[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] XCP - untrusted domUs?

To: "Xen User-List" <xen-users@xxxxxxxxxxxxxxxxxxx>
From: "Matthew Law" <matt@xxxxxxxxxxxxxxxxxx>
Date: Mon, 22 Feb 2010 12:32:44 -0000
Delivery-date: Mon, 22 Feb 2010 04:33:50 -0800
Importance: Normal
List-id: Xen user discussion <xen-users.lists.xensource.com>

Our ongoing experiments with XCP have been encouraging - still struggling
with debian Lenny install and my question from last week didn't get
answered -hint, hint! ;-)

Anyway, does XCP have any native support for iptables and ebtables rules?
- what I mean is, we currently use Xen 3.4.2 on CentOS and roll our own
iptables and ebtables rules to prevent IP spoofing and also _try_ and
prevent DHCP requests being answered by DHCP servers other than our own.

This has an overhead in that every time install and upgrade a dom0 we have
to also clone the config and associated dependencies.  It would be really
cool if this kind of thing 'just worked'.  It would be even cooler if it
was configurable in the domU config file.  For us this kind of thing is
very important when hosting untrusted domUs.  We also prefer pvgrub
aswell, but that wouldn't be a deal breaker.

Does XCP support anything like this? - I know it is basically CentOS, so
in theory one could roll their own config, but that would take away
somewhat from the simplicity of it all.

Thanks,

Matt


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] XCP - untrusted domUs?
  - From: Pasi Kärkkäinen

Prev by Date: R: [Xen-users] Multiple bridges in RHEL 5.3
Next by Date: Re: [Xen-users] 2.6.31.10 and bnx2
Previous by thread: [Xen-users] Xen 4.0 RC4 Error on Compile
Next by thread: Re: [Xen-users] XCP - untrusted domUs?
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.