[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Xen and Firewalling
Good evening all, I would like to have a number of fairly autonomous domains on a xen box and would like to give the admins the ability to maintain their own firewalls. However netfilter's not compiled in to the domU kernels: # iptables -L -n modprobe: Can't open dependencies file /lib/modules/2.6.10-xenU/modules.dep (No such file or directory) iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. Is there a reason for this? Is simply doing a make menuconfig inside linux-2.6.10-xenU and setting the requisite options sufficient? According to linux-2.6.10-xen-sparse/arch/xen/configs/xenU_defconfig there are some modules already so it would follow that there's no problem compiling netfilter as modules? That being the case, why aren't they compiled by default ? I see that netfilter is indeed included in the default dom0 config, and can understand why someone would want to put some basic restrictions on the domains (eg to ensure that they are using only allocated IPs, for accounting and to enforce any other administrative policies), but it would certainly be more flexible to allow each domain to maintain its own security policy. For this paticular installation the preferred setup would be not allowing anything but ssh from certain IPs to dom0, and then have each of the domains taking care of itself - they would be, for all intents and purposes, standalone machines. Sam _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |