[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] LXR-type source code browsing

To: "Shane Geiger" <sgeiger@xxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxxx>
From: "Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx>
Date: Tue, 18 Jan 2005 20:26:53 -0000
Delivery-date: Tue, 18 Jan 2005 22:01:47 +0000
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
Thread-index: AcT9mCwWmWW7749FRbunbFnzy6NakgAA3+Mg
Thread-topic: [Xen-devel] LXR-type source code browsing

> Would it perhaps be even better to run snort in an 
> unprivileged domain, using
> iptables to feed traffic to that domain?

Sure, this could be done, but it would be most efficient to run it in
whichever domain has the bridge. The tools currently don't make it easy
to setup drivers in other domains. 

> Incidentally, why isn't iptables support built into the 
> default xen/linux kernels?
> iptables seems a natural fit with a project that can do so 
> much for system security.

iptables is built as a module in the default 2.6 xen0 config.

Ian


-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

Prev by Date: Re: [Xen-devel] not enough memory for DOM0 memory reservation
Next by Date: Re: [Xen-devel] databases and xen?
Previous by thread: Re: [Xen-devel] LXR-type source code browsing
Next by thread: [Xen-devel] Windows...
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.