WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Xen-users] Dom 0 firewall

from [Ian Tobin] [Permanent Link][Original]
To: "Thaddeus Hogan" <thaddeus@xxxxxxxxxx>
Subject: RE: [Xen-users] Dom 0 firewall
From: "Ian Tobin" <itobin@xxxxxxxxxxxxx>
Date: Wed, 24 Jun 2009 09:08:03 +0100
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 24 Jun 2009 01:08:47 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <27412617.41245806379478.JavaMail.BANANA$@banana>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acn0aeiEHSwzGz57R+iHtMTCBmz7XQAOMGzQ
Thread-topic: [Xen-users] Dom 0 firewall 
Yes im trying to restrict traffic to Dom 0.

Im not quite sure what policy to set, I did have one setup before when i used 
the source version of Xen but deb version is causing problems when I apply the 
firewall script.

Do you have a default  one you use?

Thanks

Ian


-----Original Message-----
From: Thaddeus Hogan [mailto:thaddeus@xxxxxxxxxx] 
Sent: 24 June 2009 02:20
To: Ian Tobin
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Dom 0 firewall

----- "Ian Tobin" <itobin@xxxxxxxxxxxxx> wrote:


> Ive built a new server using xen debian lenny packages. Im trying to
> firewall dom 0 which i can do ok but it then blocks access to the dom
> Us. Has anyone managed to do this successfully?

Are you trying to restrict access to the Dom0 using iptables?

According to this page (http://wiki.xensource.com/xenwiki/XenNetworking) at the 
Xen Wiki, packets crossing the bridge interface into a vif pass through the 
FORWARD chain of iptables.  If this chain has a default policy of DROP or 
REJECT, then packets passing through the bridge to the DomUs will be impeded.


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Xen-users] flat file system as disk, Pallab Chakrabarty
Next by Date:  Re: [Xen-users] vif-route script not getting domU-IP (vif-IP), Maik Brauer
Previous by Thread:  Re: [Xen-users] Dom 0 firewall, Thaddeus Hogan
Next by Thread:  Re: [Xen-users] Dom 0 firewall, Thomas Goirand
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy