|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-devel] Bridging firewall?
Are you sure your new scripts actually still implement the antispoof feature of ensuring that the guest can only send packets using its allocated IP? It looks to me like they're too lax. Ian > -----Original Message----- > From: Matthieu PATOU [mailto:matxen@xxxxxxxxx] > Sent: 26 January 2005 21:12 > To: Ian Pratt > Cc: xen-devel@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: [Xen-devel] Bridging firewall? > > On Sun, 23 Jan 2005 23:15:29 -0000 > "Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx> wrote: > > > > In order to feel secure i've activated the antispoof options, > > > but as it was > > > broken for me i tweak a little the rules ... if someone is > > > intrested i can post > > > my script and give some explanations. > > > > That would be useful. > > > See the attached files, in order to work i put some rules : > vifx.0 must be bridged to xen-br0 (it correspond to the > output of the firewall) > in order to be really accessible (some iptables rules are > juste added line 79 > and 80 for vifx.0 and not for other vif). > > ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |