Kai Schaetzl wrote: > What's best practice on Dom-0, what do you do? Can I restrict the > forwarding, in which way? I use vmware, not XEN, but I think everything is the same, as if you have physical machines. I use shorewall everywhere and find it great. http://shorewall.net rpms: http://www.invoca.ch/pub/packages/shorewall/ HTH -- Sincerely, John Thomas