WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [adrian@xxxxxxxxxxxxxxx: [Xen-users] vif-common.sh, anti

To: Adrian Chadd <adrian@xxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [adrian@xxxxxxxxxxxxxxx: [Xen-users] vif-common.sh, antispoof and multiple ips w/ ip=]
From: Ewan Mellor <ewan@xxxxxxxxxxxxx>
Date: Tue, 21 Nov 2006 15:01:53 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 21 Nov 2006 07:02:01 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20061121124944.GC14185@xxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20061121124944.GC14185@xxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.9i
On Tue, Nov 21, 2006 at 08:49:44PM +0800, Adrian Chadd wrote:

> I'm running Xen w/ bridges and antispoof. I found this in vif-common.sh:
> 
>   if [ "$ip" != "" ]
>   then
>       local addr
>       for addr in "$ip"
>       do
>         frob_iptable -s "$addr"
>       done
> 
>       # Always allow the domain to talk to a DHCP server.
>       frob_iptable -p udp --sport 68 --dport 67
>   else
>       # No IP addresses have been specified, so allow anything.
>       frob_iptable
>   fi
> 
> This works fine for one IP in the vif config but I can't figure out how to 
> coax
> it into >1 IP like the for addr loop suggests. It always treats "$ip" as one
> entry and passes $addr as the whole IP string, not each IP.
> 
> Here's an example:
> 
> vif = [ 'bridge=xenbr0,ip=a.b.c.25 a.b.c.26 a.b.c.27 a.b.c.28' ]
> 
> If I remove the ""'s around $ip then addr is passed individual IPs from that 
> list
> and iptables is setup appropriately.
> 
> Is this the correct solution?

Yes, I think so; I'll put a patch in.

Thanks,

Ewan.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>