WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] [PATCH] tools: dom0 iptables rule ordering change

from [Chris] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] [PATCH] tools: dom0 iptables rule ordering change
From: Chris <hap10@xxxxxxxxxxxxxx>
Date: Fri, 10 Apr 2009 10:41:11 -0400
Delivery-date: Fri, 10 Apr 2009 07:41:38 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
This patch makes two small changes to dom0 iptables rules that permit (and revoke) domU network access. 

First:
Currently, a rule intended to allow domU network access is appended to the end of the FORWARD chain, where it can be preempted by other rules. This patch causes the rule to be inserted at the top, where it's more likely to have the intended effect. 

Second:
In some cases (e.g. Fedora 9's default iptables configuration), the first rule alone is insufficient to permit two-way packet flow. This patch adds a second rule to the FORWARD chain that permits replies to domU network requests to reach the domU vif. 

Signed-off-by: Chris Bookholt <hap10@xxxxxxxxxxxxxx>

Attachment: vif-common.patch
Description: Binary data



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH] tools: dom0 iptables rule ordering change, Chris <=
Previous by Date:  [Xen-devel][PATCH][XSM] missing entries to xsm_fixup_ops, George S. Coker, II
Next by Date:  Re: [Xen-devel] [RFC] Scheduler work, part 1: High-level goals and interface., Jeremy Fitzhardinge
Previous by Thread:  [Xen-devel][PATCH][XSM] missing entries to xsm_fixup_ops, George S. Coker, II
Next by Thread:  [Xen-devel] VT-D error related to intel IGD on Asus P5Q-EM DO (Q45 chipset), Sander Eikelenboom
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy