|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] Re: Blocking DomU NetBios
I added these rules on the dom0, but they didn't have any effect whatsoever on the domUs. Shouldn't the domU network devices appear as physical devices on the dom0, and then the INPUT/OUTPUT chain just work? Any help would be greatly appreciated. A google search for "xen block netbios" is bringing this particular thread as the first result, so I guess it is not something that's common knowledge. iptables -A OUTPUT -p tcp --dport 135:139 -j DROP iptables -A OUTPUT -p udp --dport 135:139 -j DROP iptables -A INPUT -p tcp --dport 135:139 -j DROP iptables -A INPUT -p udp --dport 135:139 -j DROP iptables -A FORWARD -p tcp --dport 135:139 -j DROP iptables -A FORWARD -p udp --dport 135:139 -j DROP Thanks. On Tue, Feb 12, 2008 at 05:08:18PM +0530, Ligesh wrote: > > It has to be done outside of the domU. Modifying the domU is not an option > at all. That's a major effort if you have 30 domUs on a node already running, > and anyway, the idea is that domUs are run by hostile users, and all security > is implemented outside of it. > _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |