 Home |
Products |
Support |
Community |
News |
xense-devel
[Xense-devel] Re: cannot filter on vif* interfaces using iptables?
| To: | Sanjam Garg <sanjamg@xxxxxxxxx> |
|---|---|
| Subject: | [Xense-devel] Re: cannot filter on vif* interfaces using iptables? |
| From: | Reiner Sailer <sailer@xxxxxxxxxx> |
| Date: | Tue, 21 Nov 2006 09:39:04 -0500 |
| Cc: | xense-devel@xxxxxxxxxxxxxxxxxxx |
| Delivery-date: | Tue, 21 Nov 2006 06:39:46 -0800 |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxx |
| Importance: | High |
| In-reply-to: | <20061121065531.61399.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxx> |
| List-help: | <mailto:xense-devel-request@lists.xensource.com?subject=help> |
| List-id: | "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com> |
| List-post: | <mailto:xense-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe> |
| Sender: | xense-devel-bounces@xxxxxxxxxxxxxxxxxxx |
|
Sanjam Garg <sanjamg@xxxxxxxxx> wrote on 11/21/2006 01:55:31 AM: > Hi Good morning, > I read the post on not being able to use vif* for iptables. Which one? > Actually > I am writing a kernel module to filter packets conning from from > domU through these vif interfaces.But the module does not seam to > filter the packets. > I am using xen3.0.3 and kernel 2.6.19.29 and bridged network settings. I assume a) you are using 2.6.16.29 :-) b) you run iptables in domain0 c) you have networking setup in bridging mode in domain 0 > I have .config setting for my kernel as > CONFIG_BRIDGE_NETFILTER=y > and CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m Did you change the Xen kernel default settings in any way? > Any ideas? I sent a dom0 networking scripts extension for domain 0 to this mailing list a while ago (http://lists.xensource.com/archives/html/xense-devel/2006-08/msg00003.html). It sets up iptables filters between vifs depending on the security labels of the domains to which the vifs belong. I did not run into any problems at that time when filtering bridged packets with the standard Linux kernel configuration in Xen. Reiner _______________________________________________ Xense-devel mailing list Xense-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xense-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xen-API] RFC: Support for secruity in Xen-API, Stefan Berger |
|---|---|
| Next by Date: | [Xense-devel] How to block ping?, MANU SHANTHARAM |
| Previous by Thread: | [Xen-API] RFC: Support for secruity in Xen-API, Stefan Berger |
| Next by Thread: | [Xense-devel] How to block ping?, MANU SHANTHARAM |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
