thr3ads.net - Xen users - [Xen-users] vif-common.sh, antispoof and multiple ips w/ ip= [Nov 2006]

If this information is useful, please help other people find it:
Share via:

Adrian Chadd

2006-Nov-20 05:58 UTC

[Xen-users] vif-common.sh, antispoof and multiple ips w/ ip=

hiya,

I''m running Xen w/ bridges and antispoof. I found this in
vif-common.sh:

  if [ "$ip" != "" ]
  then
      local addr
      for addr in "$ip"
      do
        frob_iptable -s "$addr"
      done

      # Always allow the domain to talk to a DHCP server.
      frob_iptable -p udp --sport 68 --dport 67
  else
      # No IP addresses have been specified, so allow anything.
      frob_iptable
  fi

This works fine for one IP in the vif config but I can''t figure out how
to coax
it into >1 IP like the for addr loop suggests. It always treats
"$ip" as one
entry and passes $addr as the whole IP string, not each IP.

Here''s an example:

vif = [ ''bridge=xenbr0,ip=a.b.c.25 a.b.c.26 a.b.c.27 a.b.c.28''
]

If I remove the ""''s around $ip then addr is passed
individual IPs from that list
and iptables is setup appropriately.

Is this the correct solution?

Thanks,



Adrian



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Xen users - Nov 2006 - vif-common.sh, antispoof and multiple ips w/ ip=

[Xen-users] vif-common.sh, antispoof and multiple ips w/ ip=