|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] XCP - untrusted domUs?
On Mon, Feb 22, 2010 at 12:32:44PM -0000, Matthew Law wrote: > > Our ongoing experiments with XCP have been encouraging - still struggling > with debian Lenny install and my question from last week didn't get > answered -hint, hint! ;-) > > Anyway, does XCP have any native support for iptables and ebtables rules? > - what I mean is, we currently use Xen 3.4.2 on CentOS and roll our own > iptables and ebtables rules to prevent IP spoofing and also _try_ and > prevent DHCP requests being answered by DHCP servers other than our own. > > This has an overhead in that every time install and upgrade a dom0 we have > to also clone the config and associated dependencies. It would be really > cool if this kind of thing 'just worked'. It would be even cooler if it > was configurable in the domU config file. For us this kind of thing is > very important when hosting untrusted domUs. We also prefer pvgrub > aswell, but that wouldn't be a deal breaker. > > Does XCP support anything like this? - I know it is basically CentOS, so > in theory one could roll their own config, but that would take away > somewhat from the simplicity of it all. > XCP uses Openvswitch now, so you should check the docs/mailinglist of it.. (for supported features and how it interacts with the kernel). -- Pasi _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |