Hi Everyone, My Dom0 has a bridge which has its physical NIC added to it. This physical nic is called peth0, and the bridge is called eth0 (fairly standard). I then launch a DomU, and its virtual interface (as seen by the Dom0) is fw0. I only wish to allow traffic from peth0 to fw0 (and vice-versa). The Dom0 has a default policy of: iptables -P FORWARD DROP To try and only allow the above traffic, I try and do: iptables -I FORWARD -m physdev --physdev-in peth0 --physdev-out fw0 -j ACCEPT iptables -I FORWARD -m physdev --physdev-in fw0 --physdev-out peth0 -j ACCEPT However those 2 rules don''t allow any traffic. The only way I can get it to work is via: iptables -I FORWARD -m physdev --physdev-in peth0 -j ACCEPT iptables -I FORWARD -m physdev --physdev-out peth0 -j ACCEPT iptables -I FORWARD -m physdev --physdev-in fw0 -j ACCEPT iptables -I FORWARD -m physdev --physdev-out fw0-j ACCEPT However those arn''t secure really Any help would be appreciated Thanks _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users