WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/

Home

xen-users

[Top] [All Lists]

Re: [Xen-users] Dom 0 firewall

from [Thaddeus Hogan]

[Permanent Link][Original]

To:	Ian Tobin <itobin@xxxxxxxxxxxxx>
Subject:	Re: [Xen-users] Dom 0 firewall
From:	Thaddeus Hogan <thaddeus@xxxxxxxxxx>
Date:	Tue, 23 Jun 2009 20:19:59 -0500 (CDT)
Cc:	xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Tue, 23 Jun 2009 18:21:05 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<388737.21245802801261.JavaMail.BANANA$@banana>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx

----- "Ian Tobin" <itobin@xxxxxxxxxxxxx> wrote:

> Ive built a new server using xen debian lenny packages. Im trying to
> firewall dom 0 which i can do ok but it then blocks access to the dom
> Us. Has anyone managed to do this successfully?

Are you trying to restrict access to the Dom0 using iptables?

According to this page (http://wiki.xensource.com/xenwiki/XenNetworking) at the 
Xen Wiki, packets crossing the bridge interface into a vif pass through the 
FORWARD chain of iptables.  If this chain has a default policy of DROP or 
REJECT, then packets passing through the bridge to the DomUs will be impeded.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-users] Dom 0 firewall, Ian Tobin Re: [Xen-users] Dom 0 firewall, Florian Manschwetus Re: [Xen-users] Dom 0 firewall, Thaddeus Hogan <= RE: [Xen-users] Dom 0 firewall, Ian Tobin Re: [Xen-users] Dom 0 firewall, Thomas Goirand Re: [Xen-users] Dom 0 firewall, Brad Plant Re: [Xen-users] Dom 0 firewall, Thomas Goirand RE: [Xen-users] Dom 0 firewall, Ian Tobin

Previous by Date:	RE: [Xen-users] GPLPV 0.10.0.69 Blue Screen 0x0000007B, James Harper
Next by Date:	Re: [Xen-users] network usage gathering, Thomas Goirand
Previous by Thread:	Re: [Xen-users] Dom 0 firewall, Florian Manschwetus
Next by Thread:	RE: [Xen-users] Dom 0 firewall, Ian Tobin
Indexes:	[Date] [Thread] [Top] [All Lists]

This site is hosted by Citrix