|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xense-devel] Re: cannot filter on vif* interfaces using iptables?
Sanjam Garg <sanjamg@xxxxxxxxx> wrote on 11/21/2006 01:55:31 AM: > Hi Good morning, > I read the post on not being able to use vif* for iptables. Which one? > Actually > I am writing a kernel module to filter packets conning from from > domU through these vif interfaces.But the module does not seam to > filter the packets. > I am using xen3.0.3 and kernel 2.6.19.29 and bridged network settings. I assume a) you are using 2.6.16.29 :-) b) you run iptables in domain0 c) you have networking setup in bridging mode in domain 0 > I have .config setting for my kernel as > CONFIG_BRIDGE_NETFILTER=y > and CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m Did you change the Xen kernel default settings in any way? > Any ideas? I sent a dom0 networking scripts extension for domain 0 to this mailing list a while ago (http://lists.xensource.com/archives/html/xense-devel/2006-08/msg00003.html). It sets up iptables filters between vifs depending on the security labels of the domains to which the vifs belong. I did not run into any problems at that time when filtering bridged packets with the standard Linux kernel configuration in Xen. Reiner _______________________________________________ Xense-devel mailing list Xense-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xense-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |