Package: xen-utils-common
Followup-For: Bug #430778
Here's a patch I made to have working rules here... feel free to comment/adapt.
Hope this helps
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-4-xen-686 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages xen-utils-common depends on:
ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip
ii udev 0.105-4 /dev/ and hotplug management daemo
xen-utils-common recommends no packages.
-- no debconf information
--- vif-common.sh.orig 2007-06-27 14:11:32.000000000 +0200
+++ vif-common.sh 2007-06-27 13:38:14.000000000 +0200
@@ -81,6 +81,35 @@
If you are using iptables, this may affect networking for guest domains."
}
+function frob2_iptable()
+{
+ if [ "$command" == "online" ]
+ then
+ local c="-A"
+ else
+ local c="-D"
+ fi
+
+#iptables -F FORWARD
+# iptables -A FORWARD -d 192.168.2.100/32 -m state --state ESTABLISHED,RELATED
-j ACCEPT
+# iptables -A FORWARD -s 192.168.2.100/32 -j ACCEPT
+# iptables -A FORWARD -j LOG
+
+ iptables "$c" FORWARD -d "$@" -m state --state ESTABLISHED,RELATED -j ACCEPT
\
+ 2>/dev/null ||
+ [ "$c" == "-D" ] ||
+ log err \
+ "iptables $c FORWARD -d $@ -m state --state ESTABLISHED,RELATED -j ACCEPT
failed.
+If you are using iptables, this may affect networking for guest domains."
+
+ iptables "$c" FORWARD -s "$@" -j ACCEPT \
+ 2>/dev/null ||
+ [ "$c" == "-D" ] ||
+ log err \
+ "iptables $c FORWARD -s $@ -j ACCEPT failed.
+If you are using iptables, this may affect networking for guest domains."
+}
+
##
# Add or remove the appropriate entries in the iptables. With antispoofing
@@ -105,7 +134,8 @@
local addr
for addr in "$ip"
do
- frob_iptable -s "$addr"
+# frob_iptable -s "$addr"
+ frob2_iptable "$addr"
done
# Always allow the domain to talk to a DHCP server.
