WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] antispoof with Xen 3

Dirk H. Schulz wrote:
What I wonder about now is: what is the antispoof option for with xen 3?
If I do not use antispoof, the xen network script registeres a domU with the FORWARD chain with physdev matching anyway, so there is no need for a toggleable antispoof button (and toggling it did not lead to any different behaviour - at least I found none).

Many users isolate their dom0 and do not allow direct network
connectivity.  I'm guessing that's why the scripts do not automatically
add INPUT rules.

As far as the antispoof rule, it adds a src IP to the physdev match.
iptables ANDs those two conditions.  With antispoof off any IP from that
interface would be accepted; however, with antispoof on packets would
only be accepted if they come from the interface AND and have the spec'd IP.

Congratulations on your success.

:m)

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>