From f3564094df33f10f1d09cc8252d7fc8b2b83ad09 Mon Sep 17 00:00:00 2001 From: Bill Nottingham Date: Feb 02 2006 22:24:14 +0000 Subject: *docs* Disable iptables/ip6tables/arptables for bridged packets when we bring up a xen bridge. (#177794) You can still restrict access to dom0 from domU via the normal IP-based mechanisms, and all packets are passed to domU for domU to filter. Now, if you want to have dom0 firewalling domU, or you want to actually do filtering on the bridge based on specific bridge ports (with the physdev module), you'll have to turn this back on. But in those cases, you're almost certainly writing your own firewall rules by hand anyways. --- diff --git a/xen.spec b/xen.spec index a86655a..344162c 100644 --- a/xen.spec +++ b/xen.spec @@ -5,7 +5,7 @@ Summary: Xen is a virtual machine monitor Name: xen Version: 3.0 -Release: 0.20060130.fc5.2 +Release: 0.20060130.fc5.3 Group: Development/Libraries License: GPL URL: http://www.cl.cam.ac.uk/Research/SRG/netos/xen/index.html @@ -17,6 +17,7 @@ Patch1: xen-initscript.patch Patch3: xen-dom0-minmem.patch Patch4: xen-compile-fixes.patch Patch5: xen-default-network.patch +Patch6: xen-network-iptables-bridge.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: transfig libidn-devel zlib-devel texi2html SDL-devel curl-devel BuildRequires: libX11-devel python-devel ghostscript tetex-latex @@ -48,6 +49,7 @@ or makes fun of you in front of your friends. %patch3 -p1 -b .mem-min %patch4 -p1 -b .compile %patch5 -p1 +%patch6 -p1 cp %{SOURCE2} . @@ -142,7 +144,12 @@ rm -rf $RPM_BUILD_ROOT %dir %{_localstatedir}/run/xenstored %changelog -* Tue Jan 31 2006 Bill Nottinghham 3.0-0.20060130.fc5.2 +* Thu Feb 2 2006 Bill Nottingham 3.0-0.20060130.fc5.3 +- disable iptables/ip6tables/arptables on bridging when bringing up a + Xen bridge. If complicated filtering is needed that uses this, custom + firewalls will be needed. (#177794) + +* Tue Jan 31 2006 Bill Nottingham 3.0-0.20060130.fc5.2 - use the default network device, don't hardcode eth0 * Tue Jan 31 2006 - 3.0-0.20060130.fc5.1