[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Bridging firewall?

To: "Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx>
From: Matthieu PATOU <matxen@xxxxxxxxx>
Date: Wed, 26 Jan 2005 23:06:21 +0100
Cc: matxen@xxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 27 Jan 2005 16:49:50 +0000
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>

> 
> Are you sure your new scripts actually still implement the antispoof
> feature of ensuring that the guest can only send packets using its
> allocated IP? It looks to me like they're too lax.
The modification into /etc/xen/scripts/network and /etc/xen/script/vif-bridge
are just to have a functionnal antispoof when you have two bridge
but all the firewalling is done into xenU-firewall a domain connected with
vif1.0 connected to xen-br0 (the secure network) and vif1.1 connected to xen-br1
(the outside )

Is it more clear ?
i don't think that my modification the scripts are that clever ... my 2 cent
files !
> 
> Ian
> 


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

References:
- RE: [Xen-devel] Bridging firewall?
  - From: Ian Pratt

Prev by Date: [Xen-devel] drdb fails under xen
Next by Date: Re: [Xen-devel] [PATCH] xenctld - a control channel multiplexing daemon
Previous by thread: RE: [Xen-devel] Bridging firewall?
Next by thread: [Xen-devel] kdb for xen linux 2.6.10
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.