Re: IPFilter and Xen

To: Emmanuel Dreyfus <manu%netbsd.org@localhost>
Subject: Re: IPFilter and Xen
From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Date: Thu, 11 Mar 2010 11:26:05 +0100

On Thu, Mar 11, 2010 at 07:40:43AM +0100, Emmanuel Dreyfus wrote:
> Manuel Bouyer <bouyer%antioche.eu.org@localhost> wrote:
> 
> > But I don't use much "keep state" (actually I avoids it as much as 
> > possible).
> 
> As far as I understand, they ensure that ICMP traffic related to
> authorized TCP/UDP data can get back through. Do you just allow all
> ICMP?

At last icmp-type unreach; and for most case all icmp.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--

References:
- Re: IPFilter and Xen
  - From: Manuel Bouyer
- Re: IPFilter and Xen
  - From: Emmanuel Dreyfus

Prev by Date: Re: IPFilter and Xen
Next by Date: Re: Xen and LVM backed domu's
Previous by Thread: Re: IPFilter and Xen
Next by Thread: Migrating from x86 to amd64 Dom0 with x86 DomUs
Indexes:

Home | Main Index | Thread Index | Old Index