|
|
|
|
|
|
|
|
|
|
xen-users
Re: [Xen-users] iptables filter on specific bridge port only
On Fri, May 19, 2006 at 01:58:34PM +0100, Fischer, Anna wrote:
> I'd like to set up some filter rules in Dom0 to control network traffic
> of my other domains. I use iptables, my network setup is the standard
> Xen setup. Is it correct that if I want to filter traffic only on a
> specific domain interface (e.g. vif1.0), then I have to use the
> '--physdev' option instead of the '-i' or '-o' options? Or is there any
> other possibility to do this filtering?
Yes, -i and -o will match the bridge interface. In fact, if you have peth0
and vif1.0 connected to bridge xenbr0, then a communication from peth0
to vif1.0 will match "-i xenbr0" and "-o xenbr0". But it will match
"--physdev-in peth0" and "--physdev-out vif1.0" too.
> Anna
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|