NÉMETH Balázs
2007-Apr-20 21:29 UTC
TUDÁSBÁZISBA: XEN és SHOREWALL -- Xen and Shorewall documentation -- Is Dom0 secure?
Hi all, I have read and implemented the configuration for Xen dom0 as described in "Xen - Shorewall in Bridged Xen Dom0". I have one question though. It seems to me that there is no protection for Dom0 in the configuration as described.Shouldn''t the lines in /etc/shorewall/policy : ursa all ACCEPT net ursa ACCEPT rather be ursa all ACCEPT net ursa REJECT INFO And then allow ports in in /etc/shorewall/rules -- The only port I can see useful for Dom0 is port 22 for remote maintenance? E.G. ACCEPT net xen ssh #where xen is enbr0:vif0.0 At least in my setup for servers I have a minimal Dom0 and just use it to run and control the virtual machines. It needs the most protection as breaching Dom0 will result in all virtual machines being vulnerable. Am I missing something? Regards Mark ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/