[CentOS-virt] firewall best practice on dom-0

[Kai Schaetzl]

I took over a custom firewall script from my older Suse machines to my 
Dom-Us and it works just fine. Doing the same for Dom-0 immediately killed 
all traffic for the VMs. As there was no need before I had been dropping 
everything on the FORWARD chain. After ACCEPTing all for FORWARD my VMs 
are happy again.
What's best practice on Dom-0, what do you do? Can I restrict the 
forwarding, in which way?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com