This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] Dom 0 firewall

To: Ian Tobin <itobin@xxxxxxxxxxxxx>
Subject: Re: [Xen-users] Dom 0 firewall
From: Thaddeus Hogan <thaddeus@xxxxxxxxxx>
Date: Tue, 23 Jun 2009 20:19:59 -0500 (CDT)
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 23 Jun 2009 18:21:05 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <388737.21245802801261.JavaMail.BANANA$@banana>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
----- "Ian Tobin" <itobin@xxxxxxxxxxxxx> wrote:

> Ive built a new server using xen debian lenny packages. Im trying to
> firewall dom 0 which i can do ok but it then blocks access to the dom
> Us. Has anyone managed to do this successfully?

Are you trying to restrict access to the Dom0 using iptables?

According to this page (http://wiki.xensource.com/xenwiki/XenNetworking) at the 
Xen Wiki, packets crossing the bridge interface into a vif pass through the 
FORWARD chain of iptables.  If this chain has a default policy of DROP or 
REJECT, then packets passing through the bridge to the DomUs will be impeded.

Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>