This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] Xen and IPtables

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Xen and IPtables
From: James Clemence <jamesvclemence@xxxxxxxxxxxxxx>
Date: Wed, 29 Apr 2009 20:02:00 +0100
Delivery-date: Wed, 29 Apr 2009 12:02:43 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=wOFKlsqrd3owjEXuetOZZUiZYo+zGvc7tjHwnd/W2AQ=; b=FbDVOgfuXT4IUlESaigHhzKKlO0yrpcJULX5wJ9N7tvQvs8gAGVCIKg4gZuQcr2ZAm jY0J29pYnhOtn2xTvesh/sZ1Q07KZ1OSg1LG8HsPaKLr3b5jb/IV2g7y/MRX9xJf69Rl XDQn+Fi6KAAnZjwqMWm73drERY0jQNADAwNuw=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=ffVbc6sOWXSG/H9oOGNPOle8MjoSMMFBKvMtJbHgIxIOI5Gi/AujeTJRXHIe6CfTB2 FjrwtMuFUpcoNZoEhYzia7dWv7gGPoDT8Z8PgV1libno0SMUp4aDKGmiZYE4qY6yFyK2 Z99rWor5IeOgW8oNCJOMkSdkpAoD+Q0Wgltmk=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Hi, just a brief question regarding iptables and Dom0. I am wondering how I can apply IPtables rules purely to the traffic to the Dom0, without blocking that going to the domUs.

I have tried using -d <dom0 IP> with drop rules except SSH.

However, if this is done on the INPUT chain it blocks off the traffic going to the DomUs too... Just wondering whether I can have any pointers to get this sort of solution:

Iptables <block all except ssh to dom0>
but allow domU traffic through which I am handling in per-domU chains on FORWARD.

Have been slightly confused with this one, any help would be great, cheers,

Xen-users mailing list
<Prev in Thread] Current Thread [Next in Thread>