|
|
|
|
|
|
|
|
|
|
xen-users
Re: [Xen-users] XCP - untrusted domUs?
On Mon, Feb 22, 2010 at 12:32:44PM -0000, Matthew Law wrote:
>
> Our ongoing experiments with XCP have been encouraging - still struggling
> with debian Lenny install and my question from last week didn't get
> answered -hint, hint! ;-)
>
> Anyway, does XCP have any native support for iptables and ebtables rules?
> - what I mean is, we currently use Xen 3.4.2 on CentOS and roll our own
> iptables and ebtables rules to prevent IP spoofing and also _try_ and
> prevent DHCP requests being answered by DHCP servers other than our own.
>
> This has an overhead in that every time install and upgrade a dom0 we have
> to also clone the config and associated dependencies. It would be really
> cool if this kind of thing 'just worked'. It would be even cooler if it
> was configurable in the domU config file. For us this kind of thing is
> very important when hosting untrusted domUs. We also prefer pvgrub
> aswell, but that wouldn't be a deal breaker.
>
> Does XCP support anything like this? - I know it is basically CentOS, so
> in theory one could roll their own config, but that would take away
> somewhat from the simplicity of it all.
>
XCP uses Openvswitch now, so you should check the docs/mailinglist of it..
(for supported features and how it interacts with the kernel).
-- Pasi
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|