RE: [Xen-users] If Dom0 was compramised

Ok cool, ill give it a shot :)

Thanks

Ian



-----Original Message-----
From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
[mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Olivier B.
Sent: 20 May 2010 12:35
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] If Dom0 was compramised

well, something like that ?

iptables -I INPUT -p tcp --dport 22 -j ACCEPT
iptables -P INPUT -j DROP
iptables -I OUTPUT -p tcp --sport 22 -j ACCEPT
iptables -P OUTPUT -j DROP

Le 20/05/2010 13:29, Ian Tobin a écrit :
> Ok I see.
>
> Do you have a sample script that blocks all traffic other than ssh and
> pings? Or a similar script?
>
> Ian
>
>
> -----Original Message-----
> From: Fajar A. Nugraha [mailto:fajar@xxxxxxxxx]
> Sent: 20 May 2010 11:23
> To: Ian Tobin
> Cc: Xen User-List
> Subject: Re: [Xen-users] If Dom0 was compramised
>
> On Thu, May 20, 2010 at 5:13 PM, Ian Tobin<itobin@xxxxxxxxxxxxx>  wrote:
>    
>> Yes im using bridged.
>>
>> Odd, so you can create any ip tables rules and it should not affect
>> domUs?
>>      
> A more accurate term would be it could be setup to only affect dom0
> and routed traffic, not bridged traffic.
>
>    

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: [Xen-users] High availability and live migration with just LVMand hardware fencing, John Madden

Next by Date:

RE: [Xen-users] HXEN for MacOS X?, Stephen Spector

Previous by Thread:

Re: [Xen-users] If Dom0 was compramised, Olivier B.

Next by Thread:

Re: [Xen-users] If Dom0 was compramised, Steve Spencer

Indexes:

[Date] [Thread] [Top] [All Lists]

WARNING - OLD ARCHIVES

xen-users

RE: [Xen-users] If Dom0 was compramised