|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Communication between Domain0 and Domain1
I haven't looked real close at the bridge config/script so I don't know if it handles downing a VM gracefully; iptables isn't very good at dynamically removing rules. You have to know what order they went in to be able to remove it in the order it was created. i.e. you can create a rule by saying "from source IP such and destination IP such, do thusly" but you can't remove it with the same terminology, you have to say "remove rule number twelve." So bringing up a VIP and assigning an eth0 alias and creating a NAT rule is pretty easy, but there's no graceful way to handle removing the NAT rule if you want to down the VM/VIP. I'm not sure that's the case. If you've added a rule with -A, specifying the syntax, you can remove it by specifying -D and the same syntax. It'll remove one rule that exactly matches the syntax you specify to -D. I often use this to drop a LOG rule in temporarily: # iptables -A INPUT -j LOG ... stuff happens ... # iptables -D INPUT -j LOGThis is in addition to the -D <rule number> behaviour, which is indeed a real pain to use. Cheers, Chris. ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |