| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
[Xen-users] vif-common.sh and iptables
Hey everyone,
I have a question about vif-common.sh. I run multiple bridges attached
on dummy interfaces, which allow me to put guests in seperate subnets
(routed through the dom0). As you might expect I already have quite
extensive iptables scripts to accomidate this kind of routing.
I was just hoping someone on this list can confirm, that I understand
what the iptables lines in vif-common.sh actually do:
> iptables "$c" FORWARD -m physdev --physdev-in "$vif" "$@" -j ACCEPT \
> 2>/dev/null &&
> iptables "$c" FORWARD -m state --state RELATED,ESTABLISHED -m physdev
> \
> --physdev-out "$vif" -j ACCEPT 2>/dev/null
>From what i can tell the goal of these lines is to allow networking even
if the default FORWARD policy is DENY, am I right? Is there any
additional side-effect if I comment these lines out in vim-common.sh,
that I'm not considering?
Thanks,
D.
--
Dmitry Nedospasov <dmitry@xxxxxxxxx> -- Twitter: @nedos
Web: http://nedos.net -- Github: http://github.com/nedos
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xen-users] vif-common.sh and iptables,
Dmitry Nedospasov <=
|
|
|
| |
|
Home