This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] Xen and IPtables

To: James Clemence <jamesvclemence@xxxxxxxxxxxxxx>
Subject: Re: [Xen-users] Xen and IPtables
From: Ryan Kennedy <rkennedy@xxxxxxxxxxxxxx>
Date: Wed, 29 Apr 2009 13:15:45 -0600
Cc: "xen-users@xxxxxxxxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 29 Apr 2009 12:16:26 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <693269b50904291202n45d2b268ua71a07e6ba8a3082@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Organization: Avail Media, Inc.
References: <693269b50904291202n45d2b268ua71a07e6ba8a3082@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird (X11/20090408)
Are you using bridging or PCI passthrough?

James Clemence wrote:
> Hi, just a brief question regarding iptables and Dom0. I am wondering
> how I can apply IPtables rules purely to the traffic to the Dom0,
> without blocking that going to the domUs.
> I have tried using -d <dom0 IP> with drop rules except SSH.
> However, if this is done on the INPUT chain it blocks off the traffic
> going to the DomUs too... Just wondering whether I can have any
> pointers to get this sort of solution:
> Iptables <block all except ssh to dom0>
> but allow domU traffic through which I am handling in per-domU chains
> Have been slightly confused with this one, any help would be great,
> cheers,
> J

Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>