[CentOS-virt] firewall best practice on dom-0

Kai Schaetzl maillists at conactive.com
Sun Jul 13 12:19:04 UTC 2008

I took over a custom firewall script from my older Suse machines to my 
Dom-Us and it works just fine. Doing the same for Dom-0 immediately killed 
all traffic for the VMs. As there was no need before I had been dropping 
everything on the FORWARD chain. After ACCEPTing all for FORWARD my VMs 
are happy again.
What's best practice on Dom-0, what do you do? Can I restrict the 
forwarding, in which way?


Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

More information about the CentOS-virt mailing list