[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] XEN 4.0.1 bridged network - antispoof Option does not work

  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: Giovanni Bellac <giovannib1979@xxxxxxxxx>
  • Date: Wed, 3 Nov 2010 10:42:37 +0000 (GMT)
  • Delivery-date: Wed, 03 Nov 2010 03:43:58 -0700
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=ymail.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=jwXZyyv5wvtDz8/sNRhjGNjHXPMJUVzKLCFOStCyKOgLRmEFVHTPs5cP1oAgrIsL6RDwYpZkpgK+obuTNofjIQ/5cUjqGMqeX+4RCMVr9GfTHqLFT5fH2pjVEc4a6hcGplN7rjQYQt6WwUMPdUlnUYUUfpqU0A3DFMpetpbOVsY=;
  • List-id: Xen user discussion <xen-users.lists.xensource.com>


with XEN 3.4.x antispoof=yes works on a bridge setup.
I am using this line in xend-config.sxp
(network-script 'network-bridge antispoof=yes')

It creates this under IPTABLES FORWARD chain:
ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-in peth0

Under XEN 4.0.1 it is not working, it does not create a IPTABLES rule. Customers can "steal" IP addresses.
There is a part in the network-bridge script of XEN 4.0.1 about anitspoof. But I think that above line in xend-config.sxp is not working anymore with XEN 4.0.1.

Debian 5.0
XEN 3.4.3 self compiled (2.6.18.x)
XEN 4.0.1 self compiled (2.6.32.x)


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.