[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] If Dom0 was compramised

To: Ian Tobin <itobin@xxxxxxxxxxxxx>
From: "Fajar A. Nugraha" <fajar@xxxxxxxxx>
Date: Thu, 20 May 2010 17:11:19 +0700
Cc: Xen User-List <xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 20 May 2010 03:12:09 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

On Thu, May 20, 2010 at 5:06 PM, Ian Tobin <itobin@xxxxxxxxxxxxx> wrote:
> Curious, what would be the best way to secure the Dom0.
>
> Ive tried iptables before but then prevented access to the DomUs.

Depends on your setup. If you use bridge networking, and
/proc/sys/net/bridge/bridge-nf-call-iptables is 0 (which is 1 by
default), domU traffic should be unaffected by dom0's iptables.

-- 
Fajar

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- RE: [Xen-users] If Dom0 was compramised
  - From: Ian Tobin

References:
- [Xen-users] If Dom0 was compramised
  - From: Jonathan Tripathy
- Re: [Xen-users] If Dom0 was compramised
  - From: Fajar A. Nugraha
- RE: [Xen-users] If Dom0 was compramised
  - From: Ian Tobin

Prev by Date: Re: [Xen-users] If Dom0 was compramised
Next by Date: RE: [Xen-users] If Dom0 was compramised
Previous by thread: RE: [Xen-users] If Dom0 was compramised
Next by thread: RE: [Xen-users] If Dom0 was compramised
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.