Re: [Fwbuilder-discussion] physical device rules?
Brought to you by:
mikehorn
Menu
▾
▴
Re: [Fwbuilder-discussion] physical device rules?
|
From: <va...@vk...> - 2006-04-04 04:49:10
|
On Apr 3, 2006, at 3:58 PM, Steve Wray wrote: > I'm going to have to implement firewalling on xen hosts (in domain > 0) and will apparently need to use rules something like these: > > iptables -A FORWARD -m physdev --physdev-in eth0 --physdev-out'!' > eth0 -j ACCEPT > iptables -A FORWARD -m physdev --physdev-out eth0 --physdev-in'!' > eth0 -j ACCEPT > > > Can this sort of thing be done in fwbuilder? If so... pointers > please :) > this is not supported in 2.0.10 but I've implemented support for this module in 2.1, although even there fwbuilder can't generate combination "--physdev-in eth0 --physdev-out ! eth0". It can do either --physdev-in or --physdev-out --vk |