This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


RE: [Xen-users] Dom 0 firewall

To: "Thaddeus Hogan" <thaddeus@xxxxxxxxxx>
Subject: RE: [Xen-users] Dom 0 firewall
From: "Ian Tobin" <itobin@xxxxxxxxxxxxx>
Date: Wed, 24 Jun 2009 09:08:03 +0100
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 24 Jun 2009 01:08:47 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <27412617.41245806379478.JavaMail.BANANA$@banana>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acn0aeiEHSwzGz57R+iHtMTCBmz7XQAOMGzQ
Thread-topic: [Xen-users] Dom 0 firewall
Yes im trying to restrict traffic to Dom 0.

Im not quite sure what policy to set, I did have one setup before when i used 
the source version of Xen but deb version is causing problems when I apply the 
firewall script.

Do you have a default  one you use?



-----Original Message-----
From: Thaddeus Hogan [mailto:thaddeus@xxxxxxxxxx] 
Sent: 24 June 2009 02:20
To: Ian Tobin
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Dom 0 firewall

----- "Ian Tobin" <itobin@xxxxxxxxxxxxx> wrote:

> Ive built a new server using xen debian lenny packages. Im trying to
> firewall dom 0 which i can do ok but it then blocks access to the dom
> Us. Has anyone managed to do this successfully?

Are you trying to restrict access to the Dom0 using iptables?

According to this page (http://wiki.xensource.com/xenwiki/XenNetworking) at the 
Xen Wiki, packets crossing the bridge interface into a vif pass through the 
FORWARD chain of iptables.  If this chain has a default policy of DROP or 
REJECT, then packets passing through the bridge to the DomUs will be impeded.

Xen-users mailing list
<Prev in Thread] Current Thread [Next in Thread>