[CentOS-virt] Firewalling domU

Fri Jan 11 14:58:54 UTC 2008
Mindaugas <ml at kilimas.com>

  Hello,

  I think I saw this somewhere but cannot find it with google now.

  How to setup anti-spoofing firewall rules in dom0 so that domU could not change IP and try to get spoof other traffic?

  I could use physdev module of iptables but how to determine which vif belongs to which domU without too much scripting? Or parsing "xm list" and matching with some configuration file (like: domain1:192.168.1.10 domain2:192.168.1.22) is the way?
  Then how to automatically run the script after "xm create"?

  Thanks for the ideas. Question should be simple but I'm stuck here now. :)

  Mindaugas