Adrian Chadd
2006-Nov-21 12:49 UTC
[Xen-devel] [adrian@creative.net.au: [Xen-users] vif-common.sh, antispoof and multiple ips w/ ip=]
Hiya,
I didn''t get any replies to this on the xen-users list; I thought
I''d
try my luck here.
Thanks,
----- Forwarded message from Adrian Chadd <adrian@creative.net.au> -----
hiya,
I''m running Xen w/ bridges and antispoof. I found this in
vif-common.sh:
if [ "$ip" != "" ]
then
local addr
for addr in "$ip"
do
frob_iptable -s "$addr"
done
# Always allow the domain to talk to a DHCP server.
frob_iptable -p udp --sport 68 --dport 67
else
# No IP addresses have been specified, so allow anything.
frob_iptable
fi
This works fine for one IP in the vif config but I can''t figure out how
to coax
it into >1 IP like the for addr loop suggests. It always treats
"$ip" as one
entry and passes $addr as the whole IP string, not each IP.
Here''s an example:
vif = [ ''bridge=xenbr0,ip=a.b.c.25 a.b.c.26 a.b.c.27 a.b.c.28''
]
If I remove the ""''s around $ip then addr is passed
individual IPs from that list
and iptables is setup appropriately.
Is this the correct solution?
Thanks,
Adrian
----- End forwarded message -----
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
Ewan Mellor
2006-Nov-21 15:01 UTC
Re: [Xen-devel] [adrian@creative.net.au: [Xen-users] vif-common.sh, antispoof and multiple ips w/ ip=]
On Tue, Nov 21, 2006 at 08:49:44PM +0800, Adrian Chadd wrote:> I''m running Xen w/ bridges and antispoof. I found this in vif-common.sh: > > if [ "$ip" != "" ] > then > local addr > for addr in "$ip" > do > frob_iptable -s "$addr" > done > > # Always allow the domain to talk to a DHCP server. > frob_iptable -p udp --sport 68 --dport 67 > else > # No IP addresses have been specified, so allow anything. > frob_iptable > fi > > This works fine for one IP in the vif config but I can''t figure out how to coax > it into >1 IP like the for addr loop suggests. It always treats "$ip" as one > entry and passes $addr as the whole IP string, not each IP. > > Here''s an example: > > vif = [ ''bridge=xenbr0,ip=a.b.c.25 a.b.c.26 a.b.c.27 a.b.c.28'' ] > > If I remove the ""''s around $ip then addr is passed individual IPs from that list > and iptables is setup appropriately. > > Is this the correct solution?Yes, I think so; I''ll put a patch in. Thanks, Ewan. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Adrian Chadd
2006-Nov-22 02:53 UTC
Re: [Xen-devel] [adrian@creative.net.au: [Xen-users] vif-common.sh, antispoof and multiple ips w/ ip=]
On Tue, Nov 21, 2006, Ewan Mellor wrote:> > Is this the correct solution? > > Yes, I think so; I''ll put a patch in.Ta. Adrian _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel