diff -r 7fa00b26a995 tools/examples/network-route
--- a/tools/examples/network-route      Fri Aug 12 13:48:47 2005
+++ b/tools/examples/network-route      Wed Sep  7 09:51:51 2005
@@ -17,3 +17,4 @@
 #============================================================================
 
 echo 1 >/proc/sys/net/ipv4/ip_forward
+echo 1 >/proc/sys/net/ipv4/conf/eth0/proxy_arp
diff -r 7fa00b26a995 tools/examples/vif-route
--- a/tools/examples/vif-route  Fri Aug 12 13:48:47 2005
+++ b/tools/examples/vif-route  Wed Sep  7 09:51:51 2005
@@ -19,12 +19,31 @@
 # vif     vif interface name (required).
 # mac     vif MAC address (required).
 # ip      list of IP networks for the vif, space-separated (optional).
+#
+# Dom0 kernel options:
+#
+#     CONFIG_IP_ADVANCED_ROUTER=y
+#     CONFIG_IP_MULTIPLE_TABLES=y
+#     CONFIG_IP_NF_IPTABLES=y
+#     CONFIG_IP_NF_MATCH_IPRANGE=y
+#     CONFIG_IP_NF_MATCH_MAC=y
+#     CONFIG_IP_NF_FILTER=y
+#
+# DomU config examples:
+#
+#     vif = [ 'ip=192.168.0.16, vif=vif1.0' ]
+#     vif = [ 'ip=192.168.0.16 192.168.0.17' ]  # multiple IP's
+#     vif = [ 'ip=192.168.0.16/31' ]            # using netmask
+#
 #============================================================================
 
 # Exit if anything goes wrong
 set -e 
 
 echo "vif-route $*"
+
+# Network device connected to the Internet
+wan='eth0'
 
 # Operation name.
 OP=$1
@@ -41,12 +60,12 @@
 # Optional parameters. Set defaults.
 ip=${ip:-''}   # default to null (do nothing)
 
-main_ip=`ifconfig eth0 | grep "inet addr:" | sed -e 's/.*inet addr:\(\w\w*\.\w\w*\.\w\w*\.\w\w*\).*/\1/'`
+main_ip=`ifconfig ${wan} | grep "inet addr:" | sed -e 's/.*inet addr:\(\w\w*\.\w\w*\.\w\w*\.\w\w*\).*/\1/'`
 
 # Are we going up or down?
 case $OP in
     up)
-        ifconfig ${vif} 169.254.1.0 netmask 255.255.255.255 up
+        ifconfig ${vif} 10.255.255.1 netmask 255.255.255.255 up
         echo 1 >/proc/sys/net/ipv4/conf/${vif}/proxy_arp
         iptcmd='-A'
         ipcmd='a'
@@ -63,14 +82,16 @@
         ;;
 esac
 
-if [ ${ip} ] ; then
+# Packet filtering
+match_mac="-m mac --mac-source ${mac}"
+if [ "${ip}" ] ; then
 
-    # If we've been given a list of IP networks, allow pkts with these src addrs.
-    for addr in ${ip} ; do
-      ip r ${ipcmd} ${addr} dev ${vif} src ${main_ip}
-#      iptables ${iptcmd} FORWARD -m physdev --physdev-in ${vif} -s ${addr} -j ACCEPT
-    done 
+    # Forward only packets with source IP's matching domain's IP's
+    for addr in `echo ${ip}` ; do
+        ( ip r ${ipcmd} ${addr} dev ${vif} &>/dev/null )
+        iptables ${iptcmd} FORWARD ${match_mac} -s ${addr} -j ACCEPT
+    done
 
-    # Always allow us to talk to a DHCP server anyhow.
-#    iptables ${iptcmd} FORWARD -m physdev --physdev-in ${vif} -p udp --sport 68 --dport 67 -j ACCEPT
+    # Drop other packets
+    iptables ${iptcmd} FORWARD ${match_mac} -j DROP
 fi