Subject: Re: NetBSD/Xen Howto
To: Hubert Feyrer <hubert@feyrer.de>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: port-xen
Date: 03/07/2006 16:22:27
On Tue, Mar 07, 2006 at 03:59:59PM +0100, Hubert Feyrer wrote:
> On Tue, 7 Mar 2006, Johan Ihren wrote:
> >No, I'm not offering, unfortunately. ipf has always confused me and I 
> >usually turn ot others when I need to get it to do something new. But, on 
> >the other hand that means I'm my own proof for the need for such an 
> >example ;-)
> 
> Put something like
> 
> 	block in proto tcp from any to any port = 8000 keep state
> 
> into /etc/ipf.conf on dom0 and put "ipfilter=yes" into /etc/rc.conf, and 
> see if that helps.

You probably want more something like:
block in proto tcp from any to any port 8000 <> 9700
to also protect the console ports.
But you may have other daemons listening in this range, so ...
Maybe better would be
block in quick proto tcp from any to any port = 8000
block in quick proto tcp from any to any port 9600 <> 9700


-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--