef845e11348dffc316d966f5;hb=c15d392e6d4760c7c01df17941e0fec2c898010d

It works with the following config file:

http://git.gplhost.com/gitweb/?p=dtc-xen.git;a=blob;f=etc/dtc-xen/dtc-xen-firewall-config;h=1d58eb0f84636df8d85d5ec73b8d0bdb39922ef1;hb=c15d392e6d4760c7c01df17941e0fec2c898010d

If others have some ideas to implement in this general purpose anti-DoS
firewall script, I'd be VERY happy to have contributions.

Thomas

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] Dom 0 firewall
  - From: Brad Plant

References:
- Re: [Xen-users] Dom 0 firewall
  - From: Thaddeus Hogan
- RE: [Xen-users] Dom 0 firewall
  - From: Ian Tobin

Prev by Date: [Xen-users] disk image reporting as acb archive data
Next by Date: Re: [Xen-users] Dom 0 firewall
Previous by thread: RE: [Xen-users] Dom 0 firewall
Next by thread: Re: [Xen-users] Dom 0 firewall
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.