WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Firewalling Xen?

Subject: Re: [Xen-users] Firewalling Xen?
From: Thomas Goirand <thomas@xxxxxxxxxx>
Date: Wed, 17 Dec 2008 01:01:29 +0800
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 16 Dec 2008 09:04:30 -0800
Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=goirand.fr; h=message-id: date:from:mime-version:cc:subject:references:in-reply-to: content-type:content-transfer-encoding; q=dns/txt; s=postfix; bh= 4nng0ob/p/il9dY70LI6sayGezw=; b=uFHAjiULWJYeDzynNXE8/2IaqD/Lyfuo 78B43ZtQD5AaeUmXYFu7kBKUAy1cFFU3UDl51uRa/HNoXEa1ZXsq8+P1uinwbTey RUlCukI3ytz4dnoMSxoscUwhxYZx4AsYtW9Syv6uvob9HqeoNB/9UGnRwR8y/lv4 6M5yVRcN1v0=
Domainkey-signature: a=rsa-sha1; c=nofws; d=goirand.fr; h=message-id:date:from:mime-version:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; q=dns; s=postfix; b= Kv8lYSkCz4KL96LmuTehYxfEZ8dI5Ow0dTaEbsRK+wf0RCDfJ26brniuZV0PJVpE 9x00TvosgeFQ1jUHHq+M3N6jGx2aS2NDm7sHizvevhZksiO4ONcGlqm9pOVBzQLf qCXYQXJlmZMBR7Yy+SxpYLJ4OsLpHPy4OFvN+FpqcGU=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <14915851.141229329317606.JavaMail.root@xxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Openpgp: id=98EF9A49
Organization: GPLHost
References: <14915851.141229329317606.JavaMail.root@xxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla-Thunderbird 2.0.0.17 (X11/20081018)
lists@xxxxxxxxxxxxx wrote:
> I'm wondering how to setup a firewall for Dom0 when all traffic for the DomUs 
> go 'through' it.

Hi,

as we do commercial VPS hosting with xen and our own open source
management interface, we have designed a small anti-DoS firewall to
setup in your dom0. It does nothing spectacular, but it helps against
ssh dictionary attacks, and other very common flood types that might
hurt your server: ping, syn, etc.

http://git.gplhost.com/gitweb/?p=dtc-xen.git;a=blob;f=debian/dtc-xen.init;h=5e4df2e46e3a872a2d73ada77e24e8bb242f8b6b;hb=a75a32b23d6dde71dc684045b3c2e7051c30e6fa

I'd be happy to have contributions in this small script that is by the
way very simple to extend (just add few functions for yourself and
share, then anybody can enable/disable them with ease.

Thomas

P.S: For further discovery of the projects see here the bellow URLs:

http://packages.debian.org/lenny/dtc
http://packages.debian.org/lenny/dtc-xen
http://www.gplhost.com/software-dtc.html
http://www.gplhost.com/software-dtc-xen.html


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users