[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Limit IPs on DomU

To: Sebastian Igerl <sig@xxxxxxxxx>
From: John Haxby <john.haxby@xxxxxxxxxx>
Date: Fri, 19 Sep 2008 11:18:18 +0100
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 19 Sep 2008 03:19:08 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

Sebastian Igerl wrote:

I want to limit the IPs/Mac a DOMU can have..if a DomU uses an ip address other than i intended to do or changes his
MAC Address all packed should be dropped..

ebtables (http://ebtables.sourceforge.net/) is good for this, but it ispossible to use iptables under some conditions:http://ebtables.sourceforge.net/examples.html#ex_anti-spoof

You can extend the ebtables example to include a "--in-interface" matchto pin the MAC/IP address pair to a specific device, but, of course,you'd have to do this at the time the domain is created.

I can't remember the circumstances under which iptables filtering willwork, but I know it often doesn't because iptables doesn't see bridgetraffic. There's lots more about this in the ebtables documentation.


jch

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- Re: [Xen-users] xen 3.3.0 PCI device delegation
  - From: Dieter Imann
- [Xen-users] Limit IPs on DomU
  - From: Sebastian Igerl

Prev by Date: Re: [Xen-users] xm delete - Error: <Fault 3: 'machine1'>
Next by Date: Re: [Xen-users] xm delete - Error: <Fault 3: 'machine1'>
Previous by thread: [Xen-users] Limit IPs on DomU
Next by thread: [Xen-users] Howto compiling Xen 3.3
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.