properly ipf config on dom0

To: port-xen%netbsd.org@localhost
Subject: properly ipf config on dom0
From: Victor Gamov <vit%euro-comm.net@localhost>
Date: Sat, 19 Dec 2009 01:21:18 +0300

Hi All!

May be wrong maillist but...

I have dom0 with NetBSD and some domU with other OSes.

external dom0 interface nfe0 bridged to one of domU. IPF configured tocheck domU IP-address at nfe0 but traffic for domU still not filteredand not logged by IPF.

As I understand traffic comes to nfe0, then driver (?) discover packetaddressed to IP-address (or MAC?) owned by domU and send it to domU viabridge without putting it into IPF input queue.


Is it correct?

If so, then I need to recompile kernel with BRIDGE_IPF option?

If not -- how I must protect my domU by IPF on dom0 ?

Advice me please

--
CU,
Victor Gamov

begin:vcard
fn:Victor Gmov
n:Gmov;Victor
email;internet:vit%euro-comm.net@localhost
tel;work:sip:04800112%euro-comm.net@localhost
x-mozilla-html:FALSE
version:2.1
end:vcard

Follow-Ups:
- Re: properly ipf config on dom0
  - From: Stephen Borrill

Prev by Date: Re: Compiling PAX support in Xen dom0+domU
Next by Date: Re: properly ipf config on dom0
Previous by Thread: Compiling PAX support in Xen dom0+domU
Next by Thread: Re: properly ipf config on dom0
Indexes:

Home | Main Index | Thread Index | Old Index