subject:"\[Qemu\-devel\] \[PATCH\] Slirp reverse UDP firewall"

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

2011-04-19 Thread Daisuke Nojiri

I'll take a look at libpcap and update the thread. Thanks, Avi. Dai On Sun, Apr 17, 2011 at 5:36 AM, Avi Kivity wrote: > On 04/14/2011 11:04 PM, Daisuke Nojiri wrote: > >> Hi, Avi, >> >> Complex and complete firewalling is probably out of my focus for now. I'm >> trying to introduce a simple re

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

2011-04-17 Thread Avi Kivity

On 04/14/2011 11:04 PM, Daisuke Nojiri wrote: Hi, Avi, Complex and complete firewalling is probably out of my focus for now. I'm trying to introduce a simple reverse firewall functionality which filters outgoing patckets based on only destination address and port. Since Qemu doesn't have any

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

2011-04-14 Thread Daisuke Nojiri

Hi, Avi, Complex and complete firewalling is probably out of my focus for now. I'm trying to introduce a simple reverse firewall functionality which filters outgoing patckets based on only destination address and port. Since Qemu doesn't have any reverse firewall currently, I believe this is a goo

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

2011-04-14 Thread Stefan Berger

On 04/12/2011 12:19 PM, Daisuke Nojiri wrote: This patch adds: -drop-udp, -allow-udp ADDR:PORT, -drop-log FILE e.g.) $ qemu -net user -drop-log qemu.drop -drop-udp -allow-udp 10.0.2.3:53 -drop-udp enables usermode firewall for out-going UDP packats from a guest. All U

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

2011-04-14 Thread Daisuke Nojiri

Hi, Blue, > I missed somehow 1/3, so I'll comment to this one. I updated 1/3 and pasted it below. The rest of the points you raised will be addressed in 2/3 and 3/3. > With the TCP firewall in mind, I'd use a more general syntax, > something like "deny=proto:udp". More complete rules would need

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

2011-04-14 Thread Avi Kivity

On 04/14/2011 04:48 PM, Avi Kivity wrote: Will we see a TCP firewall as well? Can we prepare for a more generic infrastructure, or what makes UDP special? If some generic firewall like BPF is available as a user library, perhaps we can integrate one instead of writing a new one from scratch.

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

2011-04-14 Thread Avi Kivity

On 04/12/2011 07:38 PM, Jan Kiszka wrote: On 2011-04-12 18:19, Daisuke Nojiri wrote: > This patch adds: -drop-udp, -allow-udp ADDR:PORT, -drop-log FILE > >e.g.) $ qemu -net user -drop-log qemu.drop -drop-udp -allow-udp > 10.0.2.3:53 No more stand-alone slirp arguments please. That syntax b

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

2011-04-13 Thread Blue Swirl

On Tue, Apr 12, 2011 at 7:19 PM, Daisuke Nojiri wrote: > This patch adds: -drop-udp, -allow-udp ADDR:PORT, -drop-log FILE > e.g.) $ qemu -net user -drop-log qemu.drop -drop-udp -allow-udp > 10.0.2.3:53 > -drop-udp enables usermode firewall for out-going UDP packats from a guest. > All UDP packet

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

2011-04-13 Thread Daisuke Nojiri

Thanks, Jan. I split my patch into three and started a new thread. I also put all options in -net user. Yes, TCP firewall is coming. You'll see some of the added functions will be shared. Dai On Tue, Apr 12, 2011 at 9:38 AM, Jan Kiszka wrote: > On 2011-04-12 18:19, Daisuke Nojiri wrote: > > Thi

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

2011-04-12 Thread Jan Kiszka

On 2011-04-12 18:19, Daisuke Nojiri wrote: > This patch adds: -drop-udp, -allow-udp ADDR:PORT, -drop-log FILE > > e.g.) $ qemu -net user -drop-log qemu.drop -drop-udp -allow-udp > 10.0.2.3:53 No more stand-alone slirp arguments please. That syntax breaks when instantiating >1 back-ends. > > -

[Qemu-devel] [PATCH] Slirp reverse UDP firewall

2011-04-12 Thread Daisuke Nojiri

This patch adds: -drop-udp, -allow-udp ADDR:PORT, -drop-log FILE e.g.) $ qemu -net user -drop-log qemu.drop -drop-udp -allow-udp 10.0.2.3:53 -drop-udp enables usermode firewall for out-going UDP packats from a guest. All UDP packets except ones allowed by -allow-udp will be dropped. Dropped pac

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

Re: [Qemu-devel] [PATCH] Slirp reverse UDP firewall

[Qemu-devel] [PATCH] Slirp reverse UDP firewall

11 matches

Site Navigation

Mail list logo

Footer information