[Gllug] Logging in iptables and Debian install woes

Andy Smith andy at lug.org.uk
Fri Apr 28 13:09:49 UTC 2006


On Fri, Apr 28, 2006 at 01:59:17PM +0100, Richard Jones wrote:
> On Fri, Apr 28, 2006 at 11:31:15AM +0000, Andy Smith wrote:
> > Incidentally has anyone got a simple explanation of how, with xen
> > 3.x (bridged networking), to use iptables in dom0 for protecting
> > domUs?  In xen 2.x this was quite simple if you used named vifs; all
> > traffic to/from a domU went in/out via the vif and you could use
> > --physdev-in / --physdev-out to match it.
> 
> Do you want to protect the domU's from each other, or do you want to
> protect them from the outside world?

Both, but I would settle for the outside world first of all.

If I have X domUs all controlled by me for partitioning of services
then I don't really want to run iptables on each, seems more logical
and efficient to do it once in dom0.

Cheers,
Andy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20060428/a2da1785/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug


More information about the GLLUG mailing list