[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] If Dom0 was compramised

well, something like that ?

iptables -I INPUT -p tcp --dport 22 -j ACCEPT
iptables -P INPUT -j DROP
iptables -I OUTPUT -p tcp --sport 22 -j ACCEPT
iptables -P OUTPUT -j DROP

Le 20/05/2010 13:29, Ian Tobin a écrit :

Ok I see.

Do you have a sample script that blocks all traffic other than ssh and
pings? Or a similar script?

Ian


-----Original Message-----
From: Fajar A. Nugraha [mailto:fajar@xxxxxxxxx]
Sent: 20 May 2010 11:23
To: Ian Tobin
Cc: Xen User-List
Subject: Re: [Xen-users] If Dom0 was compramised

On Thu, May 20, 2010 at 5:13 PM, Ian Tobin<itobin@xxxxxxxxxxxxx>  wrote:

Yes im using bridged.

Odd, so you can create any ip tables rules and it should not affect
domUs?

A more accurate term would be it could be setup to only affect dom0
and routed traffic, not bridged traffic.



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.