Xen project Mailing List

Re: [Xen-users] XEN 4.0.1 bridged network - antispoof Option does not work

To: Xen List <xen-users@xxxxxxxxxxxxxxxxxxx>

Date: Mon, 15 Nov 2010 14:07:04 +0100

Delivery-date: Mon, 15 Nov 2010 05:08:22 -0800

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=G7b11obsnIsjypmE9ZA0vAwsyPh6pL1t9ROQEjogmUjBCGayocahVGtvZhUfVUypz9 EEO3hbl3f9qufj5d4dpO6YVdMTz1siYfEiizlp5X2rGcEA6b16XNDxulFUYWFOj7/J8m OKM5TzhtUu6obtyY5E3sbqMofAS5TmpLp4UBs=

List-id: Xen user discussion <xen-users.lists.xensource.com>

Same behaviour here - antispoof not working in 4.0.1 Br Peter 2010/11/3 Giovanni Bellac <giovannib1979@xxxxxxxxx>: > Hello > > with XEN 3.4.x antispoof=yes works on a bridge setup. > I am using this line in xend-config.sxp > (network-script 'network-bridge antispoof=yes') > > It creates this under IPTABLES FORWARD chain: > ACCEPT all -- anywhere anywhere PHYSDEV match > --physdev-in peth0 > > > Under XEN 4.0.1 it is not working, it does not create a IPTABLES rule. > Customers can "steal" IP addresses. > There is a part in the network-bridge script of XEN 4.0.1 about anitspoof. > But I think that above line in xend-config.sxp is not working anymore with > XEN 4.0.1. > > setup: > Debian 5.0 > XEN 3.4.3 self compiled (2.6.18.x) > XEN 4.0.1 self compiled (2.6.32.x) > > Regards > Giovanni > > > _______________________________________________ > Xen-users mailing list > Xen-users@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-users > _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.