[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Xen and IPtables

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: James Clemence <jamesvclemence@xxxxxxxxxxxxxx>
Date: Wed, 29 Apr 2009 20:02:00 +0100
Delivery-date: Wed, 29 Apr 2009 12:02:43 -0700
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=ffVbc6sOWXSG/H9oOGNPOle8MjoSMMFBKvMtJbHgIxIOI5Gi/AujeTJRXHIe6CfTB2 FjrwtMuFUpcoNZoEhYzia7dWv7gGPoDT8Z8PgV1libno0SMUp4aDKGmiZYE4qY6yFyK2 Z99rWor5IeOgW8oNCJOMkSdkpAoD+Q0Wgltmk=
List-id: Xen user discussion <xen-users.lists.xensource.com>

Hi, just a brief question regarding iptables and Dom0. I am wondering how I can apply IPtables rules purely to the traffic to the Dom0, without blocking that going to the domUs.

I have tried using -d <dom0 IP> with drop rules except SSH.

However, if this is done on the INPUT chain it blocks off the traffic going to the DomUs too... Just wondering whether I can have any pointers to get this sort of solution:

Iptables <block all except ssh to dom0>
but allow domU traffic through which I am handling in per-domU chains on FORWARD.

Have been slightly confused with this one, any help would be great, cheers,

J

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] Xen and IPtables
  - From: Ryan Kennedy

Prev by Date: [Xen-users] migrating VM
Next by Date: [Xen-users] Migration from 3.1 to 3.3?
Previous by thread: [Xen-users] migrating VM
Next by thread: Re: [Xen-users] Xen and IPtables
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.