WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] If Dom0 was compramised

On Thu, May 20, 2010 at 5:06 PM, Ian Tobin <itobin@xxxxxxxxxxxxx> wrote:
> Curious, what would be the best way to secure the Dom0.
>
> Ive tried iptables before but then prevented access to the DomUs.

Depends on your setup. If you use bridge networking, and
/proc/sys/net/bridge/bridge-nf-call-iptables is 0 (which is 1 by
default), domU traffic should be unaffected by dom0's iptables.

-- 
Fajar

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users