| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
Re: [Xen-devel] Communication between Domain0 and Domain1
I haven't looked real close at the bridge config/script so I don't know
if it handles downing a VM gracefully; iptables isn't very good at
dynamically removing rules. You have to know what order they went in
to be able to remove it in the order it was created. i.e. you can
create a rule by saying "from source IP such and destination IP such,
do thusly" but you can't remove it with the same terminology, you have
to say "remove rule number twelve." So bringing up a VIP and assigning
an eth0 alias and creating a NAT rule is pretty easy, but there's no
graceful way to handle removing the NAT rule if you want to down the
VM/VIP.
I'm not sure that's the case. If you've added a rule with -A, specifying
the syntax, you can remove it by specifying -D and the same syntax.
It'll remove one rule that exactly matches the syntax you specify to -D.
I often use this to drop a LOG rule in temporarily:
# iptables -A INPUT -j LOG
... stuff happens ...
# iptables -D INPUT -j LOG
This is in addition to the -D <rule number> behaviour, which is indeed a
real pain to use.
Cheers,
Chris.
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
|
|
|
| |
|
Home