This patch makes two small changes to dom0 iptables rules that permit (and revoke) domU network access. First: Currently, a rule intended to allow domU network access is appended to the end of the FORWARD chain, where it can be preempted by other rules. This patch causes the rule to be inserted at the top, where it''s more likely to have the intended effect. Second: In some cases (e.g. Fedora 9''s default iptables configuration), the first rule alone is insufficient to permit two-way packet flow. This patch adds a second rule to the FORWARD chain that permits replies to domU network requests to reach the domU vif. Signed-off-by: Chris Bookholt <hap10@tycho.ncsc.mil> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel