[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-users] Automatically provisioning IP addresses on a new VM
> > Ð ÐÐÑ, 20/11/2010 Ð 10:41 -0500, Javier Guerra Giraldez ÐÐÑÐÑ: > > On Sat, Nov 20, 2010 at 9:26 AM, Andrew White <admin@xxxxxxxxxxxxxxx> wrote: > > > Would you be able to elaborate on dom0 anti-spoofing? > > > > simply add a netfilter rule to allow only packets with the intended IP > > source coming from the vif > > And, migration? And reboot? > > I think, creating correct VM tracking system is not so easy as sound... > You'd script it in the vif scripts, which I think is already done for MAC address spoofing. Even if you decided on some other method than DHCP, your DomU's are still untrusted so you still need to restrict at the vif level. James _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |