[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] Bridging firewall?


  • To: "Matthieu PATOU" <matxen@xxxxxxxxx>
  • From: "Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx>
  • Date: Wed, 26 Jan 2005 21:56:12 -0000
  • Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Fri, 28 Jan 2005 00:42:08 +0000
  • List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
  • Thread-index: AcUD669efU+2Pl2hRx6rzFEncTGECwABbv0w
  • Thread-topic: [Xen-devel] Bridging firewall?

Are you sure your new scripts actually still implement the antispoof
feature of ensuring that the guest can only send packets using its
allocated IP? It looks to me like they're too lax.

Ian

> -----Original Message-----
> From: Matthieu PATOU [mailto:matxen@xxxxxxxxx] 
> Sent: 26 January 2005 21:12
> To: Ian Pratt
> Cc: xen-devel@xxxxxxxxxxxxxxxxxxxxx
> Subject: Re: [Xen-devel] Bridging firewall?
> 
> On Sun, 23 Jan 2005 23:15:29 -0000
> "Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx> wrote:
> 
> >  > In order to feel secure i've activated the antispoof options, 
> > > but as it was
> > > broken for me i tweak a little the rules ... if someone is 
> > > intrested i can post
> > > my script and give some explanations.
> > 
> > That would be useful.
> > 
> See the attached files, in order to work i put some rules :
> vifx.0 must be bridged to xen-br0 (it correspond to the 
> output of the firewall)
> in order to be really accessible (some iptables rules are 
> juste added line 79
> and 80 for vifx.0 and not for other vif).
>  
> 


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.