With each xen guest having its own virtual MAC address, is it possible at the dom0 level to set iptable rulesets which act as ip based access control lists per guest? Essentially the concept would be to limit the IP address per Xen guest, at the host level, so that a guest domain would not be able to assign itself the IP address of dom0 and create IP conflicts. Thanks