search for: frob_ipt

Package: xen-utils-common Version: 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5 Severity: important Tags: patch security -- System Information: Debian Release: 9.4 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),

...bles $c FORWARD -s $@ -j ACCEPT failed. +If you are using iptables, this may affect networking for guest domains." +} + ## # Add or remove the appropriate entries in the iptables. With antispoofing @@ -105,7 +134,8 @@ local addr for addr in "$ip" do - frob_iptable -s "$addr" +# frob_iptable -s "$addr" + frob2_iptable "$addr" done # Always allow the domain to talk to a DHCP server.

Hey everyone, I have a question about vif-common.sh. I run multiple bridges attached on dummy interfaces, which allow me to put guests in seperate subnets (routed through the dom0). As you might expect I already have quite extensive iptables scripts to accomidate this kind of routing. I was just hoping someone on this list can confirm, that I understand what the iptables lines in vif-common.sh

...not the emulated device (vif4.0-emu). Xen 4.1 seems to use these as opposed to tap devices, hence this is related to bug 613540 (Xen 4.0/squeeze) but needs a different resolution for Xen 4.1/wheezy. To resolve, the /etc/xen/scripts/vif-common.sh script can be edited to have a new line added to the frob_iptable() function. After the first iptables command in this function, add: iptables "$c" FORWARD -m physdev --physdev-is-bridged --physdev-in "$dev"-emu "$@" -j ACCEPT 2>/dev/null && This isn't a full patch as there might be a nicer way to do this, e.g....