[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] Automatically provisioning IP addresses on a new VM

  • To: "George Shuklin" <george.shuklin@xxxxxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
  • From: "James Harper" <james.harper@xxxxxxxxxxxxxxxx>
  • Date: Sun, 21 Nov 2010 10:22:34 +1100
  • Cc:
  • Delivery-date: Sat, 20 Nov 2010 15:23:58 -0800
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Thread-index: AcuJB8UOKlct///eTuaMBzn9BU2jYAAAdfOg
  • Thread-topic: [Xen-users] Automatically provisioning IP addresses on a new VM
> 
> Ð ÐÐÑ, 20/11/2010 Ð 10:41 -0500, Javier Guerra Giraldez ÐÐÑÐÑ:
> > On Sat, Nov 20, 2010 at 9:26 AM, Andrew White <admin@xxxxxxxxxxxxxxx> wrote:
> > > Would you be able to elaborate on dom0 anti-spoofing?
> >
> > simply add a netfilter rule to allow only packets with the intended IP
> > source coming from the vif
> 
> And, migration? And reboot?
> 
> I think, creating correct VM tracking system is not so easy as sound...
> 

You'd script it in the vif scripts, which I think is already done for MAC 
address spoofing.

Even if you decided on some other method than DHCP, your DomU's are still 
untrusted so you still need to restrict at the vif level.

James

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.